Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista]

TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista]


Plagegeister aller Art und deren Bekämpfung: TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista]

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 21.01.2013, 10:53   #1
help me
 
TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] - Frage

TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista]


Guten Morgen liebes Anti-Trojaner-Team,

vielen Dank erst einmal, dass Ihr hier so tolle Hilfe leistet! Als ich mal wieder mit dem CCleaner die temporären Dateien löschen wollte, meldete Avira Free mehrere Funde. Zuvor hatte ich Java komplett deinstalliert, ich nehme aber an, dass es da keinen Zusammenhang gibt.

Da bei mir mehrere Sachen gefunden wurde, wollte ich mich lieber gleich melden, anstatt aus allen möglichen Threads Lösungen auszuprobieren und dabei evtl. schlimmeres anzurichten.

Avira Funde:

Code:
ATTFilter
Exportierte Ereignisse:

20.01.2013 19:42 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\...\AppData\Local\Temp\msimg32.dll'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Sirefef.P.1075' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c41b9ff.qua' 
      verschoben!

20.01.2013 19:42 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\...\AppData\Local\Temp\~!#4F4A.tmp'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.kdz.4040.1' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54ac97ea.qua' 
      verschoben!

20.01.2013 19:42 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\...\AppData\Local\Temp\P9KOT1O4R.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Sirefef.P.1075' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1e3ce2cd.qua' 
      verschoben!

20.01.2013 19:42 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\...\AppData\Local\Temp\2MV9N.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Buzus.hlmnubac' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '781ead3b.qua' 
      verschoben!

20.01.2013 19:40 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\...\AppData\Local\Temp\msimg32.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sirefef.P.1075' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

20.01.2013 19:40 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\...\AppData\Local\Temp\2MV9N.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Buzus.hlmnubac' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

20.01.2013 19:40 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\...\AppData\Local\Temp\~!#4F4A.tmp'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.kdz.4040.1' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

20.01.2013 19:40 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\...\AppData\Local\Temp\P9KOT1O4R.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sirefef.P.1075' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

11.01.2013 11:03 [Echtzeit Scanner] Malware gefunden
      In der Datei 
      'C:\$Recycle.Bin\S-1-5-21-2339767433-1062430166-1985639694-1000\$e28a836f70bcf37
      e4b7b08a58bc11a6a\n'
      wurde ein Virus oder unerwünschtes Programm 'BDS/ZeroAccess.Gen' [backdoor] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern
Ich habe versucht, mich genau an die Anleitung für alle Hilfesuchenden zu halten. Bevor ich aber wieder auf Eure Seite gestoßen bin, hatte ich noch einen Quick-Scan mit Malwarebytes gemacht, das ich extra dafür installiert hab - ich hoffe, das war kein Fehler.

Malwarebytes Anti-Malware - Logdatei:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.20.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
... :: ...-PC [Administrator]

Schutz: Aktiviert

20.01.2013 20:03:46
mbam-log-2013-01-20 (20-03-46).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202384
Laufzeit: 4 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-2339767433-1062430166-1985639694-1000\$e28a836f70bcf37e4b7b08a58bc11a6a\n.) Gut: (shell32.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Dann kam ich auf Eure Seite und habe der Reihe nach die Schritte 1-3 von der Anleitung ausgeführt.

OTL.txt:

Code:
ATTFilter
OTL logfile created on: 20.01.2013 20:36:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\...\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,29% Memory free
6,21 Gb Paging File | 5,08 Gb Available in Paging File | 81,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,02 Gb Total Space | 186,42 Gb Free Space | 64,72% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 1,29 Gb Free Space | 12,90% Space Free | Partition Type: NTFS
 
Computer Name: ...-PC | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\...\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)
PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
MOD - C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\FakeAvRenderer.dll ()
MOD - C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll ()
MOD - C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (NPF_devolo) -- C:\Windows\System32\drivers\npf_devolo.sys (CACE Technologies)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc.                           )
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\...\Desktop
IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=4080819
IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7DADE_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2339767433-1062430166-1985639694-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: en-US%40dictionaries.addons.mozilla.org:6.0
FF - prefs.js..extensions.enabledAddons: pl%40dictionaries.addons.mozilla.org:1.0.20110621
FF - prefs.js..extensions.enabledAddons: %7Ba95d8332-e4b4-6e7f-98ac-20b733364387%7D:0.6.3
FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2012.09.13
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.11.30 12:55:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 12:49:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 12:49:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.23 15:12:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 12:49:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 12:49:07 | 000,000,000 | ---D | M]
 
