|
Log-Analyse und Auswertung: Telekom Brief - ZeuS/ZBot InfektionWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
21.11.2013, 13:51 | #1 |
| Telekom Brief - ZeuS/ZBot Infektion Hallo, ich habe nun ebenfalls den berüchtigten Telekom-Brief mit der Warnung vor dem Online-Banking-Trojaner erhalten. An meinem Anschluß sind 4 potenzielle Kandidaten angeschlossen. Wie kann ich den befallenen Rechner identifizieren? Habe bereits Avast Antiviren Software, Spybot, Avira EU, Hitman ohne Befund durchlaufen lassen. Bin ich nun infiziert ?? Habe auch schon die ersten Schritte durchlaufen lassen (Defogger, Gmer, OTL) Hoffe mir kann dabei jemand helfen. DANKE |
21.11.2013, 13:55 | #2 |
/// the machine /// TB-Ausbilder | Telekom Brief - ZeuS/ZBot Infektion hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
21.11.2013, 14:06 | #3 |
| Telekom Brief - ZeuS/ZBot Infektion Super schnelle Antwort, DANKE
__________________Hier die Log-Dateien FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013 Ran by Daniel (administrator) on PCD on 21-11-2013 14:02:38 Running from D:\Downloads Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Samsung Electronics Co., Ltd.) C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe (Simplygen) C:\Program Files\HomeTab\ProtectedSearch.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [614400 2009-08-14] () HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.) HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-20] (AVAST Software) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.) HKCU\...\Policies\Explorer: [NoRecentDocsNetHood] 1 HKCU\...\Policies\Explorer: [NoInternetOpenWith] 1 MountPoints2: {6870ce5d-3ac3-11e2-83d9-87ef374c2498} - F:\HTC_Sync_Manager_PC.exe MountPoints2: {fdab335b-2d4b-11e1-ac3e-005056c00008} - F:\DPFMate.exe BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE56C893D18ADCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: HomeTab - {a25e7121-3dd8-41b3-855b-756c5bc45449} - C:\Users\Daniel\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech Ltd.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - HomeTab - {a25e7121-3dd8-41b3-855b-756c5bc45449} - C:\Users\Daniel\AppData\Roaming\HomeTab\HomeTab.dll (Simply Tech Ltd.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{6E59F9D5-6B73-4040-9B95-C7728A07124B}: [NameServer]192.168.236.115 FireFox: ======== FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ynabmj2x.default FF NewTab: about:home FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: vis - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ynabmj2x.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM FF Extension: HomeTab - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ynabmj2x.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947} FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ynabmj2x.default\Extensions\WTB_GLOBAL.sqlite FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ynabmj2x.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ynabmj2x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-20] (AVAST Software) R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-11-20] (SurfRight B.V.) R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [165888 2010-05-27] (Samsung Electronics Co., Ltd.) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-11-20] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-11-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-11-20] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-20] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-11-20] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-11-20] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-11-20] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-11-20] () R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64000 2009-07-13] (AVM GmbH) S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com) S3 etdrv; C:\Windows\etdrv.sys [17488 2011-06-29] (Windows (R) 2000 DDK provider) R3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [559104 2009-07-13] (AVM Berlin) S3 gdrv; C:\Windows\gdrv.sys [17488 2011-06-29] (Windows (R) 2000 DDK provider) S3 amdiox86; system32\DRIVERS\amdiox86.sys [x] U5 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2011-06-29] () S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x] U3 pxldapow; \??\C:\Users\Daniel\AppData\Local\Temp\pxldapow.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-21 14:02 - 2013-11-21 14:02 - 00000000 ____D C:\FRST 2013-11-21 12:57 - 2013-11-21 12:57 - 00000000 _____ C:\Users\Daniel\defogger_reenable 2013-11-20 16:52 - 2013-11-20 16:52 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-11-20 16:25 - 2013-11-21 09:59 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2013-11-20 16:24 - 2013-11-21 09:59 - 00000000 ____D C:\ProgramData\HitmanPro 2013-11-20 16:24 - 2013-11-20 16:25 - 00000000 ____D C:\Program Files\HitmanPro 2013-11-20 13:37 - 2013-11-20 13:37 - 00002027 _____ C:\Users\Daniel\Desktop\Entfernen des Avira EU-Cleaners.lnk 2013-11-20 13:37 - 2013-11-20 13:37 - 00001971 _____ C:\Users\Daniel\Desktop\Avira EU-Cleaner.lnk 2013-11-20 10:12 - 2013-11-20 10:12 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\AVAST Software 2013-11-20 09:26 - 2013-11-20 09:26 - 00002047 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-11-18 09:43 - 2013-11-18 09:43 