| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner , Win7 , abgesicherte Modus geht nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.04.2013, 15:55
| #1 |
| |  GVU-Trojaner , Win7 , abgesicherte Modus geht nicht Hallo, ich brauche dringend hilfe da mein Laptop vom GVU-Trojaner befallen ist. Ich habe schon OTLPE by OldTimer Scannen lassen. ich hoffe mir kann schnell geholfen werden denn diesen Laptop brauche ich auch geschäftlich... OTLPE - ErgebnisOTL Logfile: Code:
ATTFilter OTL logfile created on: 4/26/2013 6:45:21 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE 64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86) Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS Drive D: | 231.70 Gb Total Space | 174.69 Gb Free Space | 75.40% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt) SRV - [2013/03/13 08:40:51 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/10/03 09:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand] -- D:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012/06/01 11:37:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/10 13:21:22 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto] -- D:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe -- (AVP) SRV - [2012/02/10 06:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand] -- D:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/02/10 06:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto] -- D:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc) SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/04 14:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/06/28 10:32:34 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System] -- D:\Windows\System32\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012/06/27 09:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012/06/11 08:17:44 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2012/06/11 08:17:44 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012/06/11 08:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012/06/11 08:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011/03/10 12:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- D:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011/03/04 07:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- D:\Windows\System32\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011/03/04 07:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- D:\Windows\System32\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/20 06:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010/04/26 11:39:55 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010/04/26 11:26:25 | 000,260,216 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2010/04/26 11:24:41 | 007,342,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/12/01 11:37:28 | 001,270,896 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV:64bit: - [2009/11/02 14:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- D:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/05/19 08:43:32 | 000,026,128 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\NetworkService_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Papa_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\Papa_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\Papa_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\Papa_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\Papa_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 8E CD 53 1F 6F CD 01 [binary data] IE - HKU\Papa_ON_D\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\Papa_ON_D\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\Papa_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT3241949.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_home" FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_6_602_180.dll () FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: D:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: D:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nokia.com/EnablerPlugin: D:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru [2012/06/28 11:12:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\linkfilter@kaspersky.ru [2012/06/28 11:11:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\KavAntiBanner@Kaspersky.ru [2012/06/28 11:11:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/31 09:16:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/27 09:48:48 | 000,000,000 | ---D | M] [2010/12/15 18:34:01 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Papa\AppData\Roaming\Mozilla\Extensions [2013/04/16 05:02:20 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions [2013/04/16 05:02:20 | 000,000,000 | ---D | M] (FileConverter 1.3) -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee} [2012/06/29 03:45:40 | 000,000,853 | ---- | M] () -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\searchplugins\11-suche.xml [2012/06/29 03:45:40 | 000,002,209 | ---- | M] () -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\searchplugins\englische-ergebnisse.xml [2012/12/31 10:03:51 | 000,001,064 | ---- | M] () -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\searchplugins\fileconverter-13-customized-web-search.xml [2012/06/29 03:45:40 | 000,010,506 | ---- | M] () -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\searchplugins\gmx-suche.xml [2012/06/29 03:45:40 | 000,002,368 | ---- | M] () -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\searchplugins\lastminute.xml [2012/06/29 03:45:40 | 000,005,489 | ---- | M] () -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\searchplugins\webde-suche.xml [2011/01/08 14:39:13 | 000,002,057 | ---- | M] () -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\searchplugins\youtube-videosuche.xml [2012/10/23 11:19:24 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/23 11:19:24 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012/06/28 10:34:56 | 000,000,000 | ---D | M] (Anti-Banner) -- D:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2012/06/28 10:34:45 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- D:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2012/07/31 09:16:06 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\distribution\extensions [2012/07/31 09:16:06 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- D:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@web.de File not found (No name found) -- () (No name found) -- D:\USERS\PAPA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8YGWDA3K.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012/06/01 11:38:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/01 12:33:00 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/06/01 12:33:00 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/01 12:33:00 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/06/01 12:33:00 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/01 12:33:00 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/01 12:33:00 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - D:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - D:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - D:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - D:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKU\Papa_ON_D\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - D:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVP] D:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO) O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\Papa_ON_D..\Run: [] File not found O4 - HKU\Papa_ON_D..\Run: [NokiaSuite.exe] D:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\ie_banner_deny.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO) O13:64bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15:64bit: - Papa_ON_D\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15:64bit: - Papa_ON_D\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\Papa_ON_D Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKU\Papa_ON_D Winlogon: Shell - (C:\Users\Papa\AppData\Roaming\skype.dat) - D:\Users\Papa\AppData\Roaming\skype.dat () O20:64bit: - Winlogon\Notify\klogon: DllName - %SystemRoot%\System32\klogon.dll - D:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013/04/16 09:48:35 | 000,000,000 | ---D | C] -- D:\Users\Papa\Desktop\Unfallschaden Albach-Lammas [2013/04/10 12:34:45 | 000,000,000 | ---D | C] -- D:\f03381205d1c8bcd09 [2013/04/10 06:22:23 | 003,717,632 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mstscax.dll [2013/04/10 06:22:22 | 003,217,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mstscax.dll [2013/04/10 06:22:21 | 000,158,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\aaclient.dll [2013/04/10 06:22:21 | 000,131,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\aaclient.dll [2013/04/10 06:22:20 | 000,044,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tsgqec.dll [2013/04/10 06:22:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\tsgqec.dll [2013/04/10 06:19:53 | 000,735,232 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll [2013/04/10 06:19:49 | 000,627,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll [2013/04/10 06:19:37 | 000,247,808 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll [2013/04/10 06:19:36 | 000,097,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll [2013/04/10 06:19:35 | 000,134,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll [2013/04/10 06:19:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll [2013/04/10 06:19:34 | 000,132,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll [2013/04/10 06:19:33 | 000,067,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll [2013/04/10 06:18:53 | 005,550,424 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntoskrnl.exe [2013/04/10 06:18:52 | 003,913,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntoskrnl.exe [2013/04/10 06:18:51 | 003,968,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntkrnlpa.exe [2013/04/10 06:18:49 | 000,112,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\smss.exe [2013/04/10 06:18:49 | 000,043,520 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\csrsrv.dll [2013/04/10 06:18:48 | 000,006,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\apisetschema.dll [2011/04/07 14:56:27 | 001,224,704 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkserv.dll [2011/04/07 14:56:27 | 000,991,232 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkusb1.dll [2011/04/07 14:56:27 | 000,643,072 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkpmui.dll [2011/04/07 14:56:27 | 000,585,728 