Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Avira meldet 2 unerwünschte Programme

Avira meldet 2 unerwünschte Programme


Plagegeister aller Art und deren Bekämpfung: Avira meldet 2 unerwünschte Programme

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.09.2012, 12:14   #1
DerTutNix
 
Avira meldet 2 unerwünschte Programme - Standard

Avira meldet 2 unerwünschte Programme


Hallo liebes Forum,

Avira meldet seit ein paar Tagen Bösewichter. Es wäre echt klasse, wenn ihr mir Tipps zum entfernen geben würdet!

Hier emeplarische Details von Avira:

Code:
ATTFilter
In der Datei 'C:\$Recycle.Bin\S-1-5-18\$ab1bf9ee64450b123368f522d976a14e\U\80000000.@'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Code:
ATTFilter
In der Datei 'C:\$Recycle.Bin\S-1-5-18\$ab1bf9ee64450b123368f522d976a14e\U\800000cb.@'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Code:
ATTFilter
In der Datei 'C:\$Recycle.Bin\S-1-5-21-555615558-1492823023-298548586-1000\$R1C5IQM.exe'
wurde ein Virus oder unerwünschtes Programm 'SPR/Tool.Keygen.1594' [riskware] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
Das hier sagt Malware:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.04.02

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
me :: ME-PC [Administrator]

Schutz: Aktiviert

04.09.2012 11:03:53
malwarebytes-log-2012-09-04 (12-05-48)

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 295431
Laufzeit: 1 Stunde(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-18\$ab1bf9ee64450b123368f522d976a14e\n.) Gut: (fastprox.dll) -> Keine Aktion durchgeführt.
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-555615558-1492823023-298548586-1000\$ab1bf9ee64450b123368f522d976a14e\n.) Gut: (shell32.dll) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\$Recycle.Bin\S-1-5-18\$ab1bf9ee64450b123368f522d976a14e\n (RootKit.0Access) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-18\$ab1bf9ee64450b123368f522d976a14e\U\00000001.@ (Trojan.0Access) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-18\$ab1bf9ee64450b123368f522d976a14e\U\80000000.@ (Trojan.0Access) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-18\$ab1bf9ee64450b123368f522d976a14e\U\800000cb.@ (Trojan.0Access) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-21-555615558-1492823023-298548586-1000\$ab1bf9ee64450b123368f522d976a14e\n (RootKit.0Access) -> Keine Aktion durchgeführt.

(Ende)
Das hier OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.09.2012 12:10:15 - Run 1
OTL by OldTimer - Version 3.2.60.0     Folder = C:\Users\me\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,86 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 45,75% Memory free
3,73 Gb Paging File | 2,47 Gb Available in Paging File | 66,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 40,92 Gb Free Space | 69,83% Space Free | Partition Type: NTFS
Drive D: | 174,28 Gb Total Space | 24,33 Gb Free Space | 13,96% Space Free | Partition Type: NTFS
 