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-14 13:36 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-14 13:36 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-14 13:36 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-14 13:36 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-14 13:36 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-14 13:36 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-14 13:36 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-11-14 13:36 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-14 13:36 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-14 13:36 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-14 13:36 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-14 13:36 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-14 13:36 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-14 13:36 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-14 13:36 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-14 13:36 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-14 13:36 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-14 13:36 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-10-23 13:55 - 2013-10-23 13:55 - 00000000 ____D C:\Program Files\CSS Group 2013-10-23 13:54 - 2013-10-23 13:54 - 00000000 ____D C:\Windows\Downloaded Installations 2013-10-23 13:19 - 2013-10-23 13:19 - 00001883 _____ C:\Users\Public\Desktop\SWX-Auftrag.lnk 2013-10-23 13:19 - 2013-10-23 13:19 - 00000000 ____D C:\Program Files\SWX-Auftrag 2013-10-23 13:19 - 2013-10-23 13:19 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition 2013-10-23 13:18 - 2013-10-23 13:18 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Windows Net Data 2013-10-23 13:18 - 2013-10-23 13:18 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\SimplyTech 2013-10-23 13:18 - 2013-10-23 13:18 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\HomeTab 2013-10-23 13:18 - 2013-10-23 13:18 - 00000000 ____D C:\Program Files\HomeTab 2013-10-23 13:18 - 2013-08-13 07:38 - 00032328 _____ C:\Windows\Launcher.exe 2013-10-23 13:17 - 2013-10-23 13:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\DownloadGuide 2013-10-23 12:39 - 2013-10-23 12:39 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-10-23 12:39 - 2013-10-23 12:39 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-10-23 12:39 - 2013-10-23 12:39 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-10-23 12:39 - 2013-10-23 12:39 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll ==================== One Month Modified Files and Folders ======= 2013-11-21 14:02 - 2013-11-21 14:02 - 00000000 ____D C:\FRST 2013-11-21 13:58 - 2011-06-20 11:22 - 02020926 _____ C:\Windows\WindowsUpdate.log 2013-11-21 13:43 - 2013-09-10 08:18 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-21 12:57 - 2013-11-21 12:57 - 00000000 _____ C:\Users\Daniel\defogger_reenable 2013-11-21 12:57 - 2011-06-20 11:30 - 00000000 ____D C:\Users\Daniel 2013-11-21 12:49 - 2013-03-13 15:30 - 00000000 ____D C:\ProgramData\Adobe 2013-11-21 12:49 - 2013-03-13 15:28 - 00000000 ____D C:\Program Files\Adobe 2013-11-21 12:49 - 2013-03-13 15:25 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-11-21 12:49 - 2011-06-21 12:54 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Adobe 2013-11-21 12:48 - 2011-06-20 11:33 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-21 12:29 - 2009-07-14 05:34 - 00016848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-21 12:29 - 2009-07-14 05:34 - 00016848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-21 09:59 - 2013-11-20 16:25 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2013-11-21 09:59 - 2013-11-20 16:24 - 00000000 ____D C:\ProgramData\HitmanPro 2013-11-21 09:44 - 2011-07-05 11:30 - 00005282 _____ C:\Windows\setupact.log 2013-11-21 09:44 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-20 16:52 - 2013-11-20 16:52 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-11-20 16:25 - 2013-11-20 16:24 - 00000000 ____D C:\Program Files\HitmanPro 2013-11-20 13:37 - 2013-11-20 13:37 - 00002027 _____ C:\Users\Daniel\Desktop\Entfernen des Avira EU-Cleaners.lnk 2013-11-20 13:37 - 2013-11-20 13:37 - 00001971 _____ C:\Users\Daniel\Desktop\Avira EU-Cleaner.lnk 2013-11-20 13:36 - 2011-06-21 13:43 - 00000000 ____D C:\Vertragsmanager 2013-11-20 10:12 - 2013-11-20 10:12 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\AVAST Software 2013-11-20 10:11 - 2011-06-21 11:38 - 00136928 _____ C:\Windows\PFRO.log 2013-11-20 09:26 - 2013-11-20 09:26 - 00002047 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-11-20 09:26 - 2013-03-14 08:57 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-11-20 09:26 - 2013-03-14 08:57 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2013-11-20 09:26 - 2012-03-30 12:09 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2013-11-20 09:26 - 2012-02-02 17:00 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-11-20 09:26 - 2012-02-02 17:00 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-11-20 09:26 - 2012-02-02 17:00 - 00269216 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-11-20 09:26 - 2012-02-02 17:00 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2013-11-20 09:26 - 2012-02-02 17:00 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2013-11-20 09:26 - 2012-02-02 17:00 