| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner - abgesicherter modus auch gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.01.2013, 20:50
| #1 |
| |  GVU Trojaner - abgesicherter modus auch gesperrt Hallo, habe den GVU Trojaner der auch den abgesicherten modus sperrt. Ich würde mich freuen wenn ihr mir helfen könntet da ich die daten auf meinem Pc noch benötige. Habe mit der OTLPE cd gestartet und den scan nach anleitung durchgeführt. Hier die olt.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 1/25/2013 8:06:11 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511.00 Mb Total Physical Memory | 313.00 Mb Available Physical Memory | 61.00% Memory free
459.00 Mb Paging File | 337.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39.06 Gb Total Space | 17.61 Gb Free Space | 45.07% Space Free | Partition Type: NTFS
Drive D: | 37.27 Gb Total Space | 34.21 Gb Free Space | 91.80% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2013/01/25 09:36:43 | 000,161,792 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Dokumente und Einstellungen\NEU\Lokale Einstellungen\Temp\jSAjBQj.exe -- (winmgmt)
SRV - [2012/09/22 07:09:04 | 001,737,728 | ---- | M] (Lavasoft Limited ) [Auto] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/11/08 05:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto] -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011/03/24 09:48:52 | 002,404,864 | ---- | M] (Deutsche Telekom AG) [Auto] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2010/03/17 04:35:14 | 002,103,296 | ---- | M] (AGFEO ) [Auto] -- C:\Programme\AGFEO\Tk-Suite\tkserver\tksock.exe -- (tksock)
SRV - [2001/02/23 04:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (NTACCESS)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/04/29 05:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/04/29 05:11:58 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/09/16 10:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/03/10 10:29:13 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/06/19 02:30:18 | 000,752,764 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/04/02 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/04/02 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002/12/26 22:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/07/02 11:20:51 | 000,070,382 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2002/07/02 11:20:51 | 000,006,030 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [2002/07/02 11:20:50 | 000,050,830 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2001/08/17 06:14:24 | 000,444,416 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase)
DRV - [2001/08/17 06:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [2001/08/10 00:00:00 | 000,003,252 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.2.1
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NEU_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\NEU_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Wilfried_Meyer_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www3.schnellstarten.de
IE - HKU\Wilfried_Meyer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Wilfried_Meyer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5: C:\Programme\Anti-Leech\ALNN\npalnn.dll (Icenet LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Programme\TelevisionFanaticEI\Installr\1.bin\NP64EISb.dll (TelevisionFanatic)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2006/06/23 07:29:16 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O3 - HKU\Wilfried_Meyer_ON_C\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EM_EXEC] C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HPAiODevice(hp officejet v series) - 5.lnk = C:\Programme\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Scanner Finder.lnk = C:\Programme\ScanWizard 5\ScannerFinder.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ulead Kalendar Checker 4.0 SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe (Ulead Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\NEU\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Wilfried Meyer\Startmenü\Programme\Autostart\ctfmon.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Wilfried Meyer\Startmenü\Programme\Autostart\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NEU_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Wilfried_Meyer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\NPJPI150_10.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll ()
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38056.2488425926 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_04-win.cab (Java Plug-in 1.3.1_04)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_01)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msencarta {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL ()
O18 - Protocol\Handler\msero {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\msero.dll ()
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msref {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/10 08:06:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/25 11:35:46 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\PrivacIE
[2013/01/17 08:59:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NEU\Anwendungsdaten\Real
[2013/01/09 17:28:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/25 11:36:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/25 11:35:10 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2013/01/25 11:35:06 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jQBjASj.pad
[2013/01/25 11:35:04 | 000,003,104 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jQBjASj.js
[2013/01/25 11:35:04 | 000,000,802 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk
[2013/01/25 11:29:50 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_NEU.job
[2013/01/25 09:39:49 | 000,000,802 | ---- | M] () -- C:\Dokumente und Einstellungen\Wilfried Meyer\Startmenü\Programme\Autostart\runctf.lnk
[2013/01/25 09:37:25 | 000,000,802 | ---- | M] () -- C:\Dokumente und Einstellungen\NEU\Startmenü\Programme\Autostart\runctf.lnk
[2013/01/25 03:04:01 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_NEU.job
[2013/01/25 02:07:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_NEU.job
[2013/01/23 03:13:46 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2013/01/23 03:13:46 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2013/01/23 03:04:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/17 08:59:28 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/01/09 17:30:17 | 000,448,898 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/01/09 17:30:17 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/09 17:30:17 | 000,080,338 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/01/09 17:30:17 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/09 17:23:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/06 00:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/25 11:35:03 | 000,000,802 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk
[2013/01/25 09:39:48 | 000,000,802 | ---- | C] () -- C:\Dokumente und Einstellungen\Wilfried Meyer\Startmenü\Programme\Autostart\runctf.lnk
[2013/01/25 09:37:25 | 000,003,104 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jQBjASj.js
[2013/01/25 09:37:23 | 000,000,802 | ---- | C] () -- C:\Dokumente und Einstellungen\NEU\Startmenü\Programme\Autostart\runctf.lnk