Computer Name: ME-PC | User Name: me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.04 12:08:21 | 000,050,477 | ---- | M] () -- C:\Users\me\Desktop\Defogger.exe
PRC - [2012.09.04 11:43:30 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\me\Desktop\OTL.exe
PRC - [2012.08.09 19:17:34 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.19 16:49:21 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.05.08 20:01:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 20:01:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 20:01:16 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.12.24 13:21:28 | 000,111,536 | ---- | M] (CSR, plc) -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
PRC - [2009.12.24 13:21:00 | 000,504,208 | ---- | M] (CSR, plc) -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
PRC - [2009.11.26 10:35:12 | 000,128,360 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
PRC - [2009.11.01 18:04:50 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.01 18:04:44 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.15 19:59:26 | 000,138,088 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2009.10.15 19:59:26 | 000,033,640 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
PRC - [2009.10.15 19:59:26 | 000,017,256 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
PRC - [2009.10.14 10:47:22 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2009.10.09 22:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2009.07.27 19:50:32 | 000,144,744 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
PRC - [2009.07.27 19:50:30 | 000,062,824 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.04 12:08:21 | 000,050,477 | ---- | M] () -- C:\Users\me\Desktop\Defogger.exe
MOD - [2012.07.19 16:49:21 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.19 16:49:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.08 20:01:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 20:01:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.07 22:42:22 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.10 23:31:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.12.24 13:21:28 | 000,111,536 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService)
SRV - [2009.11.01 18:04:50 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.11.01 18:04:44 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.07.27 19:50:30 | 000,062,824 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 20:01:17 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 20:01:17 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.02.24 22:13:05 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.27 06:13:00 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.11.06 13:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.11.01 18:04:44 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.10.26 13:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2006.11.01 20:59:24 | 000,005,632 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2006.11.01 20:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 1B 50 18 23 F3 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {778D4E56-B10E-45A6-8761-3EE9B11DA81F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{778D4E56-B10E-45A6-8761-3EE9B11DA81F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 16:49:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 16:49:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.04.19 21:07:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Extensions
[2012.02.24 20:43:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\extensions
[2012.02.24 20:43:24 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2012.09.03 19:47:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\ftfhxdw0.default\extensions
[2012.05.15 19:45:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\ftfhxdw0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.06.09 09:56:55 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\ftfhxdw0.default\extensions\anttoolbar@ant.com
[2012.05.17 18:39:56 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\ftfhxdw0.default\extensions\ich@maltegoetz.de
[2012.09.03 19:47:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\ftfhxdw0.default\extensions\staged
[2012.03.18 13:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.19 16:49:21 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc)
O4 - HKLM..\Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc)
O4 - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3957D5F5-896B-4EA7-9005-1B05BDD40367}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{44a312a1-5f25-11e1-a361-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{44a312a1-5f25-11e1-a361-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{eb7ac3e2-5fa4-11e1-ae45-e0ca94951586}\Shell - "" = AutoRun
O33 - MountPoints2\{eb7ac3e2-5fa4-11e1-ae45-e0ca94951586}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.04 12:06:19 | 000,000,000 | ---D | C] -- C:\Users\me\Desktop\trojaner
[2012.09.04 12:06:05 | 000,000,000 | ---D | C] -- C:\Users\me\Desktop\New folder
[2012.09.04 11:43:23 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\me\Desktop\OTL.exe
[2012.09.03 20:55:27 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Malwarebytes
[2012.09.03 20:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.03 20:55:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.03 20:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.03 20:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.02 19:49:24 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Canon
[2012.09.02 19:49:06 | 000,000,000 | ---D | C] -- C:\Users\me\Documents\My Albums
[2012.09.02 19:49:06 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\ArcSoft
[2012.09.02 19:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoBase
[2012.09.02 19:43:05 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\pcdlib32.dll
[2012.09.02 19:35:45 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\PCDLIB32.DLL
[2012.09.02 19:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoStudio
[2012.09.02 19:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2012.09.02 19:33:50 | 000,389,180 | ---- | C] (Canon) -- C:\Windows\System32\UCS32P.DLL
[2012.09.02 19:33:50 | 000,000,000 | -H-D | C] -- C:\CanoScan
[2012.09.02 19:16:45 | 000,000,000 | ---D | C] -- C:\Users\me\Desktop\German
[2012.09.02 17:09:25 | 000,000,000 | ---D | C] -- C:\Users\me\Desktop\lala
[2012.09.01 20:54:01 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\{A39CF6EC-F2D1-05AB-30ED-C71D0EDAA185}
[2012.08.20 18:14:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.12 17:46:26 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Microsoft Games
[2012.08.12 17:05:04 | 000,000,000 | ---D | C] -- C:\Users\me\Desktop\2012
[2012.08.06 16:08:08 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\vlc
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.04 12:09:19 | 000,000,000 | ---- | M] () -- C:\Users\me\defogger_reenable
[2012.09.04 12:08:21 | 000,050,477 | ---- | M] () -- C:\Users\me\Desktop\Defogger.exe
[2012.09.04 11:43:30 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\me\Desktop\OTL.exe
[2012.09.04 11:17:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.04 10:55:41 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 10:55:41 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 10:48:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.04 10:48:12 | 1500,946,432 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.03 20:55:25 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.03 20:08:42 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.03 20:08:42 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.02 19:59:47 | 000,118,606 | ---- | M] () -- C:\Users\me\Desktop\f2.jpg
[2012.09.02 19:59:05 | 000,508,361 | ---- | M] () -- C:\Users\me\Desktop\f1.jpg
[2012.09.02 19:58:02 | 000,321,659 | ---- | M] () -- C:\Users\me\Desktop\b1.jpg
[2012.09.02 19:57:08 | 000,577,713 | ---- | M] () -- C:\Users\me\Desktop\front1.jpg
[2012.09.02 19:53:16 | 000,390,359 | ---- | M] () -- C:\Users\me\Desktop\back.jpg
[2012.09.02 19:14:33 | 004,767,744 | ---- | M] () -- C:\Users\me\Desktop\s3A01dex.exe
[2012.08.28 19:01:46 | 048,798,522 | ---- | M] () -- C:\Users\me\Desktop\***.pdf
[2012.08.16 22:55:45 | 000,412,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.11 14:10:22 | 002,306,751 | ---- | M] () -- C:\Users\me\Desktop\SAM_0689.JPG
[2012.08.09 19:24:24 | 000,939,956 | ---- | M] () -- C:\Users\me\Desktop\lala.pdf
[2012.08.09 13:23:38 | 002,676,917 | ---- | M] () -- C:\Users\me\Desktop\SAM_0666.JPG
[2012.08.08 19:08:38 | 000,939,742 | ---- | M] () -- C:\Users\me\Desktop\lala1.pdf
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.04 12:09:19 | 000,000,000 | ---- | C] () -- C:\Users\me\defogger_reenable
[2012.09.04 12:08:20 | 000,050,477 | ---- | C] () -- C:\Users\me\Desktop\Defogger.exe
[2012.09.03 20:55:25 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.02 19:59:46 | 000,118,606 | ---- | C] () -- C:\Users\me\Desktop\f2.jpg
[2012.09.02 19:59:05 | 000,508,361 | ---- | C] () -- C:\Users\me\Desktop\f1.jpg
[2012.09.02 19:58:02 | 000,321,659 | ---- | C] () -- C:\Users\me\Desktop\b1.jpg
[2012.09.02 19:57:07 | 000,577,713 | ---- | C] () -- C:\Users\me\Desktop\front1.jpg
[2012.09.02 19:53:16 | 000,390,359 | ---- | C] () -- C:\Users\me\Desktop\back.jpg
[2012.09.02 19:14:31 | 004,767,744 | ---- | C] () -- C:\Users\me\Desktop\s3A01dex.exe
[2012.08.28 18:58:33 | 048,798,522 | ---- | C] () -- C:\Users\me\Desktop\***.pdf
[2012.08.12 17:15:49 | 002,676,917 | ---- | C] () -- C:\Users\me\Desktop\SAM_0666.JPG
[2012.08.12 17:13:08 | 002,306,751 | ---- | C] () -- C:\Users\me\Desktop\SAM_0689.JPG
[2012.08.08 19:08:07 | 000,939,742 | ---- | C] () -- C:\Users\me\Desktop\***.pdf
[2012.08.08 19:07:17 | 000,939,956 | ---- | C] () -- C:\Users\me\Desktop\***.pdf
[2012.03.06 20:53:16 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2012.02.24 20:29:32 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
 
