Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner mit Webcam

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.06.2012, 10:56   #1
michaeldd
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam



Hallo zusammen,

ich habe mir vor zwei Tagen auch den GVU Trojaner eingefangen. Die gängigen Tools habe ich schon ausprobiert, gebracht haben sie aber nichts.

Der Sperrbildschirm ist auch nicht exakt der Gleiche, wie man ihn in der Galerie auf bka.trojaner.de findet (GVU 2.04), zusätzlich schaltet sich nämlich meine Webcam an meinem Laptop an. Dieser "Film" ist dann oben rechts im Sperrbildschirm zu sehen.

Auf meinem PC ist Vista installiert.

Vielleicht hilft das weiter:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/15/2012 12:40:24 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275.41 Gb Total Space | 145.37 Gb Free Space | 52.78% Space Free | Partition Type: NTFS
Drive D: | 22.66 Gb Total Space | 6.04 Gb Free Space | 26.63% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/05/24 09:23:28 | 000,185,856 | ---- | M] () [Auto] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012/05/10 10:57:11 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/05 09:09:13 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2008/10/24 11:35:44 | 000,128,296 | ---- | M] () [Auto] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 09:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/09/11 09:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2011/10/26 21:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/10/26 21:25:54 | 000,078,136 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2010/03/16 20:01:53 | 011,597,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/10 05:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/03/12 21:36:42 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/08/30 14:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007/08/28 09:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/06/25 07:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/06/01 04:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007/05/25 03:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/05/25 03:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2005/11/02 04:54:44 | 000,011,596 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\copperhd.sys -- (UsbFltr)
DRV - [2003/04/28 05:27:06 | 000,009,867 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Michael_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\Michael_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Michael_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb161?a=6R8vNetw7h&i=26
IE - HKU\Michael_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Michael_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Michael_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Michael_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2105: C:\Program Files\VistaCodecPack\rm\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\VistaCodecPack\rm\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: 
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/12 13:14:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/10 10:57:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/09 04:30:18 | 000,000,000 | ---D | M]
 
[2012/05/10 10:57:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/10 10:57:11 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/16 03:44:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/09 04:30:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/04/09 04:30:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/09 04:30:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/04/09 04:30:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/09 04:30:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/09 04:30:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/05/06 11:38:57 | 000,000,989 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Michael_ON_C..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/14 14:15:32 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/06/12 13:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com
[2012/06/12 13:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012/05/30 11:55:09 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Mai2012
[2009/08/12 15:14:00 | 000,630,784 | ---- | C] ( ) -- C:\Windows\System32\softcoin.dll
[2009/08/12 15:14:00 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\gencoin.dll
[2008/07/25 03:00:57 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/15 05:26:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/15 05:26:02 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012/06/15 05:22:15 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/06/15 05:22:15 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/15 05:22:15 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/06/15 05:22:15 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/15 05:10:29 | 000,171,573 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/06/15 05:10:29 | 000,171,573 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/06/15 05:09:58 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/06/15 05:09:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 05:09:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 05:09:20 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/13 12:09:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/13 11:54:49 | 000,001,722 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/06/12 13:14:30 | 000,000,448 | ---- | M] () -- C:\user.js
[2012/06/10 14:22:44 | 004,281,982 | ---- | M] () -- C:\Users\Michael\Desktop\Flo Rida - Whistle.mp3
[2012/05/25 06:50:37 | 004,621,443 | ---- | M] () -- C:\Users\Michael\Desktop\Dj next - Hit Summer 2010 (Dj FastBass Remix).mp3
[2012/05/21 06:48:03 | 054,982,428 | ---- | M] () -- C:\Users\Michael\Desktop\WEEKENDMIX-18052012.mp3
 
========== Files Created - No Company Name ==========
 
[2012/06/15 05:09:20 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/13 11:54:49 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012/06/13 11:54:49 | 000,001,722 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/06/12 13:14:29 | 000,000,448 | ---- | C] () -- C:\user.js
[2012/06/10 14:22:25 | 004,281,982 | ---- | C] () -- C:\Users\Michael\Desktop\Flo Rida - Whistle.mp3
[2012/05/25 06:50:10 | 004,621,443 | ---- | C] () -- C:\Users\Michael\Desktop\Dj next - Hit Summer 2010 (Dj FastBass Remix).mp3
[2012/05/21 06:46:13 | 054,982,428 | ---- | C] () -- C:\Users\Michael\Desktop\WEEKENDMIX-18052012.mp3
[2012/05/09 13:02:25 | 000,000,846 | ---- | C] () -- C:\Users\Michael\AppData\Local\recently-used.xbel
[2011/10/31 06:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/10/31 06:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/10/31 06:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/10/31 06:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/10/31 06:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2009/10/21 04:50:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/21 04:50:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/21 04:49:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/13 07:05:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/20 13:49:49 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/02/20 13:49:49 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/02/20 13:49:48 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/02/20 13:49:48 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/02/20 13:49:48 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/02/20 13:49:48 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/02/20 13:49:48 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/02/20 13:49:48 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/02/20 13:49:48 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/02/20 13:49:48 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/02/20 13:49:48 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/02/20 13:49:48 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/02/20 13:49:48 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/02/20 13:49:48 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/02/20 13:49:48 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/02/20 13:49:48 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/02/20 13:49:48 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/02/20 13:49:48 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/02/20 13:49:48 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/02/20 13:46:44 | 000,000,025 | ---- | C] () -- C:\Windows\CDESX100DEFGIPS.ini
[2009/01/07 18:16:17 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/01/07 18:04:02 | 000,005,073 | ---- | C] () -- C:\ProgramData\nmpmeswb.lkq
[2008/11/04 16:31:54 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2008/11/04 16:30:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008/11/04 16:30:26 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008/10/29 14:47:22 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2008/10/15 08:01:01 | 000,000,128 | ---- | C] () -- C:\Users\Michael\AppData\default.pls
[2008/10/07 15:32:08 | 000,171,573 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/10/07 15:32:05 | 000,171,573 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/10/01 15:32:36 | 000,000,224 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Default.PLS
[2008/09/19 09:25:30 | 000,035,840 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/19 08:46:05 | 000,000,124 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\wklnhst.dat
[2008/07/25 03:00:57 | 001,753,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/07/25 03:00:57 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/07/25 03:00:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/07/17 07:56:03 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/07/17 07:56:03 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/07/17 07:56:03 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/07/17 07:56:03 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/07/17 05:54:02 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008/07/17 03:35:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/07/17 02:04:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008/07/14 05:32:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/12/10 03:00:00 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2007/03/12 12:41:22 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,393,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/01 15:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/11/01 15:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2002/09/17 19:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[2001/08/06 23:16:34 | 000,045,056 | ---- | C] () -- C:\Windows\OTS_UI.EXE
 