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-11-20 09:26 - 2012-02-02 17:00 - 00035656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys 2013-11-20 09:23 - 2012-02-02 17:00 - 00000000 ____D C:\ProgramData\AVAST Software 2013-11-20 09:23 - 2009-07-14 03:04 - 00002577 _____ C:\Windows\system32\config.nt 2013-11-19 09:01 - 2012-05-03 11:40 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-11-18 09:43 - 2013-11-18 09:43 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-15 12:55 - 2011-10-14 14:28 - 00007168 _____ C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-11-15 10:01 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache 2013-11-15 09:06 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE 2013-11-14 14:58 - 2011-06-21 11:23 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-11-14 14:57 - 2013-08-19 09:05 - 00000000 ____D C:\Windows\system32\MRT 2013-11-14 14:55 - 2011-06-20 11:51 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-13 11:15 - 2011-06-29 14:12 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Canon 2013-10-25 11:02 - 2013-10-01 15:13 - 00000000 ____D C:\Users\Daniel\AppData\Local\JDownloader v2.0 2013-10-25 10:47 - 2013-01-07 14:13 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\MyPhoneExplorer 2013-10-23 13:55 - 2013-10-23 13:55 - 00000000 ____D C:\Program Files\CSS Group 2013-10-23 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-10-23 13:54 - 2013-10-23 13:54 - 00000000 ____D C:\Windows\Downloaded Installations 2013-10-23 13:19 - 2013-10-23 13:19 - 00001883 _____ C:\Users\Public\Desktop\SWX-Auftrag.lnk 2013-10-23 13:19 - 2013-10-23 13:19 - 00000000 ____D C:\Program Files\SWX-Auftrag 2013-10-23 13:19 - 2013-10-23 13:19 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition 2013-10-23 13:19 - 2013-10-23 13:17 - 00000000 ____D C:\Users\Daniel\AppData\Local\DownloadGuide 2013-10-23 13:18 - 2013-10-23 13:18 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Windows Net Data 2013-10-23 13:18 - 2013-10-23 13:18 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\SimplyTech 2013-10-23 13:18 - 2013-10-23 13:18 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\HomeTab 2013-10-23 13:18 - 2013-10-23 13:18 - 00000000 ____D C:\Program Files\HomeTab 2013-10-23 13:18 - 2011-06-22 08:53 - 00000000 ____D C:\Users\Daniel\AppData\Local\Google 2013-10-23 12:39 - 2013-10-23 12:39 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-10-23 12:39 - 2013-10-23 12:39 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-10-23 12:39 - 2013-10-23 12:39 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-10-23 12:39 - 2013-10-23 12:39 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-10-23 12:39 - 2013-10-10 15:15 - 00000000 ____D C:\ProgramData\Oracle 2013-10-23 12:39 - 2011-08-02 09:54 - 00000000 ____D C:\Program Files\Java Some content of TEMP: ==================== C:\Users\Daniel\AppData\Local\Temp\swt-win32-3448.dll C:\Users\Daniel\AppData\Local\Temp\_is2C8B.exe C:\Users\Daniel\AppData\Local\Temp\_is513F.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-20 09:40 ==================== End Of Log ============================ [/CODE] ADDITION: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-11-2013 Ran by Daniel at 2013-11-21 14:02:58 Running from D:\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) 7-Zip 9.20 Adobe Flash Player 10 ActiveX (Version: 10.0.12.36) Adobe Flash Player 11 Plugin (Version: 11.9.900.117) Amazon MP3-Downloader 1.0.17 (Version: 1.0.17) AMD USB Filter Driver (Version: 1.0.11.86) ATI Catalyst Install Manager (Version: 3.0.736.0) AutoBinaryEA (Version: 1.1.4895.24226) avast! Free Antivirus (Version: 9.0.2008) BeCyBookKeeper (Version: 2.43.0) CAO-Faktura 1.4 (Version: 1.4.2.9) Catalyst Control Center Core Implementation (Version: 2009.0730.58.43017) Catalyst Control Center Graphics Full Existing (Version: 2009.0730.58.43017) Catalyst Control Center Graphics Full New (Version: 2009.0730.58.43017) Catalyst Control Center Graphics Light (Version: 2009.0730.58.43017) Catalyst Control Center Graphics Previews Common (Version: 2009.0714.2132.36830) Catalyst Control Center Graphics Previews Vista (Version: 2009.0730.58.43017) Catalyst Control Center InstallProxy (Version: 2009.0730.58.43017) Catalyst Control Center Localization All (Version: 2009.0730.58.43017) CCC Help Chinese Standard (Version: 2009.0730.0057.43017) CCC Help Chinese Traditional (Version: 2009.0730.0057.43017) CCC Help Czech (Version: 2009.0730.0057.43017) CCC Help Danish (Version: 2009.0730.0057.43017) CCC Help Dutch (Version: 2009.0730.0057.43017) CCC Help English (Version: 2009.0730.0057.43017) CCC Help Finnish (Version: 2009.0730.0057.43017) CCC Help French (Version: 2009.0730.0057.43017) CCC Help German (Version: 2009.0730.0057.43017) CCC Help Greek (Version: 2009.0730.0057.43017) CCC Help Hungarian (Version: 2009.0730.0057.43017) CCC Help Italian (Version: 2009.0730.0057.43017) CCC Help Japanese (Version: 2009.0730.0057.43017) CCC Help Korean (Version: 2009.0730.0057.43017) CCC Help Norwegian (Version: 2009.0730.0057.43017) CCC Help Polish (Version: 2009.0730.0057.43017) CCC Help Portuguese (Version: 2009.0730.0057.43017) CCC Help Russian (Version: 2009.0730.0057.43017) CCC Help Spanish (Version: 2009.0730.0057.43017) CCC Help Swedish (Version: 2009.0730.0057.43017) CCC Help Thai (Version: 