Diverse E-Mail Konten gehackt Hi,
gestern Mittag erhielt ich beim Versuch mich bei meinem Google Konto einzuloggen die Meldung das sich ein Hacker aus Russland an meinem E-Mail Konto versucht hat. Hab ich nicht ernst genommen und mich normal eingeloggt. Heute meldete mir Thunderbird das bei 2 Hotmail Konten die Passwörter nicht stimmen. Habe die Passwörter an einem anderen sauberen Rechner erfolgreich zurückgesetzt. Hab dann noch bei Paypal und diverse andere wichtige Konten Passwörter geändert.
Was habe ich gemacht? Naja zugegeben ich hab mir Nacktbiler :applaus: vom mygully.com Forum heruntergeladen. Es war nur 1 .rar Datei mit ca. 50 Bildern. Kurz darauf ging das los. Also vermute ich es lag daran? Den gesamten Ordner habe ich bereits sofort gelöscht.
Ich hoffe nur das ich mein System nicht wieder neu aufsetzen muss, das nervt mich das ich das inzwischen alle 2 Monate machen darf :/
Natürlich hab ich mich hier auch schlau gemacht. Ein Scan mit tdsskiller hat nichts hervorgebracht. Hjackthis Auswertung zeigt nichts verdächtiges. Die Logfile von OTL.exe (hat aber nur 1 Logfile ausgeworfen?) sieht so aus:
OTL Logfile: Code:
OTL logfile created on: 29.03.2013 14:31:10 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*******\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 36,83% Memory free
5,86 Gb Paging File | 3,60 Gb Available in Paging File | 61,33% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,14 Gb Total Space | 66,11 Gb Free Space | 55,49% Space Free | Partition Type: NTFS
Computer Name: *******-PC | User Name: ******* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\*******\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Users\*******\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\*******\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\*******\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll ()
MOD - C:\Users\*******\AppData\Local\Google\Chrome\Application\25.0.1364.172\libglesv2.dll ()
MOD - C:\Users\*******\AppData\Local\Google\Chrome\Application\25.0.1364.172\libegl.dll ()
MOD - C:\Users\*******\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Notepad++\NppShell_05.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
========== Services (SafeList) ==========
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
========== Driver Services (SafeList) ==========
DRV - (WinRing0_1_2_0) -- C:\Users\*******\AppData\Local\Temp\tmp493F.tmp File not found
DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 3C B7 B9 B4 2B CE 01 [binary data]
IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*******\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*******\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.03.13 12:47:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.03.13 20:09:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.03.13 20:09:52 | 000,000,000 | ---D | M]
[2012.12.20 02:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*******\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\*******\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*******\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\*******\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: SEOquake = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.14_0\
CHR - Extension: Google Drive = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Bookmark Sentry = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.13_0\
CHR - Extension: YouTube = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Adblock Plus = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google-Suche = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google-Suche = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: iMacros for Chrome = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\6.0.1_0\
CHR - Extension: NoFollow = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfogidghaigoomjdeacndafapdijmiid\3.3.5_0\
CHR - Extension: Link2Clip = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmieebpnfbcjdackmfajcbbknaikebla\1.1_0\
CHR - Extension: PageRank Status = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\7.3.0_1\
CHR - Extension: Change Colors = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmkekhehjedonbhoikhhkmlapalklgn\2.144_0\
CHR - Extension: Copy Links = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpoommnneaebpfgaoejklgemonkmjpc\1.2.1_0\
CHR - Extension: Premiumize.me = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm\0.0.16_0\
CHR - Extension: Color Picker = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg\0.0.1.48_1\
CHR - Extension: Google Reader = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Google Mail = C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Programme\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{935C30C2-6AEA-4DC0-B3C7-1742CC23C44B}: DhcpNameServer = 82.212.62.62 78.42.43.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4905C36-BE12-4D5A-A2C9-82B8F867D164}: DhcpNameServer = 82.212.62.62 78.42.43.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.29 14:17:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.26 10:08:36 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.24 13:13:32 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\TuneUp Software
[2013.03.24 13:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013
[2013.03.24 13:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.03.24 13:12:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.03.24 13:12:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.03.24 00:05:21 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\com.adobe.WidgetBrowser