[2010.07.16 14:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions
[2010.07.16 14:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.14 11:09:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\tw3vpg9y.default\extensions
[2010.11.18 18:08:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\tw3vpg9y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.10.14 11:09:56 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\tw3vpg9y.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.09.08 11:32:48 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\tw3vpg9y.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012.05.25 11:51:16 | 000,000,000 | ---D | M] (Polski slownik poprawnej pisowni) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\tw3vpg9y.default\extensions\pl@dictionaries.addons.mozilla.org
[2012.08.19 07:29:36 | 000,056,640 | ---- | M] () (No name found) -- C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\tw3vpg9y.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
[2013.01.19 12:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.30 12:55:36 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2013.01.19 12:49:10 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.16 22:21:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 16:09:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.16 22:21:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.16 22:21:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.16 22:21:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.16 22:21:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\...\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C22F7C89-F44E-4F73-A8BD-2EB9408C7E17}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E823C953-D722-4CEA-B45C-F1C2E5AB60EC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E939E098-3699-4A2A-829A-22D8CE68A986}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7F8F987-CA60-46BA-8B07-7DE04D765AC2}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Data\Fotos\...\...\CIMG0023.JPG
O24 - Desktop BackupWallPaper: C:\Data\Fotos\...\...\CIMG0023.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{514387a2-cc07-11e0-bd5a-001d099eb19b}\Shell - "" = AutoRun
O33 - MountPoints2\{514387a2-cc07-11e0-bd5a-001d099eb19b}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{a9d0da13-f1c9-11dd-9bee-001d099eb19b}\Shell - "" = AutoRun
O33 - MountPoints2\{a9d0da13-f1c9-11dd-9bee-001d099eb19b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.20 20:06:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
[2013.01.20 20:01:53 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Malwarebytes
[2013.01.20 20:01:46 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.20 20:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.20 20:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.19 12:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.11 08:56:44 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.11 08:55:01 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.01 15:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.01.01 15:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.30 19:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2012.12.30 19:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012.12.28 10:44:51 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.28 10:44:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.20 20:35:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.20 20:35:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.20 20:30:49 | 000,000,000 | ---- | M] () -- C:\Users\...\defogger_reenable
[2013.01.20 20:17:03 | 000,443,065 | ---- | M] () -- C:\Users\...\Desktop\Für alle Hilfesuchenden! - Trojaner-Board.pdf
[2013.01.20 20:13:41 | 000,050,477 | ---- | M] () -- C:\Users\...\Desktop\Defogger.exe
[2013.01.20 20:09:02 | 013,462,931 | ---- | M] () -- C:\Users\...\Desktop\mbar-1.01.0.1016.zip
[2013.01.20 20:07:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
[2013.01.20 20:01:47 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.20 19:22:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.20 17:19:47 | 000,630,768 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.20 17:19:47 | 000,127,492 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.20 17:19:47 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.20 17:19:47 | 000,008,640 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.20 17:14:53 | 3207,786,496 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.18 23:30:09 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.18 23:30:09 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.16 16:42:54 | 000,001,740 | -H-- | M] () -- C:\Users\...\Documents\Default.rdp
[2013.01.11 11:13:02 | 000,367,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.01 15:01:58 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.30 19:51:08 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.20 20:30:49 | 000,000,000 | ---- | C] () -- C:\Users\...\defogger_reenable
[2013.01.20 20:17:01 | 000,443,065 | ---- | C] () -- C:\Users\...\Desktop\Für alle Hilfesuchenden! - Trojaner-Board.pdf
[2013.01.20 20:13:40 | 000,050,477 | ---- | C] () -- C:\Users\...\Desktop\Defogger.exe
[2013.01.20 20:08:19 | 013,462,931 | ---- | C] () -- C:\Users\...\Desktop\mbar-1.01.0.1016.zip
[2013.01.20 20:01:47 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.01 15:01:58 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.30 19:51:08 | 000,001,704 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012.11.30 17:01:57 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012.11.30 17:01:57 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012.11.30 17:01:56 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012.11.30 17:01:56 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012.11.30 17:01:56 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012.05.04 23:12:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2012.04.23 23:18:51 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.01.11 16:58:13 | 000,020,704 | ---- | C] () -- C:\Users\...\AppData\Roaming\UserTile.png
[2011.08.28 15:31:54 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.08.28 15:31:54 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.08.28 15:31:54 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.08.28 15:31:54 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.08.28 15:31:54 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.08.28 15:31:54 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.08.28 15:31:54 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.08.28 15:31:54 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.08.28 15:31:54 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.08.28 15:31:54 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.08.28 15:31:54 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.08.28 15:31:54 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.08.28 15:31:54 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.08.28 15:31:54 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.08.28 15:31:54 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.08.28 15:31:54 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.09.06 15:07:36 | 000,067,072 | ---- | C] () -- C:\Users\...\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.27 17:26:22 | 000,027,863 | ---- | C] () -- C:\Users\...\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.09.12 18:37:16 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\ACD Systems
[2012.11.01 13:59:43 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Amazon
[2012.09.30 13:09:53 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DVDVideoSoft
[2012.09.30 13:09:36 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.30 10:32:22 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Foxit Software
[2008.09.12 18:09:24 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\GHISLER
[2012.06.08 15:24:32 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\IrfanView
[2008.09.14 20:07:55 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\MAGIX
[2009.01.29 13:43:25 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Map Maker
[2011.03.06 17:16:16 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\PCDr
[2012.05.06 17:24:06 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\pdfforge
[2012.01.11 16:58:13 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\PeerNetworking
[2012.11.30 14:58:26 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Swiss Academic Software
[2010.07.16 14:51:01 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\...\Documents\IMG_7968.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\...\Documents\IMG_7958.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\...\Documents\IMG_7944.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\...\Documents\IMG_7894.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\...\Documents\MAGIX_Fotos_auf_CD_DVD_65_e-version:Roxio EMC Stream

