| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: spam-mails von hotmail-account verschickt --> trojaner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.07.2012, 10:47
| #9 |
| |  spam-mails von hotmail-account verschickt --> trojaner? mir ist nichts großartiges aufgefallen. nur firefox macht seit geraumer zeit probleme, hängt sich desöfteren auf, braucht manchmal ungewöhnlich lange um seiten zu laden, etc. wenn wir mit dieser sache hier durch sind würd ich wahrscheinlich aber eh auf chrome umsteigen. wird ja hier im forum dem mozilla oft vorgezogen, so wie ich das hier rauslesen kann. zur sache mit dem farbar recovery scan. mir steht leider nur der "infizierte" pc zur verfügung. kann ich das tool trotzdem ganz normal mit firefox runterladen und dabei direkt auf den angeschlossenen usb-stick speichern oder führt das zu problemen? ------------------------------------------------------------------------------------ hab mir die datei heute von nem pc in der uni gezogen. ich denke, das ist der sicherste zu dem ich zugang habe (die it-leuten sollten das doch auf die reihe kriegen, hoff ich  jedenfalls hab ich das tool nun durchlaufen lassen: hier der scan Code:
ATTFilter Scan result of Farbar Recovery Scan Tool Version: 01-07-2012 01
Ran by SYSTEM at 02-07-2012 20:20:47
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [5977600 2009-12-22] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2009-10-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-01-23] (Sun Microsystems, Inc.)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-11-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-19] (Hewlett-Packard Company)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348624 2012-05-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [672760 2012-06-07] (Cisco Systems, Inc.)
HKU\Marilena\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [24264488 2009-06-02] (Skype Technologies S.A.)
HKU\Marilena\...\Policies\system: [DisableLockWorkstation] 0
HKU\Marilena\...\Policies\system: [DisableChangePassword] 0
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Services (Whitelisted) ======
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-01] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-01] (Avira Operations GmbH & Co. KG)
2 ezSharedSvc; C:\Windows\SysWow64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-09-30] (Intel Corporation)
2 vpnagent; "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe" [535544 2012-06-07] (Cisco Systems, Inc.)
========================== Drivers (Whitelisted) =============
3 acsock; C:\Windows\System32\DRIVERS\acsock64.sys [107432 2012-06-07] (Cisco Systems, Inc.)
2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-04-24] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-04-27] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2012-05-02] (Avira GmbH)
4 eabfiltr; [x]
========================== NetSvcs (Whitelisted) ===========
NETSVCx32: ezSharedSvc -> C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
============ One Month Created Files and Folders ==============
2012-07-01 09:18 - 2012-07-01 09:18 - 00019158 ____A C:\ComboFix.txt
2012-07-01 09:05 - 2012-07-01 09:18 - 00000000 ____D C:\Qoobox
2012-07-01 09:05 - 2012-07-01 09:17 - 00000000 ____D C:\Windows\erdnt
2012-07-01 09:05 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-01 09:05 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-01 09:05 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-01 09:05 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-01 09:05 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-01 09:05 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-01 09:05 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-01 09:05 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-01 08:57 - 2012-07-01 08:57 - 04568829 ____R (Swearware) C:\Users\Marilena\Downloads\ComboFix.exe
2012-07-01 02:09 - 2012-07-01 02:09 - 00004616 ____A C:\Windows\SysWOW64\jupdate-1.6.0_33-b03.log
2012-07-01 02:09 - 2012-05-09 02:18 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-07-01 02:09 - 2012-05-09 02:17 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-07-01 02:09 - 2012-05-09 02:17 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-30 05:27 - 2012-06-30 05:27 - 295055855 ____A C:\Windows\MEMORY.DMP
2012-06-30 05:27 - 2012-06-30 05:27 - 00270832 ____A C:\Windows\Minidump\063012-19141-01.dmp
2012-06-28 05:46 - 2012-06-28 05:46 - 00000000 ____D C:\Users\Marilena\AppData\Roaming\Malwarebytes
2012-06-28 05:46 - 2012-06-28 05:46 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-28 05:19 - 2012-06-28 05:19 - 00000000 ____A C:\Users\Marilena\Desktop\infos.txt
2012-06-28 04:59 - 2012-06-28 04:59 - 00000000 ____A C:\Users\Marilena\defogger_reenable
2012-06-28 04:39 - 2012-07-01 09:21 - 00000000 ____D C:\Users\Marilena\Desktop\neu
2012-06-23 00:34 - 2012-06-23 00:34 - 00000000 ____D C:\Users\Marilena\AppData\Local\Macromedia