2009.0730.0057.43017) CCC Help Turkish (Version: 2009.0730.0057.43017) ccc-core-static (Version: 2009.0730.58.43017) ccc-utility (Version: 2009.0730.58.43017) CDBurnerXP (Version: 4.5.2.4214) CDex - Open Source Digital Audio CD Extractor (Version: 1.70.4.2009) CSS Group Kassensystem Einzelhandel (Version: 3.0.0.105) DHTML Editing Component (Version: 6.02.0001) DirSync 2.96 Free YouTube Download version 3.2.2.430 (Version: 3.2.2.430) Google Earth (Version: 5.2.1.1588) HitmanPro 3.7 (Version: 3.7.7.205) HL-4150CDN (Version: 1.0.6.0) HomeTab 4.4 (Version: 4.4) ImgBurn (Version: 2.5.6.0) IPCam Surveillance Software 3.0.3.0 IrfanView (remove only) (Version: 4.36) Java 7 Update 45 (Version: 7.0.450) Java Auto Updater (Version: 2.1.9.8) JDownloader 2 (Version: 2.0) K-Lite Codec Pack 6.0.4 (Basic) (Version: 6.0.4) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft SQL Server Compact 4.0 SP1 ENU CTP1 (Version: 4.0.8854.1) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft_VC100_CRT_x86 (Version: 1.0.0) Mozilla Firefox 25.0.1 (x86 de) (Version: 25.0.1) Mozilla Maintenance Service (Version: 25.0.1) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MyPhoneExplorer (Version: 1.8.4) MySQL-Front 2.5 PDF-XChange Viewer (Version: 2.5.199.0) Readiris Pro 10 Samsung Network PC Fax (Version: 1.4.29.0) SmarThru 4 Spybot - Search & Destroy (Version: 2.1.19) Stanza SWX-Auftrag 1.64 (Version: 1.64) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Vertragsmanager (Version: 1.0.0) VIS Wartung Samsung SCX-4623 Series Windows Mobile-Gerätecenter (Version: 6.1.6965.0) xp-AntiSpy 3.98-2 ==================== Restore Points ========================= 14-11-2013 13:55:23 Windows Update 19-11-2013 08:06:59 Windows Update 20-11-2013 08:23:33 avast! antivirus system restore point 20-11-2013 15:06:10 Avira EU-Cleaner - 20.11.2013 16:06 ==================== Hosts content: ========================== 2009-07-14 03:04 - 2013-10-11 11:17 - 00450745 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {19F4A8B3-F436-4D88-A8E1-FA3A5FA1A2D4} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation) Task: {337C80C3-C01C-460B-B911-4B5319D73FA6} - System32\Tasks\{398B238E-A533-4E3E-9263-F51CACDFE846} => D:\Eigene Dateien\All For PC\Treiber+Hardware\Scanner\Canon Lide 20\ScanGear_Treiber7031a_xpde\SetupSG.exe [2007-06-22] () Task: {3F2E4F77-7C7C-42A2-A222-1D2F43985D6F} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files\HomeTab\TBUpdater.dll [2013-07-08] (Simply Tech Ltd.) Task: {4940F6EB-4B72-4646-9F45-86659B54E655} - System32\Tasks\{488D8EB4-B96C-46E5-9ACC-5C09F92287EE} => C:\Program Files\GIGABYTE\ET6\ET6SC.exe Task: {5F161A77-F0CE-463E-9773-EEAE56CAA818} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {6DE464B6-1CF6-401A-87AD-E22AE1259FF1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated) Task: {734CCC51-3F96-4872-8B0D-24079E375279} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: {88F42E8D-D49B-4AB1-9206-B2C5719ECFFF} - System32\Tasks\{41D52D80-FBE2-481E-B62F-BA5672E91E1D} => D:\Eigene Dateien\All For PC\Software\Kasse\CSS-Kasse\csskasse.exe [2004-05-12] () Task: {9733FCD2-BFE3-4B83-A0EA-769D53D72D6D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: {AF058A21-CAE3-4883-A542-724F47B421CF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-20] (AVAST Software) Task: {B66FF37B-7278-4217-BBA1-BCBB486E0528} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files\HomeTab\ProtectedSearch.exe [2013-08-13] (Simplygen) Task: {EC428433-A642-4291-9DDF-EA41387F668B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-07-08 12:12 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-07-08 12:12 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2013-10-23 13:18 - 2013-08-13 07:38 - 00100352 _____ () C:\Program Files\HomeTab\InstallHelper.dll 2013-06-12 13:51 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll 2013-07-08 12:12 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-11-20 09:26 - 2013-11-20 09:26 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-11-18 09:43 - 2013-11-18 09:43 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll 2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll 2011-05-26 20:18 - 2011-05-26 20:18 - 00136536 _____ () C:\Program Files\Microsoft Office\Office12\OUTLCTL.DLL 2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/20/2013 04:06:08 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {878d1e63-6097-4460-bfb3-10b5094787a5} Error: (11/20/2013 09:32:28 AM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (11/20/2013 09:23:28 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {225f0c3b-728a-48dd-bcdd-654b9c79c249} Error: (11/19/2013 11:17:46 AM) (Source: Application Hang) (User: ) Description: Programm OUTLOOK.EXE, Version 12.0.6680.