| DerTutNix | 04.09.2012 12:14 |
Avira meldet 2 unerwünschte Programme
Hallo liebes Forum,
Avira meldet seit ein paar Tagen Bösewichter. Es wäre echt klasse, wenn ihr mir Tipps zum entfernen geben würdet!
Hier emeplarische Details von Avira: Code:
In der Datei 'C:\$Recycle.Bin\S-1-5-18\$ab1bf9ee64450b123368f522d976a14e\U\80000000.@'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Code:
In der Datei 'C:\$Recycle.Bin\S-1-5-18\$ab1bf9ee64450b123368f522d976a14e\U\800000cb.@'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Code:
In der Datei 'C:\$Recycle.Bin\S-1-5-21-555615558-1492823023-298548586-1000\$R1C5IQM.exe'
wurde ein Virus oder unerwünschtes Programm 'SPR/Tool.Keygen.1594' [riskware] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
Das hier sagt Malware: Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.09.04.02
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
me :: ME-PC [Administrator]
Schutz: Aktiviert
04.09.2012 11:03:53
malwarebytes-log-2012-09-04 (12-05-48)
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 295431
Laufzeit: 1 Stunde(n), 44 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 2
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-18\$ab1bf9ee64450b123368f522d976a14e\n.) Gut: (fastprox.dll) -> Keine Aktion durchgeführt.
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-555615558-1492823023-298548586-1000\$ab1bf9ee64450b123368f522d976a14e\n.) Gut: (shell32.dll) -> Keine Aktion durchgeführt.
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 5
C:\$Recycle.Bin\S-1-5-18\$ab1bf9ee64450b123368f522d976a14e\n (RootKit.0Access) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-18\$ab1bf9ee64450b123368f522d976a14e\U\00000001.@ (Trojan.0Access) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-18\$ab1bf9ee64450b123368f522d976a14e\U\80000000.@ (Trojan.0Access) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-18\$ab1bf9ee64450b123368f522d976a14e\U\800000cb.@ (Trojan.0Access) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-21-555615558-1492823023-298548586-1000\$ab1bf9ee64450b123368f522d976a14e\n (RootKit.0Access) -> Keine Aktion durchgeführt.
(Ende)
Das hier OTL:
OTL Logfile: Code:
OTL logfile created on: 04.09.2012 12:10:15 - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\me\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,86 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 45,75% Memory free
3,73 Gb Paging File | 2,47 Gb Available in Paging File | 66,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 40,92 Gb Free Space | 69,83% Space Free | Partition Type: NTFS
Drive D: | 174,28 Gb Total Space | 24,33 Gb Free Space | 13,96% Space Free | Partition Type: NTFS
Computer Name: ME-PC | User Name: me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.09.04 12:08:21 | 000,050,477 | ---- | M] () -- C:\Users\me\Desktop\Defogger.exe
PRC - [2012.09.04 11:43:30 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\me\Desktop\OTL.exe
PRC - [2012.08.09 19:17:34 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.19 16:49:21 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.05.08 20:01:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 20:01:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 20:01:16 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.12.24 13:21:28 | 000,111,536 | ---- | M] (CSR, plc) -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
PRC - [2009.12.24 13:21:00 | 000,504,208 | ---- | M] (CSR, plc) -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
PRC - [2009.11.26 10:35:12 | 000,128,360 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
PRC - [2009.11.01 18:04:50 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.01 18:04:44 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.15 19:59:26 | 000,138,088 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2009.10.15 19:59:26 | 000,033,640 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
PRC - [2009.10.15 19:59:26 | 000,017,256 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
PRC - [2009.10.14 10:47:22 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2009.10.09 22:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2009.07.27 19:50:32 | 000,144,744 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
PRC - [2009.07.27 19:50:30 | 000,062,824 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
========== Modules (No Company Name) ==========