========== LOP Check ==========
 
[2012.09.04 10:55:40 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\BitTorrent
[2012.09.02 19:56:07 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Canon
[2012.03.15 15:18:42 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Exif Viewer
[2012.02.24 21:26:59 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\OpenCandy
[2012.02.25 15:17:48 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\TrueCrypt
[2012.07.15 10:51:07 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

[/code]

Die Ergebnisse von Gmer:

Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.09.2012 12:10:15 - Run 1
OTL by OldTimer - Version 3.2.60.0     Folder = C:\Users\me\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,86 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 45,75% Memory free
3,73 Gb Paging File | 2,47 Gb Available in Paging File | 66,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 40,92 Gb Free Space | 69,83% Space Free | Partition Type: NTFS
Drive D: | 174,28 Gb Total Space | 24,33 Gb Free Space | 13,96% Space Free | Partition Type: NTFS
 
Computer Name: ME-PC | User Name: me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{0439D13F-C7CD-458A-90DE-44135CBD40B8}" = Bluetooth Feature Pack 5.0
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2BDE2BF2-AD90-4191-B3C8-D0046CE54916}" = Fujitsu Display Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"BitTorrent" = BitTorrent
"BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exif-Viewer" = Exif-Viewer 2.50 
"InstallShield_{2BDE2BF2-AD90-4191-B3C8-D0046CE54916}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueCrypt" = TrueCrypt
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.08.2012 15:48:48 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp: 
0x5007ce85  Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x4b2f74fe  Exception code: 0xc0000005  Fault offset: 0x6a3de617  Faulting
 process id: 0x6fc  Faulting application start time: 0x01cd78c31fc968f2  Faulting application
 path: S:\VLCPortable\App\vlc\vlc.exe  Faulting module path: CSRBthFtpShellExt.dll
Report
 Id: bb9245e0-e4b6-11e1-b4db-e0ca94951586
 
