| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Neuer GVU Trojaner lässt sich nicht entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.11.2014, 00:58
| #1 |
| |  Neuer GVU Trojaner lässt sich nicht entfernen Hallo, ich komme weder in den abges. Modus noch kann windowsunlocker oder Kaspersky R-.Disk das Teil entfernen. OTL Scan Log: Code:
ATTFilter OTL logfile created on: 11/12/2014 12:52:33 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.43 Mb Free Space | 75.43% Space Free | Partition Type: NTFS
Drive D: | 59.80 Gb Total Space | 34.45 Gb Free Space | 57.61% Space Free | Partition Type: NTFS
Drive E: | 232.79 Gb Total Space | 194.97 Gb Free Space | 83.76% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2014/09/18 20:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/15 08:13:17 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/11/09 17:17:52 | 000,332,288 | ---- | M] () [Auto] -- E:\ProgramData\D64FB17A.dot -- (Winmgmt)
SRV - [2014/11/09 12:15:56 | 000,090,696 | ---- | M] (Mindspark) [Auto] -- E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hbarsvc.exe -- (Allin1Convert_8hService)
SRV - [2014/09/25 09:32:51 | 000,090,696 | ---- | M] (Mindspark) [Auto] -- E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe -- (MapsGalaxy_39Service)
SRV - [2014/09/24 15:35:46 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/27 02:03:44 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/09/11 09:54:32 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/01/15 08:19:22 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2014/01/15 08:19:22 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/07/02 04:04:36 | 000,582,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/07/02 04:04:36 | 000,027,120 | ---- | M] (Intel Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/10/26 08:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/01 16:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007/08/08 10:39:46 | 000,060,928 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\System32\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/07/27 12:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\System32\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 13:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto] -- E:\Windows\System32\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/10 19:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2013/11/21 03:22:08 | 000,115,448 | ---- | M] (EZB Systems, Inc.) [File_System | System] -- E:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\User_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.tb.ask.com/index.jhtml?n=780CE4C6&p2=^AYY^xdm070^S11124^de&ptb=767D62C9-C914-4C1A-8D00-43A186B33D93&si=flvrunner
IE - HKU\User_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
IE - HKU\User_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\User_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E F9 16 EB 2A 8E CF 01 [binary data]
IE - HKU\User_ON_E\..\URLSearchHook: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - Reg Error: Key error. File not found
IE - HKU\User_ON_E\..\URLSearchHook: {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - Reg Error: Key error. File not found
IE - HKU\User_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: E:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Toolbar BHO) - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (Mindspark)
O2 - BHO: (Search Assistant BHO) - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (Mindspark)
O2 - BHO: (Search Assistant BHO) - {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} - E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hSrcAs.dll (Mindspark)
O2 - BHO: (Toolbar BHO) - {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} - E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hbar.dll (Mindspark)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MapsGalaxy) - {364ea597-e728-4ce4-bb4a-ed846ef47970} - E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (Mindspark)
O3 - HKLM\..\Toolbar: (Allin1Convert) - {cd1a63ba-a08c-431b-9a34-f240aadc728d} - E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hbar.dll (Mindspark)
O3:64bit: - HKU\User_ON_E\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\User_ON_E\..\Toolbar\WebBrowser: (MapsGalaxy) - {364EA597-E728-4CE4-BB4A-ED846EF47970} - E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (Mindspark)
O3 - HKU\User_ON_E\..\Toolbar\WebBrowser: (Allin1Convert) - {CD1A63BA-A08C-431B-9A34-F240AADC728D} - E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hbar.dll (Mindspark)
O4:64bit: - HKLM..\Run: [SMSERIAL] E:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Allin1Convert AppIntegrator 32-bit] E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\APPINTEGRATOR.EXE (Mindspark)
O4 - HKLM..\Run: [Allin1Convert AppIntegrator 64-bit] E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\AppIntegrator64.exe (Mindspark)
O4 - HKLM..\Run: [Allin1Convert EPM Support] E:\Program Files (x86)\Allin1Convert_8h\bar\2.bin\8hmedint.exe (Mindspark)
O4 - HKLM..\Run: [Allin1Convert Search Scope Monitor] File not found
O4 - HKLM..\Run: [MapsGalaxy AppIntegrator 32-bit] E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\APPINTEGRATOR.EXE (Mindspark)
