|
Log-Analyse und Auswertung: TR/Spy.ZBot.lntt.12 und EXP/CVE-2013-2423.J von Avira gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.06.2013, 21:30 | #1 |
| TR/Spy.ZBot.lntt.12 und EXP/CVE-2013-2423.J von Avira gefunden Hallo zusammen, Avira hat auf meinem Rechner folgende Schädlinge gefunden: TR/Spy.ZBot.lntt.12 EXP/CVE-2013-2423.J Habe zwar schon einen Thread mit der gleichen Kombination bei Euch gefunden, aber man soll ja auf jeden Fall einen eigenen Post beginnen. Zum betroffenen System: HP G7000 Notebook Intel Pentium Dual CPU T2310 1,47 GHz 32-Bit-System Win Vista Home Basic SP2 Hier die OTL-Logfile: OTL logfile created on: 09.06.2013 21:03:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\ Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,28 Mb Total Physical Memory | 284,54 Mb Available Physical Memory | 28,08% Memory free 2,24 Gb Paging File | 1,19 Gb Available in Paging File | 53,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 105,56 Gb Total Space | 56,40 Gb Free Space | 53,43% Space Free | Partition Type: NTFS Drive D: | 6,23 Gb Total Space | 2,32 Gb Free Space | 37,20% Space Free | Partition Type: NTFS Drive E: | 702,81 Mb Total Space | 656,18 Mb Free Space | 93,37% Space Free | Partition Type: UDF Computer Name: STEVE-PC | User Name: XXXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.27 17:46:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.06 16:13:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.12.12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012.08.28 07:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012.01.10 21:42:21 | 000,151,552 | ---- | M] () -- C:\WINDOWS\KMService.exe PRC - [2012.01.10 21:42:21 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\srvany.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.06 10:33:28 | 003,365,176 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2010.09.06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgdersvc.exe PRC - [2010.09.06 09:11:32 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe PRC - [2010.07.16 10:51:34 | 000,138,584 | ---- | M] () -- C:\Programme\Mobile Partner Manager\UIExec.exe PRC - [2010.07.16 10:49:38 | 000,252,784 | ---- | M] () -- C:\Programme\Mobile Partner Manager\AssistantServices.exe PRC - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.12.03 11:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe PRC - [2009.09.14 09:00:00 | 000,217,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FARNGGE.EXE PRC - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe ========== Modules (No Company Name) ========== MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.07.16 10:51:34 | 000,138,584 | ---- | M] () -- C:\Programme\Mobile Partner Manager\UIExec.exe ========== Services (SafeList) ========== SRV - [2013.05.15 18:48:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.07 16:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.07.13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2012.01.10 21:42:21 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\srvany.exe -- (KMService) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\System32\dgdersvc.exe -- (dgdersvc) SRV - [2010.09.06 09:11:32 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010.07.16 10:49:38 | 000,252,784 | ---- | M] () [Auto | Running] -- C:\Programme\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013.03.06 16:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.02.27 13:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.02.27 13:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.02.04 19:29:49 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ACEDRV09.sys -- (ACEDRV09) DRV - [2010.09.06 09:16:58 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2010.09.06 09:11:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.02.25 02:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBTTN.sys -- (HBtnKey) DRV - [2010.01.18 12:21:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010.01.18 12:21:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2010.01.18 12:21:00 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\massfilter.sys -- (massfilter) DRV - [2010.01.18 12:20:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.04.29 08:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2008.03.03 12:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2007.10.29 11:38:38 | 000,162,088 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2007.07.10 07:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.05.04 16:11:32 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.04.30 21:59:30 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2007.04.23 23:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop IE - HKLM\..\SearchScopes,DefaultScope = {CA0627CE-276C-4CBC-8ECA-CB5EA49A4005} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{CA0627CE-276C-4CBC-8ECA-CB5EA49A4005}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop IE - HKCU\..\SearchScopes,DefaultScope = {CA0627CE-276C-4CBC-8ECA-CB5EA49A4005} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{C5E868E4-AA46-4D9B-BA72-D4EDA4C03859}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=83756B14-B18F-4FCB-ABE0-FB2EC2861320&apn_sauid=DAE1AAF3-6183-49E9-B3DF-46E9B42A7047 IE - HKCU\..\SearchScopes\{CA0627CE-276C-4CBC-8ECA-CB5EA49A4005}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT3240727.browser.search.defaultthis.engineName: "true" FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "findr Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3240727&SearchSource=3&q={searchTerms}&CUI=UN31365157341815031" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3240727&SearchSource=2&CUI=UN31365157341815031&UM=UM_ID&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.11 22:24:17 | 000,000,000 | ---D | M] [2012.10.07 21:39:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXX\AppData\Roaming\mozilla\Extensions [2012.10.07 21:39:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXX\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.05.17 09:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXX\AppData\Roaming\mozilla\Firefox\Profiles\ob09yz9g.default\extensions [2013.02.18 20:30:25 | 000,000,000 | ---D | M] (findr) -- C:\Users\XXXXX\AppData\Roaming\mozilla\Firefox\Profiles\ob09yz9g.default\extensions\{4373e9b4-0a12-4112-8e3d-36ded19ee3dd} [2012.10.17 23:09:22 | 000,558,413 | ---- | M] () (No name found) -- C:\Users\XXXXX\AppData\Roaming\mozilla\firefox\profiles\ob09yz9g.default\extensions\toolbar@web.de.xpi [2013.03.11 22:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.26 08:36:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.07 14:46:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} [2013.03.07 16:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON SX125 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [Okwesydul] C:\Users\XXXXX\AppData\Roaming\Evyl\kamua.exe (Mandiant) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab (Java Plug-in 1.6.0_43) O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_43-windows-i586.cab (Java Plug-in 1.7.