========== LOP Check ==========
 
[2008/12/07 14:39:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AlcaTech
[2009/02/21 08:52:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Auslogics
[2012/03/28 14:51:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2011/03/27 10:14:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/06/21 09:37:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\EPSON
[2009/11/15 17:29:55 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FVZilla
[2008/09/25 16:42:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GlarySoft
[2010/10/14 13:38:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\iCopyExpert
[2009/12/16 06:24:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\IrfanView
[2012/04/16 06:09:54 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\JonDo
[2008/11/04 16:32:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\MAGIX
[2011/06/04 17:00:24 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PhotoScape
[2011/11/20 13:25:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Samsung
[2008/09/19 08:46:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Template
[2010/05/06 11:38:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ubisoft
[2011/02/11 15:22:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WindSolutions
[2011/12/28 05:29:01 | 000,000,000 | ---D | M] -- C:\ProgramData\AAV
[2008/09/19 07:40:31 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/09/19 07:40:31 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/02/20 13:49:30 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2008/09/19 07:40:31 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/07/17 08:52:51 | 000,000,000 | ---D | M] -- C:\ProgramData\fun communications
[2008/09/21 15:51:42 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2008/11/17 10:52:55 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2011/11/20 13:23:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/09/19 07:40:31 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010/09/23 10:36:18 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/05/06 11:38:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2009/02/20 13:54:13 | 000,000,000 | ---D | M] -- C:\ProgramData\UDL
[2008/07/17 09:49:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2008/09/19 07:40:31 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/02/11 15:22:50 | 000,000,000 | ---D | M] -- C:\ProgramData\WindSolutions
[2010/11/19 12:55:06 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/07/17 09:47:31 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2012/06/15 05:09:58 | 000,000,318 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/06/14 11:25:14 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A2947BEA
< End of report >
         
--- --- ---





Ich bedanke mich jetzt schonmal bei euch!

Bittebitte helft mir!

Alt 22.06.2012, 10:30   #2
Larusso
/// Selecta Jahrusso
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam



Hallo. Benötigst du immer noch Hilfe ? Sorry, wir sind hier derzeit etwas ausgelastet.
__________________

__________________

Alt 22.06.2012, 11:36   #3
Undertaker
/// Helfer-Team
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam



Hallo Daniel, das dürfte sich erledigt haben.

Zitat:
Russische Hacker knacken Ubisoft's Online-Kopierschutz. Crack für Assassin's Creed 2 veröffentlicht.
siehe O1

Gruß Volker
__________________
__________________

Antwort

Themen zu GVU Trojaner mit Webcam
adobe, alternate, autorun, bonjour, browser, defender, desktop, device driver, error, explorer, firefox, flash player, gvu trojaner mit webcam, helper, home, hotkey.sys, incredibar toolbar, kaspersky, launch, logfile, montera, mozilla, object, plug-in, realtek, registry, scan, software, sperrbildschirm, static, trojaner, usb, version=1.0, vista, webcam gvu trojaner



Ähnliche Themen: GVU Trojaner mit Webcam


  1. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  2. GVU - Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 23.12.2012 (23)
  3. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (1)
  4. GVU-Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (3)
  5. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (4)
  6. GVU Trojaner mit Webcam
    Log-Analyse und Auswertung - 11.11.2012 (3)
  7. GVU Trojaner mit Webcam
    Log-Analyse und Auswertung - 26.10.2012 (6)
  8. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 18.09.2012 (39)
  9. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (1)
  10. GVU-Trojaner mit Webcam
    Log-Analyse und Auswertung - 11.09.2012 (9)
  11. GVU Webcam Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (7)
  12. GVU-Trojaner mit Webcam
    Log-Analyse und Auswertung - 03.09.2012 (14)
  13. BSI Trojaner mit Webcam
    Log-Analyse und Auswertung - 21.08.2012 (16)
  14. GVU Trojaner + Webcam
    Log-Analyse und Auswertung - 16.08.2012 (8)
  15. GVU Trojaner mit webcam
    Log-Analyse und Auswertung - 13.08.2012 (24)
  16. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (11)
  17. Webcam trojaner?
    Mülltonne - 12.02.2008 (0)

Zum Thema GVU Trojaner mit Webcam - Hallo zusammen, ich habe mir vor zwei Tagen auch den GVU Trojaner eingefangen. Die gängigen Tools habe ich schon ausprobiert, gebracht haben sie aber nichts. Der Sperrbildschirm ist auch nicht - GVU Trojaner mit Webcam...
Archiv
Du betrachtest: GVU Trojaner mit Webcam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.