MOD - [2012.09.04 12:08:21 | 000,050,477 | ---- | M] () -- C:\Users\me\Desktop\Defogger.exe
MOD - [2012.07.19 16:49:21 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
========== Services (SafeList) ==========
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.19 16:49:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.08 20:01:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 20:01:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.07 22:42:22 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.10 23:31:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.12.24 13:21:28 | 000,111,536 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService)
SRV - [2009.11.01 18:04:50 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.11.01 18:04:44 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.07.27 19:50:30 | 000,062,824 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 20:01:17 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 20:01:17 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.02.24 22:13:05 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.27 06:13:00 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009.11.06 13:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.11.01 18:04:44 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.10.26 13:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2006.11.01 20:59:24 | 000,005,632 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2006.11.01 20:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 1B 50 18 23 F3 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {778D4E56-B10E-45A6-8761-3EE9B11DA81F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{778D4E56-B10E-45A6-8761-3EE9B11DA81F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 16:49:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 16:49:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012.04.19 21:07:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Extensions
[2012.02.24 20:43:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\extensions
[2012.02.24 20:43:24 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2012.09.03 19:47:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\ftfhxdw0.default\extensions
[2012.05.15 19:45:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\ftfhxdw0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.06.09 09:56:55 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\ftfhxdw0.default\extensions\anttoolbar@ant.com
[2012.05.17 18:39:56 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\ftfhxdw0.default\extensions\ich@maltegoetz.de
[2012.09.03 19:47:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\ftfhxdw0.default\extensions\staged
[2012.03.18 13:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.19 16:49:21 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc)
O4 - HKLM..\Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc)
O4 - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3957D5F5-896B-4EA7-9005-1B05BDD40367}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{44a312a1-5f25-11e1-a361-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{44a312a1-5f25-11e1-a361-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{eb7ac3e2-5fa4-11e1-ae45-e0ca94951586}\Shell - "" = AutoRun
O33 - MountPoints2\{eb7ac3e2-5fa4-11e1-ae45-e0ca94951586}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.09.04 12:06:19 | 000,000,000 | ---D | C] -- C:\Users\me\Desktop\trojaner
[2012.09.04 12:06:05 | 000,000,000 | ---D | C] -- C:\Users\me\Desktop\New folder
[2012.09.04 11:43:23 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\me\Desktop\OTL.exe
[2012.09.03 20:55:27 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Malwarebytes
[2012.09.03 20:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.03 20:55:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.03 20:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.03 20:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.02 19:49:24 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\Canon
[2012.09.02 19:49:06 | 000,000,000 | ---D | C] -- C:\Users\me\Documents\My Albums
[2012.09.02 19:49:06 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\ArcSoft
[2012.09.02 19:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoBase
[2012.09.02 19:43:05 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\pcdlib32.dll
[2012.09.02 19:35:45 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\PCDLIB32.DLL