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbklmpm.dll [2011/04/07 14:56:27 | 000,413,696 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkinpa.dll [2011/04/07 14:56:27 | 000,397,312 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkiesc.dll [2011/04/07 14:56:27 | 000,180,904 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkppls.exe [2011/04/07 14:56:27 | 000,163,840 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkprox.dll [2011/04/07 14:56:27 | 000,094,208 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkpplc.dll [2011/04/07 14:56:26 | 000,696,320 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkhbn3.dll [2011/04/07 14:56:26 | 000,684,032 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkcomc.dll [2011/04/07 14:56:26 | 000,537,256 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkcoms.exe [2011/04/07 14:56:26 | 000,421,888 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkcomm.dll [2011/04/07 14:56:26 | 000,385,704 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkih.exe [2011/04/07 14:56:26 | 000,381,608 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkcfg.exe [1 D:\Users\Papa\Desktop\*.tmp files -> D:\Users\Papa\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/04/25 15:07:07 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat [2013/04/25 15:07:04 | 000,000,004 | ---- | M] () -- D:\Users\Papa\AppData\Roaming\skype.ini [2013/04/25 14:58:43 | 000,015,104 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/25 14:58:43 | 000,015,104 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/25 14:50:58 | 1579,626,496 | -HS- | M] () -- D:\hiberfil.sys [2013/04/25 10:49:13 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job [2013/04/16 09:50:38 | 000,654,400 | ---- | M] () -- D:\Windows\System32\perfh007.dat [2013/04/16 09:50:38 | 000,616,242 | ---- | M] () -- D:\Windows\System32\perfh009.dat [2013/04/16 09:50:38 | 000,130,240 | ---- | M] () -- D:\Windows\System32\perfc007.dat [2013/04/16 09:50:38 | 000,106,622 | ---- | M] () -- D:\Windows\System32\perfc009.dat [2013/04/11 05:24:05 | 000,416,312 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT [1 D:\Users\Papa\Desktop\*.tmp files -> D:\Users\Papa\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/04/25 09:17:30 | 000,000,004 | ---- | C] () -- D:\Users\Papa\AppData\Roaming\skype.ini [2013/02/25 16:28:37 | 000,000,057 | ---- | C] () -- D:\ProgramData\Ament.ini [2012/10/13 07:37:58 | 000,005,632 | ---- | C] () -- D:\Users\Papa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/28 10:37:46 | 000,017,408 | ---- | C] () -- D:\Users\Papa\AppData\Local\WebpageIcons.db [2012/01/12 06:30:57 | 000,058,880 | ---- | C] () -- D:\Users\Papa\AppData\Roaming\skype.dat [2011/07/02 10:51:58 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll [2011/04/07 14:56:27 | 000,413,696 | ---- | C] () -- D:\Windows\SysWow64\lxbkutil.dll [2011/04/07 14:56:27 | 000,274,432 | ---- | C] () -- D:\Windows\SysWow64\LXBKinst.dll [2010/12/16 18:56:05 | 000,057,344 | ---- | C] () -- D:\Windows\AsfHelper.dll [2010/12/15 18:15:07 | 000,015,190 | ---- | C] () -- D:\Windows\M3000Twn.ini [2010/12/15 18:06:59 | 000,982,220 | ---- | C] () -- D:\Windows\SysWow64\igkrng500.bin [2010/12/15 18:06:59 | 000,439,300 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng500.bin [2010/12/15 18:06:59 | 000,134,592 | ---- | C] () -- D:\Windows\SysWow64\igfcg500.bin [2010/12/15 18:06:59 | 000,092,216 | ---- | C] () -- D:\Windows\SysWow64\igfcg500m.bin [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2010/12/15 15:35:19 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data [2011/01/03 09:18:46 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonBJ [2011/01/03 10:31:36 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJEGV [2012/01/07 08:29:23 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJFax [2011/01/03 10:01:14 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJScan [2010/12/15 18:08:41 | 000,000,000 | ---D | M] -- D:\ProgramData\Conexant [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents [2010/12/15 15:35:19 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente [2011/01/14 07:46:15 | 000,000,000 | ---D | M] -- D:\ProgramData\DVSE GmbH [2010/12/16 18:56:05 | 000,000,000 | ---D | M] -- D:\ProgramData\EasyCapture [2010/12/15 15:35:19 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites [2012/10/27 08:59:56 | 000,000,000 | ---D | M] -- D:\ProgramData\Nokia [2012/10/27 08:54:37 | 000,000,000 | ---D | M] -- D:\ProgramData\NokiaInstallerCache [2012/04/20 06:13:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Omitec [2012/10/27 09:04:06 | 000,000,000 | ---D | M] -- D:\ProgramData\PC Suite [2012/04/20 06:13:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Protect [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu [2010/12/15 15:35:19 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates [2010/12/15 15:35:19 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen [2013/04/13 04:41:10 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
| Themen zu GVU-Trojaner , Win7 , abgesicherte Modus geht nicht |
| abgesicherte, befallen, bingbar, brauche, dringend, geholfen, geht nicht, gvu-trojaner, hoffe, intranet, laptop, modus, oldtimer, otlpe, plug-in, scan, scanne, scannen, schnell, win, win7 |
Baum-Darstellung