2012-06-21 08:13 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 08:13 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 08:13 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 08:13 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 08:12 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 08:12 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 08:12 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 08:12 - 2012-06-02 05:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 08:12 - 2012-06-02 05:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-14 00:58 - 2012-05-14 20:01 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 00:58 - 2012-05-14 19:59 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 00:58 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 00:58 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 00:58 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 00:58 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-14 00:58 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-14 00:58 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-14 00:58 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-14 00:58 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 00:58 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-14 00:58 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-14 00:58 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-14 00:58 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-14 00:58 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-14 00:58 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-14 00:58 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-14 00:58 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-14 00:58 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 00:58 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 00:58 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 00:58 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 00:58 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-14 00:58 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 00:58 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 00:58 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 00:58 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-14 00:58 - 2012-04-19 19:45 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 00:58 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 00:58 - 2012-04-16 21:31 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 00:58 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 00:58 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-14 00:58 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-12 07:26 - 2012-06-12 07:26 - 00000000 ____A C:\Users\Marilena\Desktop\NICHT VERZAGEN, LUKAS FRAGEN!.txt
2012-06-12 06:43 - 2012-06-12 06:43 - 00000871 ____A C:\Users\Marilena\.recently-used.xbel
2012-06-12 06:31 - 2012-06-12 07:26 - 00000000 ____D C:\Users\Marilena\Desktop\Mama 50. Geburtstag - Kopie
2012-06-09 09:26 - 2012-06-12 12:10 - 00000000 ____D C:\Users\Marilena\Desktop\Mama 50. Geburtstag
2012-06-09 08:37 - 2012-06-09 08:56 - 00000000 ____D C:\Users\Marilena\Desktop\Weihnachten 2011
2012-06-09 08:37 - 2012-06-09 08:55 - 00000000 ____D C:\Users\Marilena\Desktop\Geburtstag 2011
2012-06-07 14:12 - 2012-06-07 14:12 - 00033784 ____A (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpnevents.dll
2012-06-07 14:12 - 2012-06-07 14:12 - 00010744 ____A (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpncategories.dll
============ 3 Months Modified Files ========================
2012-07-02 10:16 - 2012-03-31 22:46 - 01702999 ____A C:\Windows\WindowsUpdate.log
2012-07-02 09:59 - 2012-03-31 21:26 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-02 06:19 - 2010-01-23 14:31 - 00654166 ____A C:\Windows\System32\perfh007.dat
2012-07-02 06:19 - 2010-01-23 14:31 - 00130006 ____A C:\Windows\System32\perfc007.dat
2012-07-02 06:19 - 2009-07-13 21:13 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-02 00:48 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-02 00:48 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-02 00:41 - 2012-04-01 02:42 - 00008904 ____A C:\Windows\setupact.log
2012-07-02 00:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-01 09:18 - 2012-07-01 09:18 - 00019158 ____A C:\ComboFix.txt
2012-07-01 09:13 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-07-01 09:12 - 2012-05-13 01:43 - 00089984 ____A C:\Windows\PFRO.log
2012-07-01 08:57 - 2012-07-01 08:57 - 04568829 ____R (Swearware) C:\Users\Marilena\Downloads\ComboFix.exe
2012-07-01 02:09 - 2012-07-01 02:09 - 00004616 ____A C:\Windows\SysWOW64\jupdate-1.6.0_33-b03.log
2012-06-30 07:58 - 2011-11-12 03:20 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-06-30 07:58 - 2010-07-27 09:55 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-06-30 05:27 - 2012-06-30 05:27 - 295055855 ____A C:\Windows\MEMORY.DMP
2012-06-30 05:27 - 2012-06-30 05:27 - 00270832 ____A C:\Windows\Minidump\063012-19141-01.dmp
2012-06-28 05:19 - 2012-06-28 05:19 - 00000000 ____A C:\Users\Marilena\Desktop\infos.txt
2012-06-28 04:59 - 2012-06-28 04:59 - 00000000 ____A C:\Users\Marilena\defogger_reenable
2012-06-22 22:59 - 2012-03-31 21:26 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-22 22:59 - 2011-11-13 14:04 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-16 04:06 - 2009-07-13 20:45 - 00387728 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-16 02:57 - 2010-07-28 06:28 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-12 11:04 - 2010-07-29 02:43 - 00750080 __ASH C:\Users\Marilena\Desktop\Thumbs.db
2012-06-12 07:26 - 2012-06-12 07:26 - 00000000 ____A C:\Users\Marilena\Desktop\NICHT VERZAGEN, LUKAS FRAGEN!.txt
2012-06-12 06:43 - 2012-06-12 06:43 - 00000871 ____A C:\Users\Marilena\.recently-used.xbel
2012-06-07 14:12 - 2012-06-07 14:12 - 00033784 ____A (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpnevents.dll
2012-06-07 14:12 - 2012-06-07 14:12 - 00010744 ____A (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpncategories.dll
2012-06-07 13:55 - 2011-09-09 07:59 - 00107432 ___RA (Cisco Systems, Inc.) C:\Windows\System32\Drivers\acsock64.sys