[2013.03.20 21:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013.03.19 15:53:14 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Local\Programs
[2013.03.14 14:42:41 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.03.14 14:42:41 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Adobe Mini Bridge CS5
[2013.03.14 13:12:03 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\dealsdestages
[2013.03.13 20:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.03.13 19:26:39 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.13 19:26:38 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.13 19:26:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.13 19:26:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.13 19:26:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.13 19:26:37 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.13 19:26:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.13 19:26:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.13 12:47:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd
[2013.03.13 12:47:37 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Leadertech
[2013.03.13 12:47:27 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2013.03.13 12:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.03.13 12:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2013.03.13 12:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2013.03.13 12:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013.03.13 12:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2013.03.13 12:46:23 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Logitech
[2013.03.13 12:46:23 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Logishrd
[2013.03.10 16:21:25 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.10 16:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.09 16:00:13 | 000,000,000 | ---D | C] -- C:\Minimal and House
[2013.03.05 12:22:02 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.05 12:21:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.05 12:21:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.05 12:21:56 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.05 12:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.02.28 03:00:31 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.02.28 03:00:27 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.02.28 03:00:25 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.02.28 03:00:25 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.02.28 03:00:25 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 03:00:25 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 03:00:25 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 03:00:25 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 03:00:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 03:00:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 03:00:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 03:00:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 03:00:25 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 03:00:24 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.02.28 03:00:24 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.02.28 03:00:24 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.02.28 03:00:24 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.02.28 03:00:24 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.02.28 03:00:24 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.02.28 03:00:24 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.02.28 03:00:24 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.02.28 03:00:24 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.02.28 03:00:23 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.02.28 03:00:23 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.02.28 03:00:23 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
========== Files - Modified Within 30 Days ==========
[2013.03.29 14:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.29 13:55:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2100955007-3637390453-2697659314-1000UA.job
[2013.03.29 12:54:13 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2100955007-3637390453-2697659314-1000Core.job
[2013.03.29 12:39:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.28 13:11:22 | 000,275,620 | ---- | M] () -- C:\Users\*******\Desktop\1-13.pdf
[2013.03.27 17:46:15 | 000,022,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.27 17:46:15 | 000,022,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.27 17:42:53 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.27 17:42:53 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.27 17:42:53 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.27 17:42:53 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.27 17:38:08 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.26 15:52:07 | 000,001,456 | ---- | M] () -- C:\Users\*******\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013.03.25 13:29:56 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.25 13:29:56 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.25 13:29:56 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.21 20:34:03 | 000,197,160 | ---- | M] () -- C:\Users\*******\Desktop\gutschein ab in den urlaub.pdf
[2013.03.21 20:20:17 | 003,648,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.15 20:50:50 | 000,001,456 | ---- | M] () -- C:\Users\*******\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2013.03.13 12:47:27 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2013.03.13 12:10:40 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.13 12:10:40 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.08 00:51:11 | 001,416,329 | ---- | M] () -- C:\Users\*******\Desktop\ipad tarife-de 2 wort.pdf
