| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglichWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
31.12.2012, 12:14
| #1 |
 |  GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglich Moin, moin, diesmal hat der Fix geklappt. Was bedeuted das Kürzel, welches du angehängt hast? Fixlog von OTLpe Code:
ATTFilter ========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winmgmt deleted successfully.
C:\Dokumente und Einstellungen\*****\wgsdgsdgdsgsd.dll moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js moved successfully.
C:\Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart\runctf.lnk moved successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\runctf.lnk moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3230772 bytes
User: *****
->Temp folder emptied: 2114883928 bytes
->Temporary Internet Files folder emptied: 79460189 bytes
->FireFox cache emptied: 78229340 bytes
->Flash cache emptied: 5757779 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2753610 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5298720 bytes
Total Files Cleaned = 2,184.00 mb
OTLPE by OldTimer - Version 3.1.48.0 log created on 12312012_113022
OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.12.2012 12:03:29 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\*****\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 83,61% Memory free 5,32 Gb Paging File | 4,82 Gb Available in Paging File | 90,51% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 46,60 Gb Total Space | 33,72 Gb Free Space | 72,37% Space Free | Partition Type: NTFS Drive D: | 3,03 Gb Total Space | 3,02 Gb Free Space | 99,46% Space Free | Partition Type: NTFS Drive E: | 104,40 Gb Total Space | 100,57 Gb Free Space | 96,34% Space Free | Partition Type: NTFS Drive F: | 507,81 Gb Total Space | 50,81 Gb Free Space | 10,00% Space Free | Partition Type: NTFS Drive G: | 1005,85 Gb Total Space | 849,86 Gb Free Space | 84,49% Space Free | Partition Type: NTFS Drive H: | 195,32 Gb Total Space | 195,25 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Drive K: | 14,81 Gb Total Space | 14,81 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: T-14D6CA48631E4 | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.31 11:31:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*****\Desktop\OTL.exe PRC - [2012.11.01 18:56:20 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2012.09.24 23:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.09.10 09:17:48 | 000,436,728 | ---- | M] (TomTom) -- C:\Programme\MyTomTom 3\MyTomTomSA.exe PRC - [2012.08.08 17:11:10 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Tools\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Tools\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Tools\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Tools\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.02.10 05:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- E:\Office\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- E:\Office\program\soffice.bin PRC - [2010.11.17 02:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.08.29 16:06:10 | 001,077,248 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe ========== Modules (No Company Name) ========== MOD - [2012.11.01 18:57:10 | 000,100,248 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2012.11.01 18:56:20 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2012.09.10 09:17:56 | 000,025,592 | ---- | M] () -- C:\Programme\MyTomTom 3\DeviceDetection.dll MOD - [2012.09.10 09:17:52 | 000,254,968 | ---- | M] () -- C:\Programme\MyTomTom 3\TomTomSupporterProxy.dll MOD - [2012.09.10 09:17:50 | 000,073,720 | ---- | M] () -- C:\Programme\MyTomTom 3\TomTomSupporterBase.dll MOD - [2012.07.27 21:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2012.07.26 07:46:31 | 000,985,088 | ---- | M] () -- E:\Office\program\libxml2.dll MOD - [2012.04.16 22:11:02 | 000,398,288 | ---- | M] () -- E:\Tools\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012.01.09 18:44:20 | 000,166,912 | ---- | M] () -- E:\Tools\WinRar\RarExt.dll MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Services (SafeList) ========== SRV - [2012.12.12 11:35:06 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.05 16:33:11 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.09.24 23:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Tools\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Tools\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.10 05:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2009.12.15 13:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- G:\Games\RPG\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.10.10 23:02:31 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.01.17 13:45:58 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2011.01.14 08:06:40 | 000,277,352 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2010.12.10 06:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010.12.10 06:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010.11.02 12:36:26 | 006,188,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009.11.18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: E:\Media\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.03 21:52:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: E:\Tools\Firefox\components [2012.12.05 16:33:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: E:\Tools\Firefox\plugins [2012.12.05 16:32:58 | 000,000,000 | ---D | M] [2012.07.15 15:10:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Extensions [2012.10.23 07:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\5vypdmku.default\extensions O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] E:\Tools\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Programme\MyTomTom 3\MyTomTomSA.exe (TomTom) O4 - Startup: C:\Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = E:\Office\program\quickstart.