Error - 12.08.2012 15:48:54 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp: 
0x5007ce85  Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x4b2f74fe  Exception code: 0xc0000005  Fault offset: 0x6a387e2e  Faulting
 process id: 0x6fc  Faulting application start time: 0x01cd78c31fc968f2  Faulting application
 path: S:\VLCPortable\App\vlc\vlc.exe  Faulting module path: CSRBthFtpShellExt.dll
Report
 Id: be992898-e4b6-11e1-b4db-e0ca94951586
 
Error - 19.08.2012 17:18:28 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp: 
0x5007ce85  Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x4b2f74fe  Exception code: 0xc0000005  Fault offset: 0x6bcde617  Faulting
 process id: 0xf88  Faulting application start time: 0x01cd7e4fcba965d8  Faulting application
 path: U:\VLCPortable\App\vlc\vlc.exe  Faulting module path: CSRBthFtpShellExt.dll
Report
 Id: 6aa1e905-ea43-11e1-b31c-e0ca94951586
 
Error - 19.08.2012 17:18:31 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp: 
0x5007ce85  Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x4b2f74fe  Exception code: 0xc0000005  Fault offset: 0x6bc87e2e  Faulting
 process id: 0xf88  Faulting application start time: 0x01cd7e4fcba965d8  Faulting application
 path: U:\VLCPortable\App\vlc\vlc.exe  Faulting module path: CSRBthFtpShellExt.dll
Report
 Id: 6c972982-ea43-11e1-b31c-e0ca94951586
 
Error - 23.08.2012 17:54:39 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp: 
0x5007ce85  Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x4b2f74fe  Exception code: 0xc0000005  Fault offset: 0x6de0e617  Faulting
 process id: 0xebc  Faulting application start time: 0x01cd81799635d5aa  Faulting application
 path: U:\VLCPortable\App\vlc\vlc.exe  Faulting module path: CSRBthFtpShellExt.dll
Report
 Id: 2278a5ef-ed6d-11e1-b31a-e0ca94951586
 
Error - 23.08.2012 17:54:43 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp: 
0x5007ce85  Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x4b2f74fe  Exception code: 0xc0000005  Fault offset: 0x6ddb7e2e  Faulting
 process id: 0xebc  Faulting application start time: 0x01cd81799635d5aa  Faulting application
 path: U:\VLCPortable\App\vlc\vlc.exe  Faulting module path: CSRBthFtpShellExt.dll
Report
 Id: 24b772a6-ed6d-11e1-b31a-e0ca94951586
 
Error - 30.08.2012 15:49:50 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp: 
0x5007ce85  Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x4b2f74fe  Exception code: 0xc0000005  Fault offset: 0x6c65e617  Faulting
 process id: 0x8cc  Faulting application start time: 0x01cd86e83177147a  Faulting application
 path: U:\VLCPortable\App\vlc\vlc.exe  Faulting module path: CSRBthFtpShellExt.dll
Report
 Id: dbdf9688-f2db-11e1-b42d-e0ca94951586
 
Error - 30.08.2012 15:50:05 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp: 
0x5007ce85  Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x4b2f74fe  Exception code: 0xc0000005  Fault offset: 0x6c607e2e  Faulting
 process id: 0x8cc  Faulting application start time: 0x01cd86e83177147a  Faulting application
 path: U:\VLCPortable\App\vlc\vlc.exe  Faulting module path: CSRBthFtpShellExt.dll
Report
 Id: e495f802-f2db-11e1-b42d-e0ca94951586
 
Error - 01.09.2012 08:59:45 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp: 
0x5007ce85  Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x4b2f74fe  Exception code: 0xc0000005  Fault offset: 0x72d4e617  Faulting
 process id: 0xde4  Faulting application start time: 0x01cd88415d9c27ad  Faulting application
 path: U:\VLCPortable\App\vlc\vlc.exe  Faulting module path: CSRBthFtpShellExt.dll
Report
 Id: e6f51918-f434-11e1-b200-e0ca94951586
 
