| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner ZeusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.08.2012, 20:43
| #1 |
 |  Trojaner Zeus Schönen guten Abend, :-) wie bereits anderen Menschen auch schon widerfahren, habe ich über web.de und ebay die Information erhalten, dass ich vermutlich den Trojaner Zeus auf dem Rechner liegen habe. Avira Antivirus u.a. habe ich bereits prüfen lassen. Hier mein vollständiger Malewarescan, u.a.: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.13.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Acer eeePC :: ACEREEEPC-PC [Administrator] 13.08.2012 21:06:51 mbam-log-2012-08-13 (21-06-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 239961 Laufzeit: 51 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL Code:
ATTFilter OTL logfile created on: 14.08.2012 18:00:54 - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Acer eeePC\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,18 Mb Total Physical Memory | 376,38 Mb Available Physical Memory | 37,11% Memory free
1,99 Gb Paging File | 1,15 Gb Available in Paging File | 57,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,08 Gb Total Space | 79,97 Gb Free Space | 78,35% Space Free | Partition Type: NTFS
Drive D: | 46,87 Gb Total Space | 46,25 Gb Free Space | 98,67% Space Free | Partition Type: NTFS
Computer Name: ACEREEEPC-PC | User Name: Acer eeePC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Acer eeePC\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
========== Win32 Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1515048141-3773305742-2041119620-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=101702
IE - HKU\S-1-5-21-1515048141-3773305742-2041119620-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1515048141-3773305742-2041119620-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1515048141-3773305742-2041119620-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 8C 56 08 05 1F CD 01 [binary data]
IE - HKU\S-1-5-21-1515048141-3773305742-2041119620-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1515048141-3773305742-2041119620-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1515048141-3773305742-2041119620-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1515048141-3773305742-2041119620-1000\..\SearchScopes\{9FDFAAA8-F147-443F-837D-A2F25F1612B5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=5f568ed9-e160-45cb-828a-383ecb5a4d23&apn_sauid=4AA2BBBD-17E1-46A7-9E59-FD27A6A2D8E8
IE - HKU\S-1-5-21-1515048141-3773305742-2041119620-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FXTV5&o=101699&locale=de_DE&apn_uid=5f568ed9-e160-45cb-828a-383ecb5a4d23&apn_ptnrs=F4&apn_sauid=4AA2BBBD-17E1-46A7-9E59-FD27A6A2D8E8&apn_dtid=YYYYYYYYDE&&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 18:30:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Acer eeePC\AppData\Roaming\13001.016 [2012.07.05 19:00:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 18:30:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012.01.22 17:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer eeePC\AppData\Roaming\mozilla\Extensions
[2012.06.28 16:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer eeePC\AppData\Roaming\mozilla\Firefox\Profiles\hwp8zhmz.default\extensions
[2012.06.28 16:20:07 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Acer eeePC\AppData\Roaming\mozilla\Firefox\Profiles\hwp8zhmz.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.02.25 12:13:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.05 19:00:58 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\ACER EEEPC\APPDATA\ROAMING\13001.016
[2012.06.23 18:30:44 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.23 18:30:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.23 18:30:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.23 18:30:39 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 18:30:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 18:30:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 18:30:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash/cabs/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6A3103C-6900-4FDF-8BBB-2599B32FAEE6}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.07.09 21:08:26 | 002,146,304 | ---- | M] () - D:\AutoArchive.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.13 22:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.08.11 18:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012.08.11 18:01:01 | 000,000,000 | ---D | C] -- C:\Users\Acer eeePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.08.11 18:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012.08.06 22:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.08.06 22:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.08.06 22:12:35 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.08.06 22:12:35 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.08.06 22:12:12 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.08.06 22:12:12 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.08.06 22:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.08.05 16:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012.07.18 20:01:14 | 000,000,000 | ---D | C] -- C:\Users\Acer eeePC\AppData\Roaming\Ymcu
[2012.07.18 20:01:14 | 000,000,000 | ---D | C] -- C:\Users\Acer eeePC\AppData\Roaming\Ykizo