O4 - HKLM..\Run: [MapsGalaxy AppIntegrator 64-bit] E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe (Mindspark)
O4 - HKLM..\Run: [MapsGalaxy EPM Support] E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39medint.exe (Mindspark)
O4 - HKLM..\Run: [MapsGalaxy Search Scope Monitor] E:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe (Mindspark)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\User_ON_E..\Run: [HP Officejet 4620 series (NET)] E:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] File not found
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [mctadmin] File not found
O4 - Startup: E:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk ()
O4 - Startup: E:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - E:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - E:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/12 04:19:48 | 000,000,122 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2014/11/11 13:10:08 | 000,000,000 | ---D | C] -- E:\ea8a29270e2f52870a2dd1
[2014/11/11 13:10:02 | 000,000,000 | ---D | C] -- E:\5af824b076ec7f925f8098
[2014/11/11 13:09:48 | 000,000,000 | ---D | C] -- E:\0edf65ee09773d8c030610813986e9
[2014/11/11 13:08:54 | 000,000,000 | ---D | C] -- E:\882c6f437331e26657
[2014/11/11 10:41:07 | 000,000,000 | ---D | C] -- E:\Kaspersky Rescue Disk 10.0
[2014/11/09 17:17:51 | 000,530,432 | ---- | C] (u890789ow3445t Corporation) -- E:\ProgramData\A71BF46D.cpp
[2014/10/31 06:09:34 | 000,000,000 | ---D | C] -- E:\Users\User\AppData\Roaming\Google
[2014/10/16 16:52:55 | 001,943,696 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dfshim.dll
[2014/10/16 16:52:55 | 001,131,664 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\dfshim.dll
[2014/10/16 16:52:55 | 000,156,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mscorier.dll
[2014/10/16 16:52:55 | 000,156,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mscorier.dll
[2014/10/16 16:52:55 | 000,081,560 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mscories.dll
[2014/10/16 16:52:55 | 000,073,880 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mscories.dll
[2014/10/16 16:52:47 | 000,507,392 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\aepdu.dll
[2014/10/16 16:52:47 | 000,276,480 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\generaltel.dll
[2014/10/16 16:52:45 | 000,424,448 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\aeinv.dll
[2014/10/16 16:52:39 | 000,597,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\jscript9diag.dll
[2014/10/16 16:52:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mshtmled.dll
[2014/10/16 16:52:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieetwproxystub.dll
[2014/10/16 16:52:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iernonce.dll
[2014/10/16 16:52:38 | 000,710,656 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ie4uinit.exe
[2014/10/16 16:52:38 | 000,607,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msfeeds.dll
[2014/10/16 16:52:38 | 000,365,056 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\dxtmsft.dll
[2014/10/16 16:52:38 | 000,072,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/10/16 16:52:38 | 000,060,416 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/10/16 16:52:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieetwproxystub.dll
[2014/10/16 16:52:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iernonce.dll
[2014/10/16 16:52:36 | 002,017,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\inetcpl.cpl
[2014/10/16 16:52:36 | 000,061,952 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\iesetup.dll
[2014/10/16 16:52:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieetwcollectorres.dll
[2014/10/16 16:52:34 | 000,731,136 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2014/10/16 16:52:34 | 000,446,464 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dxtmsft.dll
[2014/10/16 16:52:34 | 000,440,320 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieui.dll
[2014/10/16 16:52:34 | 000,243,200 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\dxtrans.dll
[2014/10/16 16:52:34 | 000,111,616 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieetwcollector.exe
[2014/10/16 16:52:33 | 002,108,416 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2014/10/16 16:52:33 | 000,066,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\iesetup.dll
[2014/10/16 16:52:32 | 004,201,472 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\jscript9.dll
[2014/10/16 16:52:32 | 001,068,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mshtmlmedia.dll
[2014/10/16 16:52:32 | 000,678,400 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieapfltr.dll
[2014/10/16 16:52:32 | 000,112,128 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\ieUnatt.exe
[2014/10/16 16:52:31 | 000,289,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dxtrans.dll
[2014/10/16 16:52:31 | 000,164,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msrating.dll
[2014/10/16 16:52:31 | 000,061,952 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\MshtmlDac.dll
[2014/10/16 16:52:30 | 000,595,968 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2014/10/16 16:52:29 | 005,829,632 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2014/10/16 16:52:29 | 001,249,280 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtmlmedia.dll