Error - 01.09.2012 08:59:55 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp: 
0x5007ce85  Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x4b2f74fe  Exception code: 0xc0000005  Fault offset: 0x72cf7e2e  Faulting
 process id: 0xde4  Faulting application start time: 0x01cd88415d9c27ad  Faulting application
 path: U:\VLCPortable\App\vlc\vlc.exe  Faulting module path: CSRBthFtpShellExt.dll
Report
 Id: ecf1ffa9-f434-11e1-b200-e0ca94951586
 
[ System Events ]
Error - 15.07.2012 06:09:58 | Computer Name = me-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 16.07.2012 14:52:57 | Computer Name = me-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Update service terminated with the following error:   %%-2147467243
 
Error - 20.07.2012 15:55:44 | Computer Name = me-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 20.07.2012 15:55:45 | Computer Name = me-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 28.07.2012 10:58:46 | Computer Name = me-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 28.07.2012 14:13:14 | Computer Name = me-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 30.07.2012 14:28:48 | Computer Name = me-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error - 02.08.2012 21:37:48 | Computer Name = me-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 04.08.2012 15:15:17 | Computer Name = me-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 07.08.2012 04:37:36 | Computer Name = me-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
 
< End of report >
--- --- ---


gmer.txt
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-04 12:33:51
Windows 6.1.7600  
Running: 05r35u7c.exe; Driver: C:\Users\me\AppData\Local\Temp\pxldypoc.sys


---- System - GMER 1.0.15 ----

SSDT            8E508FC6                                                                                         ZwCreateSection
SSDT            8E508FD0                                                                                         ZwRequestWaitReplyPort
SSDT            8E508FCB                                                                                         ZwSetContextThread
SSDT            8E508FD5                                                                                         ZwSetSecurityObject
SSDT            8E508FDA                                                                                         ZwSystemDebugControl
SSDT            8E508F67                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackTransaction + 13E9                                                        82C7A599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82C9F092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 340                                                              82CA6990 4 Bytes  [C6, 8F, 50, 8E]
.text           ntkrnlpa.exe!RtlSidHashLookup + 69C                                                              82CA6CEC 4 Bytes  [D0, 8F, 50, 8E]
.text           ntkrnlpa.exe!RtlSidHashLookup + 6E0                                                              82CA6D30 4 Bytes  [CB, 8F, 50, 8E]
.text           ntkrnlpa.exe!RtlSidHashLookup + 75C                                                              82CA6DAC 4 Bytes  [D5, 8F, 50, 8E]
.text           ntkrnlpa.exe!RtlSidHashLookup + 7B0                                                              82CA6E00 4 Bytes  [DA, 8F, 50, 8E]
.text           ...                                                                                              

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\BTHUSB \Device\00000075                                                                  bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000075                                                                  bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000077                                                                  bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000077                                                                  bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device          \Driver\ACPI_HAL \Device\0000004c                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library         c:\windows\system32\z (*** hidden *** ) @ C:\Windows\system32\svchost.exe [872]                  0x45670000                                                                                                                                           
Library         c:\windows\system32\z (*** hidden *** ) @ C:\Windows\Explorer.EXE [1716]                         0x45670000                                                                                                                                           

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0ca94951586                      
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0ca94951586 (not active ControlSet)  

---- EOF - GMER 1.0.15 ----
--- --- ---


Beste Grüße
DTN


P.S. Habe darüber nachgedacht, wie mein PC infiziert wurden konnte, da ich nur auf main-stream Sites unterwegs bin. Ich kannmich dunkel erinnern....so muss das auch bei mir gewesen sein....ein gefaktes Adobe update... hxxp://forum.avira.com/wbb/index.php?page=Thread&threadID=147672
Geändert von DerTutNix (04.09.2012 um 12:48 Uhr)

Alt 04.09.2012, 22:34   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira meldet 2 unerwünschte Programme - Standard

Avira meldet 2 unerwünschte Programme


Code:
ATTFilter
'SPR/Tool.Keygen.1594' [riskware] gefunden.
Infektion durch den Missbrauch von illegaler Software (keygen)!

