| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner mit Webcam neu ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.01.2013, 14:15
| #1 |
| |  GVU-Trojaner mit Webcam neu ? Hallo , Ich habe hier auf einem Laptop den neuen (ich nehme an neu) GVU-Trjaner der sogar auf meine Integrierte Cam im laptop zugreifen kann und ein Bild von mir macht wenn ich mich davor stelle. Habe ohne große bedenken den Kaspersky Windowsunlocker Verwendet, die neueste version die es auf chip gibt . Leider ohne erfolg , bis ich dan auf diese forum gestoßen bin. Ich habe mir hier ein paar threads durchgelesehn und habe dann demetsprechent gehandelt mit OTLPE und nun lade ich die OTL.txt mal doch und hoffe auf hilfe . Code:
ATTFilter OTL logfile created on: 1/22/2013 1:44:04 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.24 Mb Free Space | 74.25% Space Free | Partition Type: NTFS
Drive D: | 7.49 Gb Total Space | 6.52 Gb Free Space | 86.99% Space Free | Partition Type: FAT32
Drive E: | 905.18 Gb Total Space | 824.91 Gb Free Space | 91.13% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/02/02 08:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto] -- E:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) Capability Licensing Service Interface) Intel(R)
SRV:64bit: - [2011/12/07 20:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto] -- E:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) Intel(R)
SRV:64bit: - [2011/12/07 20:43:56 | 000,273,168 | ---- | M] () [On_Demand] -- E:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/12/07 20:43:48 | 000,618,256 | ---- | M] (Intel(R) Corporation) [Auto] -- E:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2011/12/07 20:43:44 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto] -- E:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2011/12/04 19:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/12/04 18:55:36 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto] -- E:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/11 06:10:18 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/18 11:06:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/18 11:06:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/07/18 11:06:01 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/07/18 11:06:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/06/11 04:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand] -- E:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/02/13 01:02:24 | 000,031,624 | ---- | M] () [Auto] -- E:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe -- (SamsungDeviceConfigurationWinService)
SRV - [2012/02/10 04:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand] -- E:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 04:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto] -- E:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/02/07 21:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2012/02/07 21:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2012/02/07 21:03:28 | 000,128,280 | ---- | M] () [Auto] -- E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) ME Service) Intel(R)
SRV - [2012/02/07 21:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) Intel(R)
SRV - [2012/02/02 12:28:10 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand] -- E:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R)
SRV - [2012/02/01 01:12:16 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/10 13:30:16 | 000,201,344 | ---- | M] (Telefónica) [Auto] -- E:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2011/12/19 05:16:50 | 001,104,208 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/12/19 05:16:48 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand] -- E:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/12/19 05:16:44 | 001,014,096 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/10/22 06:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto] -- E:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/07/18 11:06:32 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/07/18 11:06:32 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto] -- E:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/07/18 11:06:32 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/06/11 04:33:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/02/01 01:12:14 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/01/05 05:36:54 | 014,652,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/01/04 13:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\iusb3xhc.sys -- (iusb3xhc) Intel(R)
DRV:64bit: - [2012/01/04 13:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\iusb3hub.sys -- (iusb3hub) Intel(R)
DRV:64bit: - [2012/01/04 13:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\iusb3hcs.sys -- (iusb3hcs) Intel(R)
DRV:64bit: - [2011/12/20 03:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/12/20 03:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/12/14 00:26:56 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2011/12/12 21:26:20 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/12/12 21:26:18 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/12/05 13:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2011/12/04 19:22:58 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/12/04 19:22:58 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/12/01 08:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011/11/23 09:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/10 04:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011/08/17 02:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/05/03 02:42:40 | 000,222,464 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011/04/11 05:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto] -- E:\Windows\System32\drivers\SGDrv64.sys -- (SGDrv)
DRV:64bit: - [2011/01/30 05:19:34 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/08 03:59:40 | 000,032,768 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ewdcsc.sys -- (Huawei)
DRV:64bit: - [2010/07/26 20:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Besitzer_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKU\Besitzer_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Besitzer_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF64_11_5_502_146.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: E:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: E:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/09/03 03:25:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/09/03 03:25:25 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - E:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - E:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] E:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\Besitzer_ON_E..\Run: [ieodjrzotp] E:\Users\Besitzer\AppData\Roaming\phxzbypky.exe (BitTech Co. Ltd.)
