| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner (Start des abgesicherten Modus nicht möglich)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.02.2013, 11:14
| #1 |
 |  GVU-Trojaner (Start des abgesicherten Modus nicht möglich) Hallo, der Thread-Titel sollte eigentlich alles erklären. Habe hier ein Notebook, das beim Hochfahren direkt durch die GVU-Warnung gesperrt wird. In den abgesicherten Modus komme ich gar nicht mehr rein. Einen Systemscan mit OTL habe ich bereits gemacht. Hier das erzeugte Log: Code:
ATTFilter OTL logfile created on: 2/5/2013 9:20:47 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
479.00 Mb Total Physical Memory | 250.00 Mb Available Physical Memory | 52.00% Memory free
383.00 Mb Paging File | 275.00 Mb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37.25 Gb Total Space | 17.45 Gb Free Space | 46.85% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Programme\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe -- (NAV)
SRV - [2005/04/03 17:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/06/19 16:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (EraserUtilRebootDrv)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2013/01/16 14:52:51 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20130128.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/16 14:52:45 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20130128.004\NAVENG.SYS -- (NAVENG)
DRV - [2012/10/23 18:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20130111.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/08/31 19:27:25 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20130122.001\IDSxpx86.sys -- (IDSxpx86)
DRV - [2012/08/09 13:49:25 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/11 13:50:53 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 20:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\NAV\1207010.003\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\WINDOWS\System32\Drivers\NAV\1207010.003\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\symds.sys -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\Ironx86.SYS -- (SymIRON)
DRV - [2008/04/18 09:12:23 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2004/08/30 11:36:24 | 000,637,713 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/09 22:27:18 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 16:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2004/07/20 13:16:00 | 000,393,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PRISMA00.sys -- (PRISM_A00)
DRV - [2004/02/24 05:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/02/20 23:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\bertram_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\bertram_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\bertram_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\bertram_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\bertram_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\bertram_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.abbasite.com/start/"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 445
FF - prefs.js..network.proxy.type: 1
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2012/02/11 08:31:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/19 13:45:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Programme\Mozilla Firefox\Components [2011/08/19 13:44:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Programme\Mozilla Firefox\Plugins [2011/08/19 13:46:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Programme\Mozilla Firefox\Components [2011/08/19 13:44:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Programme\Mozilla Firefox\Plugins [2011/08/19 13:46:38 | 000,000,000 | ---D | M]
[2008/08/17 03:18:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\bertram\Anwendungsdaten\mozilla\Firefox\Profiles\jfk1bdzk.default\extensions
[2011/08/14 04:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010/04/18 02:26:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/18 14:47:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/14 04:51:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2008/08/17 03:12:47 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Programme\Mozilla Firefox\extensions\realplayer@partners.mozilla.com
File not found (No name found) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2009/02/28 05:55:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/08/17 03:12:35 | 000,060,526 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\jar50.dll
[2008/08/17 03:12:37 | 000,049,256 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\jsd3250.dll
[2008/08/17 03:12:35 | 000,166,000 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\xpinstal.dll
[2011/05/03 21:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2008/08/17 03:12:44 | 000,000,680 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazon-de.png
[2008/08/17 03:12:45 | 000,000,804 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazon-de.src
[2008/08/17 03:12:44 | 000,000,210 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.gif
[2008/08/17 03:12:45 | 000,001,075 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.src
[2008/08/17 03:12:45 | 000,001,076 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google-de.gif
[2008/08/17 03:12:44 | 000,000,879 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google-de.src
[2008/08/17 03:12:45 | 000,000,232 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.png
[2008/08/17 03:12:44 | 000,001,157 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.src
[2008/08/17 03:12:45 | 000,000,088 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.gif
[2008/08/17 03:12:44 | 000,001,147 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.src
O1 HOSTS File: ([2006/01/30 14:51:18 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - Software - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\bertram_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\bertram_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\bertram_ON_C\..\Toolbar\WebBrowser: (no name) - {8D85C8A8-284B-46E5-AD8F-6EB5A4FAC059} - No CLSID value found.