[2012.09.02 19:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoStudio
[2012.09.02 19:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2012.09.02 19:33:50 | 000,389,180 | ---- | C] (Canon) -- C:\Windows\System32\UCS32P.DLL
[2012.09.02 19:33:50 | 000,000,000 | -H-D | C] -- C:\CanoScan
[2012.09.02 19:16:45 | 000,000,000 | ---D | C] -- C:\Users\me\Desktop\German
[2012.09.02 17:09:25 | 000,000,000 | ---D | C] -- C:\Users\me\Desktop\lala
[2012.09.01 20:54:01 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\{A39CF6EC-F2D1-05AB-30ED-C71D0EDAA185}
[2012.08.20 18:14:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.12 17:46:26 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Local\Microsoft Games
[2012.08.12 17:05:04 | 000,000,000 | ---D | C] -- C:\Users\me\Desktop\2012
[2012.08.06 16:08:08 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\vlc
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.09.04 12:09:19 | 000,000,000 | ---- | M] () -- C:\Users\me\defogger_reenable
[2012.09.04 12:08:21 | 000,050,477 | ---- | M] () -- C:\Users\me\Desktop\Defogger.exe
[2012.09.04 11:43:30 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\me\Desktop\OTL.exe
[2012.09.04 11:17:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.04 10:55:41 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 10:55:41 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 10:48:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.04 10:48:12 | 1500,946,432 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.03 20:55:25 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.03 20:08:42 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.03 20:08:42 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.02 19:59:47 | 000,118,606 | ---- | M] () -- C:\Users\me\Desktop\f2.jpg
[2012.09.02 19:59:05 | 000,508,361 | ---- | M] () -- C:\Users\me\Desktop\f1.jpg
[2012.09.02 19:58:02 | 000,321,659 | ---- | M] () -- C:\Users\me\Desktop\b1.jpg
[2012.09.02 19:57:08 | 000,577,713 | ---- | M] () -- C:\Users\me\Desktop\front1.jpg
[2012.09.02 19:53:16 | 000,390,359 | ---- | M] () -- C:\Users\me\Desktop\back.jpg
[2012.09.02 19:14:33 | 004,767,744 | ---- | M] () -- C:\Users\me\Desktop\s3A01dex.exe
[2012.08.28 19:01:46 | 048,798,522 | ---- | M] () -- C:\Users\me\Desktop\***.pdf
[2012.08.16 22:55:45 | 000,412,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.11 14:10:22 | 002,306,751 | ---- | M] () -- C:\Users\me\Desktop\SAM_0689.JPG
[2012.08.09 19:24:24 | 000,939,956 | ---- | M] () -- C:\Users\me\Desktop\lala.pdf
[2012.08.09 13:23:38 | 002,676,917 | ---- | M] () -- C:\Users\me\Desktop\SAM_0666.JPG
[2012.08.08 19:08:38 | 000,939,742 | ---- | M] () -- C:\Users\me\Desktop\lala1.pdf
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.09.04 12:09:19 | 000,000,000 | ---- | C] () -- C:\Users\me\defogger_reenable
[2012.09.04 12:08:20 | 000,050,477 | ---- | C] () -- C:\Users\me\Desktop\Defogger.exe
[2012.09.03 20:55:25 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.02 19:59:46 | 000,118,606 | ---- | C] () -- C:\Users\me\Desktop\f2.jpg
[2012.09.02 19:59:05 | 000,508,361 | ---- | C] () -- C:\Users\me\Desktop\f1.jpg
[2012.09.02 19:58:02 | 000,321,659 | ---- | C] () -- C:\Users\me\Desktop\b1.jpg
[2012.09.02 19:57:07 | 000,577,713 | ---- | C] () -- C:\Users\me\Desktop\front1.jpg
[2012.09.02 19:53:16 | 000,390,359 | ---- | C] () -- C:\Users\me\Desktop\back.jpg
[2012.09.02 19:14:31 | 004,767,744 | ---- | C] () -- C:\Users\me\Desktop\s3A01dex.exe
[2012.08.28 18:58:33 | 048,798,522 | ---- | C] () -- C:\Users\me\Desktop\***.pdf
[2012.08.12 17:15:49 | 002,676,917 | ---- | C] () -- C:\Users\me\Desktop\SAM_0666.JPG
[2012.08.12 17:13:08 | 002,306,751 | ---- | C] () -- C:\Users\me\Desktop\SAM_0689.JPG
[2012.08.08 19:08:07 | 000,939,742 | ---- | C] () -- C:\Users\me\Desktop\***.pdf
[2012.08.08 19:07:17 | 000,939,956 | ---- | C] () -- C:\Users\me\Desktop\***.pdf
[2012.03.06 20:53:16 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2012.02.24 20:29:32 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
========== LOP Check ==========
[2012.09.04 10:55:40 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\BitTorrent
[2012.09.02 19:56:07 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Canon
[2012.03.15 15:18:42 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Exif Viewer
[2012.02.24 21:26:59 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\OpenCandy