O4 - HKU\Besitzer_ON_E..\Run: [PC Suite Tray] E:\Program Files (x86)\Nokia PC Suite\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] File not found
O4 - HKU\UpdatusUser_ON_E..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Besitzer_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\UpdatusUser_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000020 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - E:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - E:\Windows\System32\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - E:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (C:\ProgramData\phxzbypky) - E:\ProgramData\phxzbypky.exe (BitTech Co. Ltd.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/21 15:20:10 | 000,059,310 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{d85d1922-b70c-11e1-a33a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d85d1922-b70c-11e1-a33a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe
O33 - MountPoints2\{e9a6221e-f2a8-11e1-bcc8-c48508596d06}\Shell - "" = AutoRun
O33 - MountPoints2\{e9a6221e-f2a8-11e1-bcc8-c48508596d06}\Shell\AutoRun\command - "" = E:\AutoRun.exe
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 7 Days ==========
[2013/01/21 14:33:09 | 000,000,000 | ---D | C] -- E:\Kaspersky Rescue Disk 10.0
[2013/01/20 07:08:01 | 000,000,000 | ---D | C] -- E:\Users\Besitzer\Documents\Youcam
[2013/01/20 07:07:58 | 000,000,000 | ---D | C] -- E:\Users\Besitzer\AppData\Roaming\CyberLink
[2013/01/20 07:07:58 | 000,000,000 | ---D | C] -- E:\Users\Besitzer\AppData\Local\CyberLink
[2013/01/20 07:00:57 | 000,174,592 | ---- | C] (BitTech Co. Ltd.) -- E:\Users\Besitzer\AppData\Roaming\phxzbypky.exe
[2013/01/20 06:57:41 | 000,174,592 | ---- | C] (BitTech Co. Ltd.) -- E:\Users\Besitzer\AppData\Local\phxzbypky.exe
[2013/01/20 06:57:40 | 000,174,592 | ---- | C] (BitTech Co. Ltd.) -- E:\ProgramData\phxzbypky.exe
========== Files - Modified Within 7 Days ==========
[2013/01/22 07:22:30 | 000,067,584 | --S- | M] () -- E:\windows\bootstat.dat
[2013/01/22 07:17:00 | 000,000,328 | ---- | M] () -- E:\windows\tasks\Xerox PhotoCafe Communicator.job
[2013/01/22 07:14:42 | 000,020,992 | -H-- | M] () -- E:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 07:14:42 | 000,020,992 | -H-- | M] () -- E:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 07:12:13 | 000,696,870 | ---- | M] () -- E:\windows\System32\perfh007.dat
[2013/01/22 07:12:13 | 000,652,148 | ---- | M] () -- E:\windows\System32\perfh009.dat
[2013/01/22 07:12:13 | 000,148,134 | ---- | M] () -- E:\windows\System32\perfc007.dat
[2013/01/22 07:12:13 | 000,121,080 | ---- | M] () -- E:\windows\System32\perfc009.dat
[2013/01/22 07:09:00 | 000,000,884 | ---- | M] () -- E:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/22 07:07:13 | 000,174,592 | ---- | M] (BitTech Co. Ltd.) -- E:\Users\Besitzer\AppData\Local\phxzbypky.exe
[2013/01/22 07:07:12 | 000,174,592 | ---- | M] (BitTech Co. Ltd.) -- E:\Users\Besitzer\AppData\Roaming\phxzbypky.exe
[2013/01/22 07:07:01 | 4187,361,279 | -HS- | M] () -- E:\hiberfil.sys
[2013/01/22 07:05:21 | 000,174,592 | ---- | M] (BitTech Co. Ltd.) -- E:\ProgramData\phxzbypky.exe
[2013/01/21 13:29:51 | 000,000,830 | ---- | M] () -- E:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