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1684 Startzeit: 01cee5040a9ac832 Endzeit: 0 Anwendungspfad: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE Berichts-ID: cc3f758f-5103-11e3-ba65-404e57434401 Error: (11/19/2013 09:56:16 AM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (11/18/2013 10:16:04 AM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (11/18/2013 09:37:17 AM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (11/15/2013 11:44:43 AM) (Source: Application Hang) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d60 Startzeit: 01cee1d9c9a51cf4 Endzeit: 452 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: ec088406-4de2-11e3-8056-404e57434401 Error: (11/15/2013 09:43:19 AM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (11/14/2013 11:44:31 AM) (Source: Application Hang) (User: ) Description: Programm firefox.exe, Version 25.0.0.5046 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b40 Startzeit: 01cee121b12ac7ce Endzeit: 16 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: bbcf52a2-4d19-11e3-b4ff-404e57434401 System errors: ============= Error: (11/21/2013 00:44:47 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden. Error: (11/21/2013 00:44:47 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden. Error: (11/21/2013 00:44:46 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden. Error: (11/21/2013 00:44:46 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden. Error: (11/21/2013 00:44:45 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden. Error: (11/21/2013 09:47:46 AM) (Source: WMPNetworkSvc) (User: ) Description: WMPNetworkSvc Error: (11/21/2013 09:45:43 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/21/2013 09:44:49 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (11/21/2013 09:44:49 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error: (11/21/2013 09:44:17 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Microsoft Office Sessions: ========================= Error: (11/05/2013 09:31:07 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error: (09/27/2013 09:09:19 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error: (09/06/2013 07:53:50 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error: (09/03/2013 11:02:40 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error: (07/25/2013 11:56:31 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 50 seconds with 0 seconds of active time. This session ended with a crash. Error: (06/19/2013 08:07:53 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash. Error: (06/14/2013 08:23:07 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error: (04/12/2013 00:32:15 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/19/2013 01:15:45 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/18/2013 09:28:54 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 59% Total physical RAM: 2813.55 MB Available physical RAM: 1142.42 MB Total Pagefile: 5625.4 MB Available Pagefile: 3806.96 MB Total Virtual: 2047.88 MB Available Virtual: 1880.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.56 GB) (Free:46.61 GB) NTFS Drive d: (Daniel) (Fixed) (Total:368.1 GB) (Free:293.08 GB) NTFS Drive f: (Sicherung) (Fixed) (Total:465.76 GB) (Free:242.94 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: EE2F260C) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 09CE95F3) Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
22.11.2013, 10:43 | #4 |
/// the machine /// TB-Ausbilder | Telekom Brief - ZeuS/ZBot Infektion hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.11.2013, 11:16 | #5 |
| Telekom Brief - ZeuS/ZBot Infektion Hallo, danke für die schnelle Antwort... Combofix erledigt: Code:
ATTFilter Combofix Logfile: Daniel |
23.11.2013, 07:21 | #6 |
/// the machine /// TB-Ausbilder | Telekom Brief - ZeuS/ZBot Infektion Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Telekom Brief - ZeuS/ZBot Infektion |
23.11.2013, 08:25 | #7 |
| Telekom Brief - ZeuS/ZBot Infektion Guten Morgen. Leider bin ich am Wochenende bei meiner Freundin und nicht an meinem Rechner. Werde die Programme gleich Montag früh durchlaufen lassen. Konntest du eine Infektion bereits feststellen? Nette grüße Daniel |
23.11.2013, 08:30 | #8 |
/// the machine /// TB-Ausbilder | Telekom Brief - ZeuS/ZBot Infektion Bis jetzt nichts dramatisches.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.11.2013, 11:09 | #9 |
| Telekom Brief - ZeuS/ZBot Infektion Hallo, alle Hausaufgaben sind erledigt: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.25.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Daniel :: PCD [Administrator] 25.11.2013 09:52:36 mbam-log-2013-11-25 (09-52-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 380437 Laufzeit: 41 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 1W1G1U1K1O1H -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 8 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1382479200000.000008&tguid=66920-6787-1382530686138-67ED82AD3CF5F3C333784C1B5F53F3A6&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1382479200000.000008&tguid=66920-6787-1382530686138-67ED82AD3CF5F3C333784C1B5F53F3A6&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1382479200000.000008&tguid=66920-6787-1382530686138-67ED82AD3CF5F3C333784C1B5F53F3A6&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1382479200000.000008&tguid=66920-6787-1382530686138-67ED82AD3CF5F3C333784C1B5F53F3A6&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1382479200000.000008&tguid=66920-6787-1382530686138-67ED82AD3CF5F3C333784C1B5F53F3A6&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1382479200000.000008&tguid=66920-6787-1382530686138-67ED82AD3CF5F3C333784C1B5F53F3A6&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1382479200000.000008&tguid=66920-6787-1382530686138-67ED82AD3CF5F3C333784C1B5F53F3A6&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1382479200000.000008&tguid=66920-6787-1382530686138-67ED82AD3CF5F3C333784C1B5F53F3A6&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 2 C:\Users\Daniel\AppData\Local\DownloadGuide (PUP.Optional.DownloadGuide.