[2014/10/16 16:52:29 | 000,758,272 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9diag.dll
[2014/10/16 16:52:29 | 000,139,264 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2014/10/16 16:52:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtmled.dll
[2014/10/16 16:52:28 | 000,775,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieapfltr.dll
[2014/10/16 16:52:28 | 000,547,328 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vbscript.dll
[2014/10/16 16:52:27 | 000,195,584 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msrating.dll
[2014/10/16 16:52:27 | 000,083,968 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MshtmlDac.dll
[2014/10/16 16:52:26 | 000,940,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\MsSpellCheckingFacility.exe
[2014/10/16 16:52:06 | 003,241,472 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msi.dll
[2014/10/16 16:52:05 | 002,363,904 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\msi.dll
[2014/10/16 16:51:55 | 000,424,448 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rastls.dll
[2014/10/16 16:51:55 | 000,372,736 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\rastls.dll
[2014/10/16 16:51:46 | 000,235,520 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winsta.dll
[2014/10/16 16:51:45 | 000,455,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winlogon.exe
[2014/10/16 16:51:45 | 000,157,696 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\winsta.dll
[2014/10/16 16:51:45 | 000,150,528 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\rdpcorekmts.dll
[2014/10/16 16:51:13 | 006,584,320 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mstscax.dll
[2014/10/16 16:51:12 | 005,703,168 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\mstscax.dll
[2014/10/16 16:51:11 | 000,077,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\packager.dll
[2014/10/16 16:51:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\packager.dll
========== Files - Modified Within 30 Days ==========
[2014/11/11 17:51:13 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2014/11/11 17:50:12 | 1609,375,744 | -HS- | M] () -- E:\hiberfil.sys
[2014/11/11 13:30:48 | 000,031,088 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/11 13:30:48 | 000,031,088 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/11 13:23:47 | 000,001,950 | ---- | M] () -- E:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk
[2014/11/11 13:23:35 | 000,001,106 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/09 17:35:17 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/09 17:17:52 | 000,332,288 | ---- | M] () -- E:\ProgramData\D64FB17A.dot
[2014/11/09 17:17:51 | 000,530,432 | ---- | M] (u890789ow3445t Corporation) -- E:\ProgramData\A71BF46D.cpp
[2014/11/09 17:17:51 | 000,000,810 | ---- | M] () -- E:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
[2014/11/09 17:17:02 | 000,001,110 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/08 05:45:07 | 000,697,694 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2014/11/08 05:45:07 | 000,654,244 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2014/11/08 05:45:07 | 000,147,718 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2014/11/08 05:45:07 | 000,121,310 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2014/10/17 00:34:48 | 000,408,392 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2014/11/09 17:17:52 | 000,332,288 | ---- | C] () -- E:\ProgramData\D64FB17A.dot
[2014/11/09 17:17:51 | 000,000,810 | ---- | C] () -- E:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
[2014/09/23 14:16:31 | 000,000,057 | ---- | C] () -- E:\ProgramData\Ament.ini
[2014/08/29 17:03:31 | 000,000,017 | ---- | C] () -- E:\Users\User\AppData\Local\resmon.resmoncfg
[2014/01/15 08:22:35 | 001,590,574 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/20 22:24:49 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2014/09/23 12:10:10 | 000,000,000 | ---D | M] -- E:\ProgramData\374311380
[2014/06/21 16:53:44 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2014/06/21 16:53:44 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2014/06/21 16:53:44 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2014/09/23 13:06:01 | 000,000,000 | ---D | M] -- E:\ProgramData\IePluginServices
[2014/07/28 16:41:59 | 000,000,000 | ---D | M] -- E:\ProgramData\Package Cache
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2014/06/21 16:53:44 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2014/09/23 07:50:59 | 000,000,000 | ---D | M] -- E:\ProgramData\Systweak
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2014/06/21 16:53:44 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2014/09/23 13:06:01 | 000,000,000 | ---D | M] -- E:\ProgramData\WindowsMangerProtect
[2014/10/31 05:17:57 | 000,032,632 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Jackson |
| Themen zu Neuer GVU Trojaner lässt sich nicht entfernen |
| adobe, adobe flash player, autorun, bho, defender, entfernen, error, explorer, explorer.exe, flash player, format, helper, kaspersky, log, logfile, microsoft, monitor, netzwerk, nvidia, officejet, realtek, registry, scan, software, trojaner, winlogon |
Baum-Darstellung