========== Files Created - No Company Name ==========
[2012/09/03 03:23:36 | 000,274,256 | ---- | C] () -- E:\windows\hpwins05.dat
[2012/09/03 03:23:36 | 000,003,111 | ---- | C] () -- E:\windows\hpwmdl05.dat
[2012/09/03 02:09:05 | 001,590,378 | ---- | C] () -- E:\windows\SysWow64\PerfStringBackup.INI
[2012/03/02 09:17:08 | 000,307,200 | ---- | C] () -- E:\windows\SetDisplayResolution.exe
[2012/03/02 08:30:00 | 000,001,340 | ---- | C] () -- E:\windows\HotFixList.ini
[2012/02/05 21:29:35 | 000,734,772 | ---- | C] () -- E:\windows\SysWow64\igkrng700.bin
[2012/02/05 21:29:30 | 000,557,476 | ---- | C] () -- E:\windows\SysWow64\igfcg700m.bin
[2012/02/05 21:29:27 | 000,058,880 | ---- | C] () -- E:\windows\SysWow64\igdde32.dll
[2012/02/05 21:29:25 | 012,978,688 | ---- | C] () -- E:\windows\SysWow64\ig7icd32.dll
[2012/02/02 08:08:26 | 000,001,536 | ---- | C] () -- E:\windows\SysWow64\IusEventLog.dll
[2010/11/20 22:24:49 | 000,252,928 | ---- | C] () -- E:\windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- E:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- E:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- E:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- E:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- E:\windows\SysWow64\ir32_32.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- E:\windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- E:\windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- E:\windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- E:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- E:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\windows\SysWow64\mlang.dat
========== LOP Check ==========
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2012/09/09 14:27:08 | 000,000,000 | ---D | M] -- E:\ProgramData\Installations
[2012/09/09 14:34:01 | 000,000,000 | ---D | M] -- E:\ProgramData\PC Suite
[2012/03/02 08:07:20 | 000,000,000 | ---D | M] -- E:\ProgramData\Roaming
[2012/03/04 23:07:41 | 000,000,000 | ---D | M] -- E:\ProgramData\SAMSUNG
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2012/08/30 04:37:09 | 000,000,000 | ---D | M] -- E:\ProgramData\Synaptics
[2012/03/02 09:19:07 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2012/08/30 05:02:52 | 000,000,000 | ---D | M] -- E:\ProgramData\WildTangent
[2012/03/05 18:11:47 | 000,000,000 | ---D | M] -- E:\ProgramData\WinClon
[2012/03/02 08:21:16 | 000,000,000 | ---D | M] -- E:\ProgramData\Xerox PhotoCafe
[2012/08/30 04:52:48 | 000,000,828 | ---- | M] () -- E:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013/01/21 13:29:51 | 000,000,830 | ---- | M] () -- E:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012/12/05 15:03:34 | 000,032,546 | ---- | M] () -- E:\windows\Tasks\SCHEDLGU.TXT
[2013/01/22 07:17:00 | 000,000,328 | ---- | M] () -- E:\windows\Tasks\Xerox PhotoCafe Communicator.job
========== Purity Check ==========
< End of report >
Geändert von JeffreyG (22.01.2013 um 14:31 Uhr) |
| Themen zu GVU-Trojaner mit Webcam neu ? |
| besitzer, bild, bingbar, chip, erfolg, forum, große, gvu-trjaner, gvu-trojaner, hoffe, integrierte, kaspersky, kaspersky windowsunlocker, laptop, neu, neue, neuen, neues, neueste, nvidia update, nvpciflt.sys, otl.txt, plug-in, sprechen, threads, version, verwendet, webcam, zugreife, zugreifen |
Baum-Darstellung