[2012.07.18 20:01:14 | 000,000,000 | ---D | C] -- C:\Users\Acer eeePC\AppData\Roaming\Maso
[1 C:\Users\Acer eeePC\AppData\Roaming\*.tmp files -> C:\Users\Acer eeePC\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.14 17:14:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.14 16:54:10 | 000,011,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.14 16:54:10 | 000,011,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.14 16:46:13 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.11 14:44:51 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.11 14:44:51 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.11 14:44:51 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.11 14:44:51 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.06 22:11:53 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.08.06 22:11:53 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[1 C:\Users\Acer eeePC\AppData\Roaming\*.tmp files -> C:\Users\Acer eeePC\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.05 19:00:35 | 000,000,051 | ---- | C] () -- C:\Users\Acer eeePC\AppData\Roaming\blckdom.res
[2012.06.19 23:03:21 | 000,000,036 | ---- | C] () -- C:\Users\Acer eeePC\AppData\Local\housecall.guid.cache
[2012.04.21 14:11:08 | 000,257,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.16 19:41:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2012.02.16 19:41:46 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012.01.22 17:27:12 | 000,219,136 | ---- | C] () -- C:\Windows\System32\AsusService.exe
[2012.01.22 17:27:12 | 000,021,864 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini
[2012.01.22 17:24:00 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
========== LOP Check ==========
[2012.07.05 19:00:58 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\13001.016
[2012.08.11 19:51:25 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\BSW
[2012.06.17 13:04:52 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\Foxit Software
[2012.07.05 19:00:22 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\kock
[2012.02.16 20:27:44 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\LG Electronics
[2012.08.11 18:07:07 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\Maso
[2012.07.06 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\NDepend
[2012.08.13 23:52:28 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\QuickScan
[2012.07.05 19:00:24 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\xmldm
[2012.08.11 18:02:19 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\Ykizo
[2012.07.18 20:01:14 | 000,000,000 | ---D | M] -- C:\Users\Acer eeePC\AppData\Roaming\Ymcu
[2012.06.26 19:19:54 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 14.08.2012 17:44:23 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Acer eeePC\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,18 Mb Total Physical Memory | 350,49 Mb Available Physical Memory | 34,56% Memory free
1,99 Gb Paging File | 1,14 Gb Available in Paging File | 57,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,08 Gb Total Space | 79,97 Gb Free Space | 78,35% Space Free | Partition Type: NTFS
Drive D: | 46,87 Gb Total Space | 46,25 Gb Free Space | 98,67% Space Free | Partition Type: NTFS
Computer Name: ACEREEEPC-PC | User Name: Acer eeePC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1515048141-3773305742-2041119620-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{028AD6F6-B5A8-4080-AC71-19DE686C8CD3}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{F8F6E881-0D42-4454-8827-9AC9C7EF4B54}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{0109B0AE-740B-4A94-9585-6A4A0A95B0D4}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{149B31AE-3648-41EA-8459-9AB63B741502}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8D8E4C50-3A16-44AB-9034-373E7BD9C1A8}" = LG PC Suite II
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BC508432-7BC6-427F-AD99-556202345B6C}" = Express Gate
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BSW" = BrettspielWelt
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader_is1" = Foxit Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1515048141-3773305742-2041119620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Foxit PDF Creator Toolbar Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.07.2012 11:32:52 | Computer Name = AcereeePC-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 17.07.2012 11:32:52 | Computer Name = AcereeePC-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 17.07.2012 11:32:52 | Computer Name = AcereeePC-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 05.08.2012 11:47:36 | Computer Name = AcereeePC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: McUICnt.exe, Version: 2.15.101.0,
Zeitstempel: 0x4a53eca6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00016799 ID des fehlerhaften
Prozesses: 0xee4 Startzeit der fehlerhaften Anwendung: 0x01cd73219ff9b6ef Pfad der
fehlerhaften Anwendung: C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: e08a8dc4-df14-11e1-96d7-485b39491daf
Error - 05.08.2012 11:48:00 | Computer Name = AcereeePC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: McUICnt.exe, Version: 2.15.101.0,
Zeitstempel: 0x4a53eca6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00016799 ID des fehlerhaften
Prozesses: 0xf34 Startzeit der fehlerhaften Anwendung: 0x01cd7321b0aa7cfb Pfad der
fehlerhaften Anwendung: C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: ee8dc781-df14-11e1-96d7-485b39491daf