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________

__________________
Alt 05.09.2012, 16:42   #3
DerTutNix
 
Avira meldet 2 unerwünschte Programme - Standard

Avira meldet 2 unerwünschte Programme


Ach du dickes Ei! Ich hab den Rechner gebraucht gekauft, dass da so ein mist drauf ist, hat mir der Verkäufer nicht gesagt. Trotzdem Danke!
__________________
Alt 06.09.2012, 10:45   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira meldet 2 unerwünschte Programme - Standard

Avira meldet 2 unerwünschte Programme


Gebrauchter PC ist ja ok aber wieso tut man sich eine gebrauchte verschmutzte Windows-Installation an!
Ich benutzt doch keine Windows-Installation die von irgendeinem fremden verhunzt werden konnte - man macht immer eine komplette Neuinstallation bei einem gebrauchten Rechner
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Avira meldet 2 unerwünschte Programme
'tr/atraps.gen', 'tr/atraps.gen2', antivir, autorun, avira, bho, conduit, downloader, entfernen, error, excel, firefox, flash player, format, install.exe, installation, langs, locker, logfile, malware, mozilla, pc infiziert, plug-in, programm, realtek, recycle.bin, registry, riskware, rundll, scan, security, software, svchost.exe, trojan, usb 2.0, virus


« iexplore.exe läuft mehrfach im Hintergrund | Virusmeldung TR/ATRAPS.Gen und TR/ATRAPS.Gen2 »


Ähnliche Themen: Avira meldet 2 unerwünschte Programme


  1. 9 Viren bzw. unerwünschte Programme wurden gefunden
    Log-Analyse und Auswertung - 08.09.2015 (23)
  2. Windows 7: Malware Gefunden und unerwünschte Programme
    Log-Analyse und Auswertung - 28.07.2015 (10)
  3. Windows7 unerwünschte Programme SlimCleanerPlus
    Plagegeister aller Art und deren Bekämpfung - 16.07.2015 (11)
  4. 11 Viren bzw. unerwünschte Programme wurden gefunden !
    Log-Analyse und Auswertung - 28.12.2014 (21)
  5. Windows 7 Pro: Unerwünschte Programme in der Taskleiste
    Log-Analyse und Auswertung - 08.08.2014 (5)
  6. unerwünschte Programme / Adware? in der Taskleiste
    Log-Analyse und Auswertung - 20.06.2014 (1)
  7. AVIRA findet 4 unerwünschte Programme TR/Kazy.evrfa TR/Rogue.AI.1030 BDS/Androm.lrds
    Log-Analyse und Auswertung - 17.01.2014 (10)
  8. Antivirenprogramm meldet unerwünschte Software
    Log-Analyse und Auswertung - 07.01.2014 (14)
  9. Windows XP: Avira meldet Adware, Maleware, Programme
    Log-Analyse und Auswertung - 07.10.2013 (19)
  10. Verdacht auf unerwünschte Programme
    Plagegeister aller Art und deren Bekämpfung - 14.07.2013 (53)
  11. 40 Viren/unerwünschte Programme von Free Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (31)
  12. Windows Firewall Fehlercode 0x80070424, Avira findet 4 Viren oder unerwünschte Programme
    Log-Analyse und Auswertung - 19.11.2012 (11)
  13. Antivir meldet 10 Viren oder unerwünschte Programme
    Log-Analyse und Auswertung - 30.01.2012 (25)
  14. Habe Viren, unerwünschte Programme und Banner :(
    Plagegeister aller Art und deren Bekämpfung - 14.07.2011 (7)
  15. Avira findet 25!!! Viren bzw. unerwünschte Programme u.a. HTML/Drop.Agent.AB
    Plagegeister aller Art und deren Bekämpfung - 24.11.2010 (9)
  16. Unerwünschte Weiterleitungen, Programme nicht ausführbar etc.
    Log-Analyse und Auswertung - 20.07.2009 (1)
  17. AntiVir meldet: Es wurden 8 VIren oder unerwünschte Programme gefunden
    Plagegeister aller Art und deren Bekämpfung - 15.10.2007 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Avira meldet 2 unerwünschte Programme - Hallo liebes Forum, Avira meldet seit ein paar Tagen Bösewichter. Es wäre echt klasse, wenn ihr mir Tipps zum entfernen geben würdet! Hier emeplarische Details von Avira : Code: Alles - Avira meldet 2 unerwünschte Programme...
Archiv
Du betrachtest: Avira meldet 2 unerwünschte Programme auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19