2012-06-02 14:19 - 2012-06-21 08:13 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 08:13 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 08:13 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 08:12 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 08:12 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 08:13 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 08:12 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 05:19 - 2012-06-21 08:12 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 05:15 - 2012-06-21 08:12 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-17 07:27 - 2012-05-17 04:59 - 05368074 ____A C:\Users\Marilena\Documents\Gerome_Das maurische Bad.pptx
2012-05-14 20:01 - 2012-06-14 00:58 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:59 - 2012-06-14 00:58 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:03 - 2012-06-14 00:58 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:00 - 2012-06-14 00:58 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 17:32 - 2012-06-14 00:58 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 10:22 - 2012-05-14 10:20 - 99308192 ____A C:\Users\Marilena\Downloads\avira_free_antivirus_de.exe
2012-05-14 09:12 - 2012-05-14 09:12 - 02072385 ____A C:\Users\Marilena\Downloads\Die Toilette der Esther_Chasseriau.jpeg
2012-05-13 08:27 - 2009-07-13 21:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-09 11:56 - 2010-05-05 17:46 - 00027048 ____A (Cisco Systems, Inc.) C:\Windows\System32\Drivers\vpnva64.sys
2012-05-09 02:21 - 2012-05-18 00:45 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-09 02:21 - 2010-07-27 08:54 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-09 02:18 - 2012-07-01 02:09 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-09 02:17 - 2012-07-01 02:09 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-09 02:17 - 2012-07-01 02:09 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-04 03:06 - 2012-06-14 00:58 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-14 00:58 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-14 00:58 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-02 05:24 - 2012-05-14 10:37 - 00027760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys
2012-04-30 21:40 - 2012-06-14 00:58 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-14 00:58 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 00:20 - 2012-05-14 10:37 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-04-25 21:41 - 2012-06-14 00:58 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-14 00:58 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-14 00:58 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 14:32 - 2012-05-14 10:37 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-04-23 21:37 - 2012-06-14 00:58 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-14 00:58 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-14 00:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-14 00:58 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-14 00:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-14 00:58 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 21:00 - 2012-06-14 00:58 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-19 21:00 - 2012-06-14 00:58 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-19 20:57 - 2012-06-14 00:58 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-19 20:57 - 2012-06-14 00:58 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-19 20:57 - 2012-06-14 00:58 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-19 20:56 - 2012-06-14 00:58 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-19 20:56 - 2012-06-14 00:58 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-19 20:56 - 2012-06-14 00:58 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-19 19:45 - 2012-06-14 00:58 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 19:16 - 2012-06-14 00:58 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-18 10:56 - 2012-04-18 10:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 10:56 - 2012-04-18 10:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-16 21:31 - 2012-06-14 00:58 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-16 20:34 - 2012-06-14 00:58 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-07 04:31 - 2012-06-14 00:58 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-14 00:58 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 18%
Total physical RAM: 3957.86 MB
Available physical RAM: 3237.45 MB
Total Pagefile: 3956.01 MB
Available Pagefile: 3227.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:452.56 GB) (Free:379.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:12.9 GB) (Free:2.15 GB) NTFS
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1913 MB 0 B
Disk 2 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 452 GB 200 MB
Partition 3 Primary 12 GB 452 GB
Partition 4 Primary 103 MB 465 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 452 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 12 GB Healthy
==================================================================================
Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1912 MB 252 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 1912 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-06-29 04:15
======================= End Of Log ==========================
|
| Themen zu spam-mails von hotmail-account verschickt --> trojaner? |
| adobe, antivir, application/pdf, application/pdf:, autorun, avira, bho, bingbar, bonjour, desktop, document, error, explorer, firefox, firefox 13.0.1, flash player, format, hackangriff, helper, home, hotmail, mail-account, mailadresse, microsoft fix it, mozilla, object, plug-in, realtek, registry, scan, searchscopes, senden, software, tracker, trojaner, trojaner?, viele viren, windows |
Baum-Darstellung