Error - 05.08.2012 11:48:17 | Computer Name = AcereeePC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: McUICnt.exe, Version: 2.15.101.0,
Zeitstempel: 0x4a53eca6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00016799 ID des fehlerhaften
Prozesses: 0x2c8 Startzeit der fehlerhaften Anwendung: 0x01cd7321baba0de3 Pfad der
fehlerhaften Anwendung: C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: f8917188-df14-11e1-96d7-485b39491daf
Error - 05.08.2012 16:41:47 | Computer Name = AcereeePC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: McUICnt.exe, Version: 2.15.101.0,
Zeitstempel: 0x4a53eca6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00016799 ID des fehlerhaften
Prozesses: 0xfd8 Startzeit der fehlerhaften Anwendung: 0x01cd734abaf437b4 Pfad der
fehlerhaften Anwendung: C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: f96d78eb-df3d-11e1-96d7-485b39491daf
Error - 11.08.2012 10:06:56 | Computer Name = AcereeePC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: McUICnt.exe, Version: 2.15.101.0,
Zeitstempel: 0x4a53eca6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00016799 ID des fehlerhaften
Prozesses: 0xb68 Startzeit der fehlerhaften Anwendung: 0x01cd77ca8e494082 Pfad der
fehlerhaften Anwendung: C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: ceaf3e93-e3bd-11e1-8fb4-485b39491daf
Error - 13.08.2012 18:04:14 | Computer Name = AcereeePC-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.57.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e68 Startzeit:
01cd799edd8c7b07 Endzeit: 31 Anwendungspfad: C:\Users\Acer eeePC\Downloads\OTL.exe
Berichts-ID:
Error - 13.08.2012 18:07:11 | Computer Name = AcereeePC-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.57.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: bcc Startzeit:
01cd799f9a2570ba Endzeit: 7 Anwendungspfad: C:\Users\Acer eeePC\Downloads\OTL.exe Berichts-ID:
[ System Events ]
Error - 11.07.2012 00:34:06 | Computer Name = AcereeePC-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 11.07.2012 00:34:09 | Computer Name = AcereeePC-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 11.07.2012 00:34:09 | Computer Name = AcereeePC-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 11.07.2012 12:50:48 | Computer Name = AcereeePC-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 11.07.2012 12:50:52 | Computer Name = AcereeePC-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 11.07.2012 12:50:52 | Computer Name = AcereeePC-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 11.07.2012 16:11:32 | Computer Name = AcereeePC-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 12.07.2012 11:23:35 | Computer Name = AcereeePC-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 12.07.2012 11:24:02 | Computer Name = AcereeePC-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 12.07.2012 11:24:02 | Computer Name = AcereeePC-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-14 21:23:05
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160314AS rev.0002SDM1
Running: bzz7tx0h.exe; Driver: C:\Users\ACEREE~1\AppData\Local\Temp\uwdiquog.sys
---- System - GMER 1.0.15 ----
SSDT 89B50C4E ZwCreateSection
SSDT 89B50C58 ZwRequestWaitReplyPort
SSDT 89B50C53 ZwSetContextThread
SSDT 89B50C5D ZwSetSecurityObject
SSDT 89B50C62 ZwSystemDebugControl
SSDT 89B50BEF ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 818823C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 818BBD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 818C2EAC 4 Bytes [4E, 0C, B5, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 818C3208 4 Bytes [58, 0C, B5, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 818C324C 4 Bytes [53, 0C, B5, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 818C32C8 4 Bytes [5D, 0C, B5, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 818C331C 4 Bytes [62, 0C, B5, 89]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[2444] ntdll.dll!LdrLoadDll 7778223E 5 Bytes JMP 6816FA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2444] kernel32.dll!MapViewOfFile 767493DB 5 Bytes JMP 6841079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2444] kernel32.dll!VirtualAlloc 7674C43A 5 Bytes JMP 684107C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2444] GDI32.dll!CreateDIBSection 766B8850 5 Bytes JMP 68410728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3280] USER32.dll!SetWindowLongA 75BB8BA3 5 Bytes JMP 6851003B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3280] USER32.dll!SetWindowLongW 75BC4449 5 Bytes JMP 6850FFCA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3280] USER32.dll!GetWindowInfo 75BC4B5E 5 Bytes JMP 682EAEF3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3280] USER32.dll!TrackPopupMenu 75BD2228 5 Bytes JMP 682EB50D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Ich freue mich über Hinweise und bedanke mich bereits jetzt schon für das Feedback. Grüsse, Scarlett, stets bemüht :-) P.S.: Wie verbreitet sich der TR? Netzwerk? |
| Themen zu Trojaner Zeus |
| administrator, antivirus, application/pdf:, autorun, avg, bho, defender, desktop, ebay, eeepc, error, explorer, firefox, flash player, getwindowinfo, helper, install.exe, installation, langs, locker, logfile, mozilla, neustart, ntdll.dll, plug-in, prüfen, registry, rundll, security, software, taskhost.exe, trojaner, udp |
Baum-Darstellung