< End of report >
Gmer - Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 20.01.2013 20:36:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\...\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,29% Memory free
6,21 Gb Paging File | 5,08 Gb Available in Paging File | 81,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,02 Gb Total Space | 186,42 Gb Free Space | 64,72% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 1,29 Gb Free Space | 12,90% Space Free | Partition Type: NTFS
 
Computer Name: ...-PC | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2339767433-1062430166-1985639694-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{507E94CE-C66B-4DE4-B6AD-267B84FAC6B4}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"{BA4FF2D5-E343-496F-96AF-B6012C7A55AD}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{237FBD77-363D-4CE4-9805-7C960545F3BD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{53701B50-27DC-4072-B9CC-569A745B5B6D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe | 
"{C4A2C34F-6353-4295-BE80-127241163D67}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{EA59F34A-8F9E-4A2C-B661-4909E818AA6B}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{5678B15A-504C-4A79-8554-05488A206E41}" = HD Writer AE 3.0
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{70B45586-B51E-4947-A258-A895596C5CED}" = Photo Loader 2.1G
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC589470-884E-4E15-96D8-437780F8185D}" = Super LoiLoScope WebShortcut
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B62A8A6F-5E48-4336-BF13-1632D5921872}" = PHOTOfunSTUDIO 6.0
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird (3.1)" = Mozilla Thunderbird (3.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PC-Doctor for Windows" = Dell Support Center
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 2.0.1
"Watermark Image_is1" = Watermark Image software version 2.1.4.1
"Winamp" = Winamp
"YTdetect" = Yahoo! Detect
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.05.2011 10:52:03 | Computer Name = ...-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 21.05.2011 10:52:04 | Computer Name = ...-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 23.05.2011 13:01:14 | Computer Name = ...-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.05.2011 13:02:08 | Computer Name = ...-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 23.05.2011 13:02:09 | Computer Name = ...-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 24.05.2011 07:48:37 | Computer Name = ...-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.05.2011 08:11:50 | Computer Name = ...-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung POWERPNT.EXE, Version 10.0.2623.0, Zeitstempel
 0x3a97ec1e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00067d5a,  Prozess-ID 0xbf4, Anwendungsstartzeit
 01cc1a0b50282b50.
 
Error - 24.05.2011 08:14:56 | Computer Name = ...-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung POWERPNT.EXE, Version 10.0.2623.0, Zeitstempel
 0x3a97ec1e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000673c0,  Prozess-ID 0x13ec, Anwendungsstartzeit
 01cc1a0bccd158c0.
 
Error - 24.05.2011 14:32:43 | Computer Name = ...-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.05.2011 04:26:12 | Computer Name = ...-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 15.01.2013 11:35:48 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.01.2013 05:50:03 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.01.2013 08:36:13 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.01.2013 06:05:11 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.01.2013 18:30:15 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.01.2013 05:02:19 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.01.2013 16:00:58 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.01.2013 03:27:25 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.01.2013 07:16:46 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.01.2013 12:16:40 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

Gmer.txt:

Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-20 23:23:31
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 Hitachi_HDP725032GLA360 rev.GM3OA5BA 298,09GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\...\AppData\Local\Temp\fglcquod.sys


---- System - GMER 2.0 ----

SSDT   8C3ABB96                       ZwCreateSection
SSDT   8C3ABBA0                       ZwRequestWaitReplyPort
SSDT   8C3ABB9B                       ZwSetContextThread
SSDT   8C3ABBA5                       ZwSetSecurityObject
SSDT   8C3ABBAA                       ZwSystemDebugControl
SSDT   8C3ABB37                       ZwTerminateProcess

---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!KeSetEvent + 215  822C18D8 4 Bytes  [96, BB, 3A, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 539  822C1BFC 4 Bytes  [A0, BB, 3A, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 56D  822C1C30 4 Bytes  [9B, BB, 3A, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 5D1  822C1C94 4 Bytes  [A5, BB, 3A, 8C]
.text  ntkrnlpa.exe!KeSetEvent + 619  822C1CDC 4 Bytes  [AA, BB, 3A, 8C]
.text  ...                            