[2013/01/25 09:36:46 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jQBjASj.pad
[2013/01/18 03:02:01 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_NEU.job
[2013/01/18 03:01:38 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_NEU.job
[2013/01/18 03:01:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_NEU.job
[2012/09/07 07:56:03 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad
[2012/02/16 14:06:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/14 11:12:33 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/14 11:12:33 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/01/13 08:29:44 | 000,000,037 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/16 09:17:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2007/05/26 09:37:37 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/08/20 03:46:15 | 001,284,280 | ---- | C] () -- C:\WINDOWS\System32\XMNT2001.EXE
[2006/08/20 03:46:15 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS
[2006/06/23 07:33:24 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2005/12/21 10:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 10:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2005/07/18 07:51:26 | 000,000,069 | ---- | C] () -- C:\WINDOWS\morphexe.INI
[2005/02/15 14:40:01 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/11/19 09:55:38 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2004/11/19 09:53:22 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2004/11/19 09:53:21 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2004/11/15 12:18:04 | 000,000,617 | ---- | C] () -- C:\Dokumente und Einstellungen\Wilfried Meyer\plugin131_04.trace
[2004/06/07 06:13:22 | 000,000,059 | ---- | C] () -- C:\WINDOWS\tklcr.ini
[2004/03/31 02:34:18 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\W3MKDE.DLL
[2004/03/31 02:34:18 | 000,137,104 | ---- | C] () -- C:\WINDOWS\System32\BUTIL.EXE
[2004/03/31 02:34:18 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\W3DBSMGR.EXE
[2004/03/31 02:34:18 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\W3MKDERC.DLL
[2004/03/31 02:34:18 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\BTRBOX95.EXE
[2004/03/31 02:34:18 | 000,031,306 | ---- | C] () -- C:\WINDOWS\System32\BDOSSTUB.EXE
[2004/03/26 13:42:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpsspii.INI
[2004/03/26 13:41:34 | 000,000,169 | ---- | C] () -- C:\WINDOWS\HPothb07.INI
[2004/03/26 13:18:49 | 000,070,656 | ---- | C] () -- C:\Dokumente und Einstellungen\Wilfried Meyer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/03/26 13:18:22 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2004/03/26 07:33:23 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/03/24 11:50:57 | 000,177,093 | ---- | C] () -- C:\Dokumente und Einstellungen\Wilfried Meyer\~
[2004/03/24 10:57:37 | 000,000,508 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/24 10:42:16 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\pbtrn12.dll
[2004/03/24 10:37:38 | 000,006,855 | ---- | C] () -- C:\WINDOWS\Unwise32.ini
[2004/03/24 10:37:37 | 000,149,504 | ---- | C] () -- C:\WINDOWS\Unwise32.exe
[2004/03/24 10:37:33 | 000,000,215 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2004/03/24 10:37:33 | 000,000,071 | ---- | C] () -- C:\WINDOWS\DT.INI
[2004/03/24 08:32:42 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2004/03/10 10:30:04 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
[2004/03/10 10:28:28 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2004/03/10 08:47:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/10 08:39:20 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/03/10 08:36:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2004/03/10 08:08:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/03/10 08:04:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/03/10 07:58:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/03/10 07:57:07 | 000,180,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/02 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/04/02 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/04/02 07:00:00 | 000,448,898 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/04/02 07:00:00 | 000,432,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/02 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/04/02 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003/04/02 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/04/02 07:00:00 | 000,080,338 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/04/02 07:00:00 | 000,067,740 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/02 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/04/02 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003/04/02 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/04/02 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/04/02 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/04/02 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/08/21 06:44:06 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\clcd32.dll
[2000/08/21 06:44:06 | 000,006,784 | ---- | C] () -- C:\WINDOWS\System32\clcd16.dll
[2000/08/08 06:42:52 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
========== LOP Check ==========
[2010/07/14 08:00:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilfried Meyer\Anwendungsdaten\AGFEO
[2008/06/01 01:37:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilfried Meyer\Anwendungsdaten\AXPDefender
[2004/07/22 15:44:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilfried Meyer\Anwendungsdaten\ICQLite
[2004/03/24 09:16:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilfried Meyer\Anwendungsdaten\InterTrust
[2004/03/10 10:50:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilfried Meyer\Anwendungsdaten\InterVideo
[2011/10/14 02:58:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilfried Meyer\Anwendungsdaten\Jägermeister RadioPlayer
[2009/11/25 11:55:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilfried Meyer\Anwendungsdaten\phonostar-Player
[2004/11/19 10:07:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Wilfried Meyer\Anwendungsdaten\Ulead Systems
[2011/10/04 11:19:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2012/09/09 10:15:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Netzmanager
[2009/03/26 10:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarMoney 7.0
[2004/11/19 10:07:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011/10/04 11:52:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D423354A-E70D-49AC-B74E-9DB73BB8ACA3}
[2013/01/25 11:35:10 | 000,000,484 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2013/01/25 02:07:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\ReclaimerUpdateFiles_NEU.job
[2013/01/25 03:04:01 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\ReclaimerUpdateXML_NEU.job
[2013/01/25 11:29:50 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_NEU.job
========== Purity Check ==========
< End of report >
bitte um Hilfe und weiter anleitung zum enfernen des Trojaners |
| Themen zu GVU Trojaner - abgesicherter modus auch gesperrt |
| .dll, ad-aware, administrator, adobe, bho, browser, desktop, einstellungen, error, explorer, format, gesperrt, homepage, logfile, nvidia, object, officejet, plug-in, realtek, registry, rundll, scan, software, starmoney, temp, trojaner, windows, windows xp |
Baum-Darstellung