[2012.02.25 15:17:48 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\TrueCrypt
[2012.07.15 10:51:07 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
--- --- ---
[/code]
Die Ergebnisse von Gmer:
Extras:
OTL Logfile: Code:
OTL Extras logfile created on: 04.09.2012 12:10:15 - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\me\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,86 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 45,75% Memory free
3,73 Gb Paging File | 2,47 Gb Available in Paging File | 66,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 40,92 Gb Free Space | 69,83% Space Free | Partition Type: NTFS
Drive D: | 174,28 Gb Total Space | 24,33 Gb Free Space | 13,96% Space Free | Partition Type: NTFS
Computer Name: ME-PC | User Name: me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{0439D13F-C7CD-458A-90DE-44135CBD40B8}" = Bluetooth Feature Pack 5.0
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2BDE2BF2-AD90-4191-B3C8-D0046CE54916}" = Fujitsu Display Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"BitTorrent" = BitTorrent
"BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exif-Viewer" = Exif-Viewer 2.50
"InstallShield_{2BDE2BF2-AD90-4191-B3C8-D0046CE54916}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueCrypt" = TrueCrypt
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.08.2012 15:48:48 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp:
0x5007ce85 Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4b2f74fe Exception code: 0xc0000005 Fault offset: 0x6a3de617 Faulting
process id: 0x6fc Faulting application start time: 0x01cd78c31fc968f2 Faulting application
path: S:\VLCPortable\App\vlc\vlc.exe Faulting module path: CSRBthFtpShellExt.dll
Report
Id: bb9245e0-e4b6-11e1-b4db-e0ca94951586
Error - 12.08.2012 15:48:54 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp:
0x5007ce85 Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4b2f74fe Exception code: 0xc0000005 Fault offset: 0x6a387e2e Faulting
process id: 0x6fc Faulting application start time: 0x01cd78c31fc968f2 Faulting application
path: S:\VLCPortable\App\vlc\vlc.exe Faulting module path: CSRBthFtpShellExt.dll
Report
Id: be992898-e4b6-11e1-b4db-e0ca94951586
Error - 19.08.2012 17:18:28 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp:
0x5007ce85 Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4b2f74fe Exception code: 0xc0000005 Fault offset: 0x6bcde617 Faulting
process id: 0xf88 Faulting application start time: 0x01cd7e4fcba965d8 Faulting application
path: U:\VLCPortable\App\vlc\vlc.exe Faulting module path: CSRBthFtpShellExt.dll
Report
Id: 6aa1e905-ea43-11e1-b31c-e0ca94951586
Error - 19.08.2012 17:18:31 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp:
0x5007ce85 Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4b2f74fe Exception code: 0xc0000005 Fault offset: 0x6bc87e2e Faulting
process id: 0xf88 Faulting application start time: 0x01cd7e4fcba965d8 Faulting application
path: U:\VLCPortable\App\vlc\vlc.exe Faulting module path: CSRBthFtpShellExt.dll
Report
Id: 6c972982-ea43-11e1-b31c-e0ca94951586
Error - 23.08.2012 17:54:39 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp:
0x5007ce85 Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4b2f74fe Exception code: 0xc0000005 Fault offset: 0x6de0e617 Faulting
process id: 0xebc Faulting application start time: 0x01cd81799635d5aa Faulting application
path: U:\VLCPortable\App\vlc\vlc.exe Faulting module path: CSRBthFtpShellExt.dll
Report
Id: 2278a5ef-ed6d-11e1-b31a-e0ca94951586
Error - 23.08.2012 17:54:43 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp:
0x5007ce85 Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4b2f74fe Exception code: 0xc0000005 Fault offset: 0x6ddb7e2e Faulting
process id: 0xebc Faulting application start time: 0x01cd81799635d5aa Faulting application
path: U:\VLCPortable\App\vlc\vlc.exe Faulting module path: CSRBthFtpShellExt.dll
Report
Id: 24b772a6-ed6d-11e1-b31a-e0ca94951586
Error - 30.08.2012 15:49:50 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp:
0x5007ce85 Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4b2f74fe Exception code: 0xc0000005 Fault offset: 0x6c65e617 Faulting
process id: 0x8cc Faulting application start time: 0x01cd86e83177147a Faulting application
path: U:\VLCPortable\App\vlc\vlc.exe Faulting module path: CSRBthFtpShellExt.dll
Report
Id: dbdf9688-f2db-11e1-b42d-e0ca94951586