---- EOF - GMER 2.0 ----
Jetzt wüsste ich natürlich gerne, was mit meinem PC passiert ist & wie ich das hoffentlich wieder beheben kann. Ich wäre Euch wirklich sehr dankbar, wenn mir jemand helfen könnte!
lg, me.

 

Themen zu TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista]
antivir, application/pdf:, autorun, avira, backdoor, bds/zeroaccess.gen, bho, converter, excel, firefox, flash player, install.exe, malware, netgear, ntdll.dll, programm, realtek, recycle.bin, security, software, super, system, total commander, tr/buzus.hlmnubac, tr/rogue.kdz.4040.1, tr/sirefef.p.1075, trojan.0access, usb


« Tastatur macht sich selbstständig (insb. 5, 6 u6nd Son^derzeichen) - Installation etc. Malwarebyte nicht möglich | Hohe Systemauslastung durh Avp.exe und services.exe; Internet-Zugang sehr langsam bis unmöglich »


Ähnliche Themen: TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista]


  1. Windows Vista: Anti-Vir hat TR/Buzus.KK.1425 gefunden und in Quarantäne gegeben.
    Log-Analyse und Auswertung - 25.01.2014 (3)
  2. Win 7/Avira: Entfernen von TR/Sirefef.A.40 (ZeroAccess) und ggf. weiterem
    Log-Analyse und Auswertung - 09.10.2013 (25)
  3. ZeroAccess / Sirefef - Bin ich ihn los?
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (11)
  4. GVU Trojaner Vista anfänger!
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (6)
  5. Trojaner Sirefef.AG.9 u. Sirefef.AL.50 in C:\$Recycle.Bin\, Vista-Sicherheitscenter u. Firewall nach anschl. VistaUpdate nicht mehr startbar
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (41)
  6. Infiziert mit Sirefef.gen!C und ZeroAccess 32/64.7
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (5)
  7. BDS/ZeroAccess.Gen - System Progressive Protection gefunden
    Log-Analyse und Auswertung - 26.11.2012 (21)
  8. Windows Vista - Infektion mit Sirefef, Sirefef.AB
    Log-Analyse und Auswertung - 21.10.2012 (32)
  9. ZeroAccess Trojaner in der Desktop.ini gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (11)
  10. multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess
    Log-Analyse und Auswertung - 29.08.2012 (13)
  11. win 32:Sirefef-AO und Malware.gen, win64:Sirefef-A gefunden von avast!
    Log-Analyse und Auswertung - 11.08.2012 (1)
  12. sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter.
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (37)
  13. Rogue.Smart HDD und Trojan.sirefef.J - HIIIIILFE
    Plagegeister aller Art und deren Bekämpfung - 18.04.2012 (3)
  14. Trojaner TR/Buzus.iias + TR/Buzus.ihys + Enthält Erkennungsmuster des Java-Scriptvirus JS/Agent.akm
    Plagegeister aller Art und deren Bekämpfung - 14.09.2011 (38)
  15. Buzus Trojaner gefunden, liegt in Quarantäne benötige aber noch Ratschläge
    Log-Analyse und Auswertung - 24.05.2010 (4)
  16. TR/Buzus.clsq gefunden in G:\Programme\RS Downloader\RSD 0.537Cu_sym\RSD.exe
    Plagegeister aller Art und deren Bekämpfung - 27.11.2009 (17)
  17. Virenfund: Buzus.rwd, winupd.exe. Keine Information gefunden.
    Plagegeister aller Art und deren Bekämpfung - 05.11.2008 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] - Guten Morgen liebes Anti-Trojaner-Team, vielen Dank erst einmal, dass Ihr hier so tolle Hilfe leistet! Als ich mal wieder mit dem CCleaner die temporären Dateien löschen wollte, meldete Avira Free - TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista]...
Archiv
Du betrachtest: TR/Sirefef.P, TR/Rogue.kdz, TR/Buzus & BDS/ZeroAccess.Gen gefunden - Anfänger! [Vista] auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27