GVU Trojaner mit Webcam bitte um Hilfe

Attila1 · 21.07.2012, 08:40

Hallo,

habe mir gestern den GVU Trojaner mit Webcam eingefangen! ich habe schon mal OTL.Txt und Extras.txt

Bitte um Hilfe.

Mit freundlichen Grüßen!!

t'john · 21.07.2012, 18:25

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () 
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () 
MOD - C:\Users\ACARER~1\AppData\Local\Temp\toip0_tmp.exe () 
MOD - C:\Windows\SysWOW64\msjetoledb40.dll () 
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) 
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D58D36E8-500C-4F1E-BDD8-E3167F10016E} 
IE:64bit: - HKLM\..\SearchScopes\{D58D36E8-500C-4F1E-BDD8-E3167F10016E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox 
IE - HKLM\..\SearchScopes,DefaultScope = {68A03280-6875-43EA-A925-773FA7476196} 
IE - HKLM\..\SearchScopes\{68A03280-6875-43EA-A925-773FA7476196}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3821561305-2158773727-2954701975-1000\..\SearchScopes,DefaultScope = {68A03280-6875-43EA-A925-773FA7476196} 
IE - HKU\S-1-5-21-3821561305-2158773727-2954701975-1000\..\SearchScopes\{3D799345-F676-4DD4-990D-D5233068E90D}: "URL" = http://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} 
IE - HKU\S-1-5-21-3821561305-2158773727-2954701975-1000\..\SearchScopes\{68A03280-6875-43EA-A925-773FA7476196}: "URL" = http://www.bing.com/search?FORM=TSHMDF&PC=MATM&q={searchTerms}&src=IE-SearchBox 
IE - HKU\S-1-5-21-3821561305-2158773727-2954701975-1000\..\SearchScopes\{80F536C1-4511-4176-82AA-6B0CA29B16F7}: "URL" = http://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 
IE - HKU\S-1-5-21-3821561305-2158773727-2954701975-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3821561305-2158773727-2954701975-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..network.proxy.no_proxies_on: "*.local" 
FF - prefs.js..network.proxy.type: 0 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKLM..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Shockwave Flash Object) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{0760d1e9-a4f4-11e0-9214-d9257b6ab5c4}\Shell - "" = AutoRun 
O33 - MountPoints2\{0760d1e9-a4f4-11e0-9214-d9257b6ab5c4}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{09ae488f-c056-11e0-b8ef-001e101f2500}\Shell - "" = AutoRun 
O33 - MountPoints2\{09ae488f-c056-11e0-b8ef-001e101f2500}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{146f3de6-a4ea-11e0-b8c0-ab52c46744c9}\Shell - "" = AutoRun 
O33 - MountPoints2\{146f3de6-a4ea-11e0-b8c0-ab52c46744c9}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{25faaec4-d464-11df-9deb-88252c3d2c82}\Shell - "" = AutoRun 
O33 - MountPoints2\{25faaec4-d464-11df-9deb-88252c3d2c82}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{25faaecb-d464-11df-9deb-88252c3d2c82}\Shell - "" = AutoRun 
O33 - MountPoints2\{25faaecb-d464-11df-9deb-88252c3d2c82}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{39fd46cf-a4ec-11e0-b709-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{39fd46cf-a4ec-11e0-b709-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{39fd46e7-a4ec-11e0-b709-e8d2f35482c5}\Shell - "" = AutoRun 
O33 - MountPoints2\{39fd46e7-a4ec-11e0-b709-e8d2f35482c5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{3ec8f769-a4fa-11e0-8287-ea5b3817a4ba}\Shell - "" = AutoRun 
O33 - MountPoints2\{3ec8f769-a4fa-11e0-8287-ea5b3817a4ba}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{3ec8f76b-a4fa-11e0-8287-ea5b3817a4ba}\Shell - "" = AutoRun 
O33 - MountPoints2\{3ec8f76b-a4fa-11e0-8287-ea5b3817a4ba}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{3ec8f773-a4fa-11e0-8287-ea5b3817a4ba}\Shell - "" = AutoRun 
O33 - MountPoints2\{3ec8f773-a4fa-11e0-8287-ea5b3817a4ba}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{3ec8f776-a4fa-11e0-8287-ea5b3817a4ba}\Shell - "" = AutoRun 
O33 - MountPoints2\{3ec8f776-a4fa-11e0-8287-ea5b3817a4ba}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{580e9783-fda3-11df-b62e-88ae1d58711f}\Shell - "" = AutoRun 
O33 - MountPoints2\{580e9783-fda3-11df-b62e-88ae1d58711f}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{910ca150-a4ec-11e0-9328-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{910ca150-a4ec-11e0-9328-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{910ca171-a4ec-11e0-9328-960aa861e9c6}\Shell - "" = AutoRun 
O33 - MountPoints2\{910ca171-a4ec-11e0-9328-960aa861e9c6}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{910ca175-a4ec-11e0-9328-960aa861e9c6}\Shell - "" = AutoRun 
O33 - MountPoints2\{910ca175-a4ec-11e0-9328-960aa861e9c6}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{910ca183-a4ec-11e0-9328-960aa861e9c6}\Shell - "" = AutoRun 
O33 - MountPoints2\{910ca183-a4ec-11e0-9328-960aa861e9c6}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{910ca19b-a4ec-11e0-9328-960aa861e9c6}\Shell - "" = AutoRun 
O33 - MountPoints2\{910ca19b-a4ec-11e0-9328-960aa861e9c6}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{910ca1a3-a4ec-11e0-9328-960aa861e9c6}\Shell - "" = AutoRun 
O33 - MountPoints2\{910ca1a3-a4ec-11e0-9328-960aa861e9c6}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{af65ecb8-a575-11e0-a01a-dbe2e1743dc7}\Shell - "" = AutoRun 
O33 - MountPoints2\{af65ecb8-a575-11e0-a01a-dbe2e1743dc7}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{d458c011-dd5c-11df-b480-88ae1d58711f}\Shell - "" = AutoRun 
O33 - MountPoints2\{d458c011-dd5c-11df-b480-88ae1d58711f}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{d458c015-dd5c-11df-b480-88ae1d58711f}\Shell - "" = AutoRun 
O33 - MountPoints2\{d458c015-dd5c-11df-b480-88ae1d58711f}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{edaf23ea-aacb-11e0-905f-c6e2d866c2c9}\Shell - "" = AutoRun 
O33 - MountPoints2\{edaf23ea-aacb-11e0-905f-c6e2d866c2c9}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{edaf23fb-aacb-11e0-905f-c6e2d866c2c9}\Shell - "" = AutoRun 
O33 - MountPoints2\{edaf23fb-aacb-11e0-905f-c6e2d866c2c9}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{fdd66a50-a4f1-11e0-9144-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{fdd66a50-a4f1-11e0-9144-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\F\Shell - "" = AutoRun 
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 

[2012.07.21 01:23:14 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad 
[2012.07.19 19:51:35 | 000,001,900 | ---- | M] () -- C:\Users\Acar Eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[2012.07.19 19:51:35 | 000,001,900 | ---- | C] () -- C:\Users\Acar Eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[2012.07.19 19:51:30 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad 
[2012.07.17 18:54:32 | 000,000,460 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Acar Eren.job 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

t'john · 02.08.2012, 05:34

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

GVU Trojaner mit Webcam bitte um Hilfe

Log-Analyse und Auswertung: GVU Trojaner mit Webcam bitte um Hilfe