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Daniel\AppData\Local\DownloadGuide\Offers (PUP.Optional.DownloadGuide.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 10 C:\Users\Daniel\AppData\Local\DownloadGuide\Offers\hometab.exe (PUP.Optional.HomeTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Daniel\AppData\Local\DownloadGuide\Offers\iminent.exe (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Daniel\AppData\Local\DownloadGuide\Offers\plus-hd-3-8.exe (PUP.Optional.CrossRider) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\CAO-Faktura\support\cao_support.exe (PUP.Radmin) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Eigene Dateien\All For PC\Software\Multi-Media\Adobe CS4\Photoshop CS4\Keygen.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Daniel\AppData\Local\DownloadGuide\amazon.ico (PUP.Optional.DownloadGuide.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Daniel\AppData\Local\DownloadGuide\setup.exe (PUP.Optional.DownloadGuide.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Daniel\AppData\Local\DownloadGuide\setup.exe_date (PUP.Optional.DownloadGuide.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Daniel\AppData\Local\DownloadGuide\Offers\vis-freeware.exe (PUP.Optional.DownloadGuide.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Daniel\AppData\Local\DownloadGuide\Offers\Web%2BOptimizer.exe (PUP.Optional.DownloadGuide.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.013 - Bericht erstellt am 25/11/2013 um 10:45:34 # Updated 24/11/2013 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits) # Benutzername : Daniel - PCD # Gestartet von : D:\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\boost_interprocess Ordner Gelöscht : C:\Users\Daniel\AppData\LocalLow\SimplyTech Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\Windows Net Data Datei Gelöscht : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ynabmj2x.default\searchplugins\Web Search.xml Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Web Search.xml ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\HomeTab.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_excel-kassenbuch_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_excel-kassenbuch_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\Software\systweak ***** [ Browser ] ***** -\\ Internet Explorer v0.0.0.0 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] -\\ Mozilla Firefox v25.0.1 (de) [ Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ynabmj2x.default\prefs.js ] Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search"); Zeile gelöscht : user_pref("browser.search.order.1", "Web Search"); Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...] Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"); Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1382479200000.000008&tguid=66920-6787-1382530686138-67ED82AD3CF5F3C333784C1B5F53F3A6&q="); ************************* AdwCleaner[R0].txt - [5402 octets] - [25/11/2013 10:43:47] AdwCleaner[S0].txt - [4429 octets] - [25/11/2013 10:45:34] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4489 octets] ########## [/CODE] Junkware Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Windows 7 Ultimate x86 Ran by Daniel on 25.11.2013 at 10:49:52,36 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasmancs ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\ynabmj2x.default\minidumps [31 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 25.11.2013 at 10:51:52,85 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-11-2013 Ran by Daniel (administrator) on PCD on 25-11-2013 11:04:16 Running from D:\Downloads Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) D:\Downloads\FRST(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [614400 2009-08-14] () HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.) HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-20] (AVAST Software) HKLM\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\3012229f-c8f4-4d16-92cb-c3e609006602.exe [180184 2013-11-25] (AVAST Software) HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.) HKCU\...\Policies\Explorer: [NoRecentDocsNetHood] 1 HKCU\...\Policies\Explorer: [NoInternetOpenWith] 1 BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE56C893D18ADCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Tcpip\..\Interfaces\{6E59F9D5-6B73-4040-9B95-C7728A07124B}: [NameServer]192.168.236.115 FireFox: ======== FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ynabmj2x.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ynabmj2x.default\Extensions\WTB_GLOBAL.sqlite FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ynabmj2x.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ynabmj2x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-20] (AVAST Software) R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-11-22] (SurfRight B.V.) R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [165888 2010-05-27] (Samsung Electronics Co., Ltd.) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-11-20] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-11-20] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-11-20] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-20] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-11-20] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-11-20] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-11-20] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-11-20] () R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [64000 2009-07-13] (AVM GmbH) S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-04] (www.winchiphead.com) S3 etdrv; C:\Windows\etdrv.sys [17488 2011-06-29] (Windows (R) 2000 DDK provider) R3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [559104 2009-07-13] (AVM Berlin) S3 gdrv; C:\Windows\gdrv.sys [17488 2011-06-29] (Windows (R) 2000 DDK provider) S3 amdiox86; system32\DRIVERS\amdiox86.sys [x] S3 catchme; \??\C:\Users\Daniel\AppData\Local\Temp\catchme.sys [x] U5 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2011-06-29] () S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-25 10:51 - 2013-11-25 10:52 - 00001289 _____ C:\Users\Daniel\Desktop\JRT.txt 2013-11-25 10:49 - 2013-11-25 10:49 - 00000000 ____D C:\Windows\ERUNT 2013-11-25 10:47 - 2013-11-25 10:47 - 00004569 _____ C:\Users\Daniel\Desktop\AdwCleaner[S0].txt 2013-11-25 10:40 - 2013-11-25 10:45 - 00000000 ____D C:\AdwCleaner 2013-11-25 09:48 - 2013-11-25 09:48 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-11-25 09:48 - 2013-11-25 09:48 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Malwarebytes 2013-11-25 09:48 - 2013-11-25 09:48 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-25 09:48 - 2013-11-25 09:48 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-11-25 09:48 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-11-22 11:11 - 2013-11-22 11:11 - 00014295 _____ C:\ComboFix.txt 2013-11-22 11:04 - 2013-11-22 11:11 - 00000000 ____D C:\Qoobox 2013-11-22 11:04 - 2013-11-22 11:10 - 00000000 ____D C:\Windows\erdnt 2013-11-22 11:04 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2013-11-22 11:04 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2013-11-22 11:04 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-11-22 11:04 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-11-22 11:04 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-11-22 11:04 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2013-11-22 11:04 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2013-11-22 11:04 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2013-11-22 11:03 - 2013-11-22 11:03 - 05147802 ____R (Swearware) C:\Users\Daniel\Desktop\ComboFix.exe 2013-11-21 14:02 - 2013-11-21 14:02 - 00000000 ____D C:\FRST 2013-11-21 12:57 - 2013-11-21 12:57 - 00000000 _____ C:\Users\Daniel\defogger_reenable 2013-11-20 16:52 - 2013-11-20 16:52 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-11-20 16:25 - 2013-11-21 09:59 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2013-11-20 16:24 - 2013-11-21 09:59 - 00000000 ____D C:\ProgramData\HitmanPro 2013-11-20 16:24 - 2013-11-20 16:25 - 00000000 ____D C:\Program Files\HitmanPro 2013-11-20 13:37 - 2013-11-20 13:37 - 00002027 _____ C:\Users\Daniel\Desktop\Entfernen des Avira EU-Cleaners.lnk 2013-11-20 13:37 - 2013-11-20 13:37 - 00001971 _____ C:\Users\Daniel\Desktop\Avira EU-Cleaner.lnk 2013-11-20 10:12 - 2013-11-20 10:12 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\AVAST Software 2013-11-20 09:26 - 2013-11-20 09:26 - 00002047 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-11-18 09:43 - 2013-11-22 14:46 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-14 13:36 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-14 13:36 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-14 13:36 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-14 13:36 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-14 13:36 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-14 13:36 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-14 13:36 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-11-14 13:36 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-14 13:36 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-14 13:36 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-14 13:36 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-14 13:36 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-14 13:36 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-14 13:36 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-14 13:36 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-14 13:36 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-14 13:36 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-14 13:36 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys ==================== One Month Modified Files and Folders ======= 2013-11-25 11:00 - 2011-06-20 11:33 - 01622172 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-25 10:58 - 2009-07-14 05:34 - 00016848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-25 10:58 - 2009-07-14 05:34 - 00016848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-25 10:53 - 2011-07-05 11:30 - 00005652 _____ C:\Windows\setupact.log 2013-11-25 10:53 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-25 10:52 - 2013-11-25 10:51 - 00001289 _____ C:\Users\Daniel\Desktop\JRT.txt 2013-11-25 10:52 - 2011-06-20 11:22 - 01109055 _____ C:\Windows\WindowsUpdate.log 2013-11-25 10:49 - 2013-11-25 10:49 - 00000000 ____D