Error - 30.08.2012 15:50:05 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp:
0x5007ce85 Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4b2f74fe Exception code: 0xc0000005 Fault offset: 0x6c607e2e Faulting
process id: 0x8cc Faulting application start time: 0x01cd86e83177147a Faulting application
path: U:\VLCPortable\App\vlc\vlc.exe Faulting module path: CSRBthFtpShellExt.dll
Report
Id: e495f802-f2db-11e1-b42d-e0ca94951586
Error - 01.09.2012 08:59:45 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp:
0x5007ce85 Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4b2f74fe Exception code: 0xc0000005 Fault offset: 0x72d4e617 Faulting
process id: 0xde4 Faulting application start time: 0x01cd88415d9c27ad Faulting application
path: U:\VLCPortable\App\vlc\vlc.exe Faulting module path: CSRBthFtpShellExt.dll
Report
Id: e6f51918-f434-11e1-b200-e0ca94951586
Error - 01.09.2012 08:59:55 | Computer Name = me-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.3.0, time stamp:
0x5007ce85 Faulting module name: CSRBthFtpShellExt.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4b2f74fe Exception code: 0xc0000005 Fault offset: 0x72cf7e2e Faulting
process id: 0xde4 Faulting application start time: 0x01cd88415d9c27ad Faulting application
path: U:\VLCPortable\App\vlc\vlc.exe Faulting module path: CSRBthFtpShellExt.dll
Report
Id: ecf1ffa9-f434-11e1-b200-e0ca94951586
[ System Events ]
Error - 15.07.2012 06:09:58 | Computer Name = me-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 16.07.2012 14:52:57 | Computer Name = me-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Update service terminated with the following error: %%-2147467243
Error - 20.07.2012 15:55:44 | Computer Name = me-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 20.07.2012 15:55:45 | Computer Name = me-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 28.07.2012 10:58:46 | Computer Name = me-PC | Source = DCOM | ID = 10010
Description =
Error - 28.07.2012 14:13:14 | Computer Name = me-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 30.07.2012 14:28:48 | Computer Name = me-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.
Error - 02.08.2012 21:37:48 | Computer Name = me-PC | Source = DCOM | ID = 10010
Description =
Error - 04.08.2012 15:15:17 | Computer Name = me-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 07.08.2012 04:37:36 | Computer Name = me-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
< End of report >
--- --- ---
gmer.txt
GMER Logfile: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-04 12:33:51
Windows 6.1.7600
Running: 05r35u7c.exe; Driver: C:\Users\me\AppData\Local\Temp\pxldypoc.sys
---- System - GMER 1.0.15 ----
SSDT 8E508FC6 ZwCreateSection
SSDT 8E508FD0 ZwRequestWaitReplyPort
SSDT 8E508FCB ZwSetContextThread
SSDT 8E508FD5 ZwSetSecurityObject
SSDT 8E508FDA ZwSystemDebugControl
SSDT 8E508F67 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82C7A599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C9F092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 340 82CA6990 4 Bytes [C6, 8F, 50, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 69C 82CA6CEC 4 Bytes [D0, 8F, 50, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 6E0 82CA6D30 4 Bytes [CB, 8F, 50, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 75C 82CA6DAC 4 Bytes [D5, 8F, 50, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B0 82CA6E00 4 Bytes [DA, 8F, 50, 8E]
.text ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000075 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000075 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000077 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000077 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library c:\windows\system32\z (*** hidden *** ) @ C:\Windows\system32\svchost.exe [872] 0x45670000
Library c:\windows\system32\z (*** hidden *** ) @ C:\Windows\Explorer.EXE [1716] 0x45670000
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0ca94951586
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0ca94951586 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
--- --- ---
Beste Grüße
DTN
P.S. Habe darüber nachgedacht, wie mein PC infiziert wurden konnte, da ich nur auf main-stream Sites unterwegs bin. Ich kannmich dunkel erinnern....so muss das auch bei mir gewesen sein....ein gefaktes Adobe update... hxxp://forum.avira.com/wbb/index.php?page=Thread&threadID=147672 |