[2013.03.08 00:36:32 | 001,494,410 | ---- | M] () -- C:\Users\*******\Desktop\ipad tarife-de.pdf
[2013.03.07 23:52:08 | 000,000,000 | ---- | M] () -- C:\END
[2013.03.05 12:21:52 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.05 12:21:52 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.05 12:21:52 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.05 12:21:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.05 12:21:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.05 12:21:52 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
========== Files Created - No Company Name ==========
[2013.03.28 13:11:22 | 000,275,620 | ---- | C] () -- C:\Users\*******\Desktop\1-13.pdf
[2013.03.21 23:56:41 | 000,001,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk
[2013.03.21 23:55:18 | 000,001,315 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2013.03.21 23:55:15 | 000,001,481 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2013.03.21 23:55:04 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013.03.21 23:54:40 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2013.03.21 20:34:02 | 000,197,160 | ---- | C] () -- C:\Users\*******\Desktop\gutschein ab in den urlaub.pdf
[2013.03.19 14:28:59 | 000,001,456 | ---- | C] () -- C:\Users\*******\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013.03.08 00:51:10 | 001,416,329 | ---- | C] () -- C:\Users\*******\Desktop\ipad tarife-de 2 wort.pdf
[2013.03.08 00:36:32 | 001,494,410 | ---- | C] () -- C:\Users\*******\Desktop\ipad tarife-de.pdf
[2013.03.06 23:51:55 | 000,000,000 | ---- | C] () -- C:\END
[2013.02.03 03:31:49 | 000,000,132 | ---- | C] () -- C:\Users\*******\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013.01.17 20:05:11 | 000,001,456 | ---- | C] () -- C:\Users\*******\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2013.01.07 20:13:12 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.01.07 20:13:12 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.12.20 17:58:23 | 000,000,017 | ---- | C] () -- C:\Users\*******\AppData\Local\resmon.resmoncfg
[2012.12.20 02:00:59 | 000,001,366 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.12.20 01:50:45 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.03.24 00:05:21 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\com.adobe.WidgetBrowser
[2013.01.17 19:49:17 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DAEMON Tools Lite
[2013.03.23 02:58:11 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\FileZilla
[2013.02.14 22:04:14 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\GSA Search Engine Ranker
[2013.03.13 12:47:37 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Leadertech
[2013.03.29 14:36:48 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\NetSpeedMonitor
[2013.02.24 13:39:10 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Notepad++
[2012.12.21 13:32:03 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\OpenOffice.org
[2013.03.14 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.12.20 02:23:06 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Thunderbird
[2013.03.24 13:13:32 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\TuneUp Software
========== Purity Check ==========
< End of report > --- --- ---
Was könnte ich denn noch machen?
Vielen Dank schon einmal im voraus.
EDIT: Malware Bytes hat eine Datei namens "PUP.RiskwareTool.ck" gefunden. Diese wurde nun in Quarantäne gestellt.
Hmm ich kann meinen Post nicht mehr editieren?
Ich habe nun folgenden Rat befolgt.
Und Logfile sieht so aus: Zitat:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1497567498-2469065647-1948998594-1000\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Users\*******\AppData\Roaming\Hayrqy\uwte.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0000036B-C524-4050-81A0-243669A86B9F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000036B-C524-4050-81A0-243669A86B9F}\ not found.
File C:\Program Files (x86)\Windows Live\Companion\companioncore.dll not found.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\*******\*.tmp not found.
File\Folder C:\Users\*******\AppData\*.dll not found.
File\Folder C:\Users\*******\AppData\*.exe not found.
File\Folder C:\Users\*******\AppData\Local\Temp\*.exe not found.
C:\Users\*******\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. < ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\*******\Desktop\cmd.bat deleted successfully.
C:\Users\*******\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: *******
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33300 bytes
->Google Chrome cache emptied: 11805572 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 11,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03292013_154103
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
| Malware Bytes Anti Rootkit hat nichts gefunden.
ADWCleaner zeigt folgendes
AdwCleaner Logfile: Code:
# AdwCleaner v2.115 - Datei am 29/03/2013 um 15:54:47 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v25.0.1364.172
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [986 octets] - [29/03/2013 15:54:47]
########## EOF - C:\AdwCleaner[S1].txt - [1045 octets] ########## --- --- ---
Bin ich damit jetzt sauber und kann mir eine Neuinstallation sparen?
Ich kann die Beiträge nicht editieren?
Bei folgenden Beitrag meine ich diesen hier http://www.trojaner-board.de/131503-...unden-tun.html
EDIT: Ich war wohl zu schnell, sorry. Wollte das einfach weg haben vom PC. Falls mir nun doch jemand helfen mag, werde ich alle Schritte brav einhalten :)
Gruß |