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\bertram\Startmenü\Programme\Autostart\Internet Explorer.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\bertram_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} hxxp://www.symantec.com/techsupp/activedata/nprdtinf.cab (AxProdInfoCtl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101731106228 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.41 192.168.100.42
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - ( ) - (Registry value not found)
O20 - HKU\bertram_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\bertram_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\bertram\Anwendungsdaten\skype.dat) - C:\Dokumente und Einstellungen\bertram\Anwendungsdaten\skype.dat ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/20 16:05:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/31 05:45:30 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/02/01 06:46:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/01 06:46:27 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3859A61C-74AC-4F24-B01E-13A9637A9787}.job
[2013/02/01 06:46:23 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\bertram\Anwendungsdaten\skype.ini
[2013/02/01 06:45:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/01 06:44:40 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/01 06:44:38 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1607368633-1323500987-4146661464-1007.job
[2013/02/01 06:44:20 | 502,845,440 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/31 04:09:50 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/29 11:47:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/01/27 04:11:20 | 000,039,936 | ---- | M] () -- C:\Dokumente und Einstellungen\bertram\Eigene Dateien\Unterhaltskosten RS3 ab 08.2011.xlr
[2013/01/25 15:56:53 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1607368633-1323500987-4146661464-1007.job
[2013/01/25 11:15:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2013/01/25 10:19:00 | 000,393,086 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/01/25 10:19:00 | 000,382,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/25 10:19:00 | 000,053,770 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/25 10:18:59 | 000,064,848 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/01/09 17:11:48 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/28 15:43:41 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\bertram\Anwendungsdaten\skype.ini
[2012/06/11 13:43:01 | 000,000,288 | ---- | C] () -- C:\Dokumente und Einstellungen\bertram\Anwendungsdaten\.backup.dm
[2012/02/16 14:17:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/10/27 13:36:50 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\bertram\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/27 13:30:53 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/02/13 10:03:21 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/17 03:18:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/08/17 03:12:35 | 000,003,373 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/08/17 06:29:05 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\bertram\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/11 05:44:14 | 000,936,704 | ---- | C] () -- C:\WINDOWS\1301_766.exe
[2006/02/07 13:38:26 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2005/11/06 14:16:07 | 000,000,668 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/02/27 14:20:50 | 000,003,196 | ---- | C] () -- C:\WINDOWS\tm.ini
[2005/02/27 08:53:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/02/27 08:49:38 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2005/01/14 12:26:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/11/30 01:06:35 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/11/30 00:56:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/11/30 00:56:19 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/11/30 00:56:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/11/30 00:56:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/11/30 00:56:19 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/11/30 00:56:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/11/29 07:31:06 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\bertram\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2004/11/27 03:28:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2004/09/10 22:51:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/10 22:40:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/09/10 22:39:33 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/09/10 16:49:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/10 16:49:43 | 000,393,086 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/09/10 16:49:43 | 000,382,026 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/09/10 16:49:43 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/10 16:49:43 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/09/10 16:49:43 | 000,064,848 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/09/10 16:49:43 | 000,053,770 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/09/10 16:49:43 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/09/10 16:49:43 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/10 16:49:42 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/10 16:49:42 | 000,001,052 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/10 16:49:40 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/09/10 16:49:38 | 000,058,368 | ---- | C] () -- C:\Dokumente und Einstellungen\bertram\Anwendungsdaten\skype.dat
[2004/09/10 16:49:37 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/09/10 16:49:24 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/10 16:49:24 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/10 16:49:10 | 000,146,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/10 16:49:07 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/10 16:49:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/10 16:49:01 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/09/10 16:43:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/10 16:43:56 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/09/10 16:43:56 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/10 16:43:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
========== LOP Check ==========
[2012/04/01 06:03:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\bertram\Anwendungsdaten\elsterformular
[2004/11/30 00:57:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\bertram\Anwendungsdaten\InterVideo
[2010/10/17 05:44:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\bertram\Anwendungsdaten\Leadertech
[2004/11/27 09:55:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\bertram\Anwendungsdaten\Template
[2010/11/26 14:33:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\bertram\Anwendungsdaten\Tific
[2008/04/30 08:08:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\bertram\Anwendungsdaten\TuneUp Software
[2011/03/28 13:56:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular
[2009/10/28 14:48:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings
[2004/11/29 13:03:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Prism
[2013/01/25 11:15:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2013/02/01 06:46:27 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3859A61C-74AC-4F24-B01E-13A9637A9787}.job
========== Purity Check ==========
< End of report >
 MfG K2G |
| Themen zu GVU-Trojaner (Start des abgesicherten Modus nicht möglich) |
| .dll, abgesicherter modus läuft nicht, adobe, antivirus, avira, bho, canon, desktop, download, einstellungen, error, explorer, firefox, format, gesperrt, gvu-trojaner, kaspersky, log, logfile, nicht möglich, notebook, object, plug-in, port, realtek, registry, software, symantec, windows, windows xp |
Baum-Darstellung