C:\Windows\ERUNT 2013-11-25 10:47 - 2013-11-25 10:47 - 00004569 _____ C:\Users\Daniel\Desktop\AdwCleaner[S0].txt 2013-11-25 10:45 - 2013-11-25 10:40 - 00000000 ____D C:\AdwCleaner 2013-11-25 10:43 - 2013-09-10 08:18 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-25 10:37 - 2011-06-21 11:38 - 00140764 _____ C:\Windows\PFRO.log 2013-11-25 10:36 - 2011-06-21 11:25 - 00000000 ____D C:\Windows\PCHEALTH 2013-11-25 09:48 - 2013-11-25 09:48 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-11-25 09:48 - 2013-11-25 09:48 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Malwarebytes 2013-11-25 09:48 - 2013-11-25 09:48 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-25 09:48 - 2013-11-25 09:48 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-11-22 17:45 - 2013-01-07 14:13 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\MyPhoneExplorer 2013-11-22 14:46 - 2013-11-18 09:43 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-22 11:11 - 2013-11-22 11:11 - 00014295 _____ C:\ComboFix.txt 2013-11-22 11:11 - 2013-11-22 11:04 - 00000000 ____D C:\Qoobox 2013-11-22 11:11 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default 2013-11-22 11:11 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public 2013-11-22 11:10 - 2013-11-22 11:04 - 00000000 ____D C:\Windows\erdnt 2013-11-22 11:10 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini 2013-11-22 11:03 - 2013-11-22 11:03 - 05147802 ____R (Swearware) C:\Users\Daniel\Desktop\ComboFix.exe 2013-11-21 14:02 - 2013-11-21 14:02 - 00000000 ____D C:\FRST 2013-11-21 12:57 - 2013-11-21 12:57 - 00000000 _____ C:\Users\Daniel\defogger_reenable 2013-11-21 12:57 - 2011-06-20 11:30 - 00000000 ____D C:\Users\Daniel 2013-11-21 12:49 - 2013-03-13 15:30 - 00000000 ____D C:\ProgramData\Adobe 2013-11-21 12:49 - 2013-03-13 15:28 - 00000000 ____D C:\Program Files\Adobe 2013-11-21 12:49 - 2013-03-13 15:25 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-11-21 12:49 - 2011-06-21 12:54 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Adobe 2013-11-21 09:59 - 2013-11-20 16:25 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2013-11-21 09:59 - 2013-11-20 16:24 - 00000000 ____D C:\ProgramData\HitmanPro 2013-11-20 16:52 - 2013-11-20 16:52 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-11-20 16:25 - 2013-11-20 16:24 - 00000000 ____D C:\Program Files\HitmanPro 2013-11-20 13:37 - 2013-11-20 13:37 - 00002027 _____ C:\Users\Daniel\Desktop\Entfernen des Avira EU-Cleaners.lnk 2013-11-20 13:37 - 2013-11-20 13:37 - 00001971 _____ C:\Users\Daniel\Desktop\Avira EU-Cleaner.lnk 2013-11-20 13:36 - 2011-06-21 13:43 - 00000000 ____D C:\Vertragsmanager 2013-11-20 10:12 - 2013-11-20 10:12 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\AVAST Software 2013-11-20 09:26 - 2013-11-20 09:26 - 00002047 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-11-20 09:26 - 2013-03-14 08:57 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-11-20 09:26 - 2013-03-14 08:57 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2013-11-20 09:26 - 2012-03-30 12:09 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2013-11-20 09:26 - 2012-02-02 17:00 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-11-20 09:26 - 2012-02-02 17:00 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-11-20 09:26 - 2012-02-02 17:00 - 00269216 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-11-20 09:26 - 2012-02-02 17:00 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2013-11-20 09:26 - 2012-02-02 17:00 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2013-11-20 09:26 - 2012-02-02 17:00 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-11-20 09:26 - 2012-02-02 17:00 - 00035656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys 2013-11-20 09:23 - 2012-02-02 17:00 - 00000000 ____D C:\ProgramData\AVAST Software 2013-11-20 09:23 - 2009-07-14 03:04 - 00002577 _____ C:\Windows\system32\config.nt 2013-11-19 09:01 - 2012-05-03 11:40 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-11-15 12:55 - 2011-10-14 14:28 - 00007168 _____ C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-11-15 10:01 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache 2013-11-15 09:06 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE 2013-11-14 14:58 - 2011-06-21 11:23 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-11-14 14:57 - 2013-08-19 09:05 - 00000000 ____D C:\Windows\system32\MRT 2013-11-14 14:55 - 2011-06-20 11:51 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-13 11:15 - 2011-06-29 14:12 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Canon 2013-11-11 05:50 - 2011-06-20 11:46 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\Daniel\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-20 09:40 ==================== End Of Log ============================ --- --- --- Nette Grüße Daniel |
26.11.2013, 09:33 | #10 |
/// the machine /// TB-Ausbilder | Telekom Brief - ZeuS/ZBot InfektionESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Telekom Brief - ZeuS/ZBot Infektion |
antiviren, befund, defogger, gmer, hijack.searchpage, identifizieren, ohne befund, online-banking-trojaner, pup.optional.crossrider, pup.optional.downloadguide.a, pup.optional.hometab.a, pup.optional.iminent.a, pup.optional.installcore.a, pup.radmin, schritte, spybot, telekom, telekom zeus/zbot, trojan.agent.ck, zeus/zbot |