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.7.0_05) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{245F58A0-26A6-4A5D-B4D4-6C81745F00A5}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.07.15 13:03:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.31 11:46:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*****\Desktop\OTL.exe [2012.12.31 04:25:30 | 000,000,000 | ---D | C] -- C:\_OTL [2012.12.29 23:22:10 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\dotNetFx35setup.exe [2012.12.29 23:22:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Star Vault [2012.12.23 13:27:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Downloads [2012.12.23 13:27:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\TomTom [2012.12.23 13:27:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Startmenü\Programme\TomTom [2012.12.23 13:27:21 | 000,000,000 | ---D | C] -- C:\Programme\TomTom International B.V [2012.12.23 13:27:14 | 000,000,000 | ---D | C] -- C:\Programme\MyTomTom 3 [2012.12.21 01:06:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Eigene Dateien\Birth of the Empires [2012.12.21 01:06:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Birth of the Empires Alpha 6.1 [2012.12.20 09:59:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Recuva [2012.12.20 09:58:59 | 000,000,000 | ---D | C] -- C:\Programme\Recuva [2012.12.15 20:51:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\The Walking Dead [2012.12.15 20:51:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\R.G. Mechanics [2012.12.15 20:36:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Eigene Dateien\Telltale Games [2012.12.15 20:35:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs [2012.12.10 22:27:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Eigene Dateien\Bioshock [2012.12.10 22:27:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Bioshock [2012.12.10 22:09:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\SecuROM [2012.12.10 21:31:52 | 000,108,144 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll [2012.12.09 01:49:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Application Data [2012.12.03 21:05:28 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2012.12.03 21:05:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2012.12.03 21:04:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google [2012.12.03 20:59:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [2012.12.03 20:59:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Google [2012.12.03 20:59:11 | 000,000,000 | ---D | C] -- C:\Programme\Google ========== Files - Modified Within 30 Days ========== [2012.12.31 11:52:29 | 000,013,730 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.12.31 11:52:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.12.31 11:31:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*****\Desktop\OTL.exe [2012.12.30 13:00:05 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.12.30 07:35:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.12.29 23:22:10 | 000,000,810 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mortal Online.lnk [2012.12.23 13:28:57 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.12.21 19:48:20 | 000,125,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.12.10 21:31:52 | 000,108,144 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll [2012.12.10 00:31:15 | 000,070,656 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.03 21:05:28 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk ========== Files Created - No Company Name ========== [2012.12.30 13:00:05 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.12.29 23:22:10 | 000,000,810 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mortal Online.lnk [2012.11.24 14:08:07 | 000,393,256 | ---- | C] () -- C:\WINDOWS\System32\CNQ4809N.DAT [2012.08.03 21:54:43 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012.08.03 21:42:31 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012.08.03 21:42:31 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2012.07.22 10:03:36 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll [2012.07.22 10:03:36 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll [2012.07.16 10:08:00 | 000,070,656 | ---- | C] () -- C:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.15 17:57:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.07.15 14:57:37 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2012.07.15 14:46:26 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2012.07.15 14:46:24 | 000,031,155 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2012.07.15 14:46:23 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2012.07.15 13:15:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012.07.15 13:14:38 | 000,125,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.07.15 13:12:05 | 000,292,700 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012.07.15 13:12:05 | 000,292,700 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012.07.15 13:12:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012.07.15 13:11:54 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012.07.15 13:04:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.07.15 13:00:49 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2012.07.18 18:48:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:44 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.28 07:24:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo [2012.09.18 21:14:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BioWare [2012.11.24 14:10:47 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2012.11.24 14:05:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJWSpt [2012.10.10 23:03:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012.07.25 09:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MetaQuotes [2012.10.10 23:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RELOADED [2012.07.28 07:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Ashampoo [2012.12.17 21:56:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Bioshock [2012.12.01 22:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\BitTorrent [2012.08.29 22:19:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Black Sea Studios [2012.11.24 14:10:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Canon [2012.10.10 23:03:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\DAEMON Tools Lite [2012.11.07 18:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\FunnyGames [2012.09.02 19:06:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\ImgBurn [2012.07.25 09:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\MetaQuotes [2012.07.26 09:11:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\OpenOffice.org [2012.10.30 18:35:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Taunton [2012.12.15 20:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\The Walking Dead [2012.09.10 16:47:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Utherverse ========== Purity Check ========== < End of report > [/CODE] |
|
| Themen zu GVU-WebCam Trojaner, abgesicherter Modus nicht zugänglich |
| 7-zip, adobe, antivir, avira, bho, black, boot-cd, browser, desktop, einstellungen, error, firefox, flash player, format, helper, logfile, mozilla, nvidia update, plug-in, realtek, registry, runctf.lnk, rundll, scan, security, software, temp, trojaner, usb, visual studio, windows, windows internet, windows xp, zugänglich |
Hybrid-Darstellung