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C8ED464-DD67-410A-8D47-129538277906}: DhcpNameServer = 100.100.0.207 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.11.07 12:49:46 | 000,000,000 | ---D | C] -- C:\406f3dbb58bd3be4ee [2013.05.21 22:10:04 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\Avira [2013.05.21 22:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.21 22:03:35 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.05.21 22:03:33 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.05.21 22:03:33 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.05.21 22:03:33 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.05.21 22:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.21 22:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.05.21 20:53:21 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\TuneUp Software [2013.05.21 20:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.05.21 20:51:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2013.05.21 20:51:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.05.19 23:10:19 | 000,000,000 | ---D | C] -- C:\Windows\de [2013.05.19 23:09:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2013.05.19 23:07:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2013.05.19 23:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2013.05.19 22:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2013.05.13 20:42:10 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\Fexou [2013.05.13 20:42:09 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\Lukot [2013.05.13 20:42:09 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\Evyl [1 C:\Users\Steve\Documents\*.tmp files -> C:\Users\XXXXX\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.09 20:57:48 | 000,000,000 | ---- | M] () -- C:\Users\XXXXX\defogger_reenable [2013.06.09 19:55:13 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 19:55:13 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 18:46:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.28 18:38:32 | 1063,280,640 | -HS- | M] () -- C:\hiberfil.sys [2013.05.21 20:06:26 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.05.20 13:45:23 | 000,339,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.19 18:16:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2013.05.19 18:16:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2013.05.19 12:21:18 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.19 12:21:18 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.19 12:21:18 | 000,127,270 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.19 12:21:18 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.17 10:16:42 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\0000076A.LCS [2013.05.17 09:34:38 | 000,041,198 | ---- | M] () -- C:\Windows\cc_20130517_093312.reg [1 C:\Users\XXXXXX\Documents\*.tmp files -> C:\Users\XXXXXX\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.09 20:57:48 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\defogger_reenable [2013.05.19 23:07:44 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2013.05.19 23:07:08 | 000,001,227 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2013.05.19 23:06:07 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2013.05.19 23:05:06 | 000,002,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2013.05.19 18:16:39 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2013.05.19 18:16:39 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2013.05.17 09:34:34 | 000,041,198 | ---- | C] () -- C:\Windows\cc_20130517_093312.reg [2012.02.04 18:14:55 | 000,016,098 | ---- | C] () -- C:\Windows\German2.ini [2012.01.30 14:47:12 | 000,006,656 | ---- | C] () -- C:\Users\XXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.21 01:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2012.01.20 21:34:07 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2012.01.20 21:34:07 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2012.01.12 00:31:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.01.12 00:31:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012.01.12 00:29:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.01.10 21:43:22 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe [2012.01.10 21:43:22 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe ========== ZeroAccess Check ========== [2006.11.02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.02.10 21:25:40 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.05.17 09:44:42 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\DAEMON Tools Lite [2012.10.18 05:56:47 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Epson [2013.05.13 20:42:09 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Evyl [2013.05.13 20:42:10 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Fexou [2013.05.17 09:44:41 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\inkscape [2013.05.21 19:20:38 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Lukot [2013.02.18 20:18:50 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\OpenCandy [2012.01.20 21:25:34 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Samsung [2012.07.15 15:26:43 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Systweak [2012.01.10 23:16:50 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\TeamViewer [2012.10.07 21:39:54 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\TomTom [2013.05.21 20:53:21 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Bei dem Scan mit GMER ist der PC mit Bluescreen abgetaucht. Danach hatte ich es noch einmal probiert, und wieder kam der Bluescreen. Im Anhang die Files von Extras und von Avira. Wäre super wenn mir einer helfen könnte, ich weiß sonst auch nicht mehr weiter. Vielen Dank im voraus. |
09.06.2013, 21:37 | #2 |
/// TB-Ausbilder | TR/Spy.ZBot.lntt.12 und EXP/CVE-2013-2423.J von Avira gefunden Hallo,
__________________ich habe dein Thema in Arbeit, analysiere deine Logs und Angaben und melde mich in ein paar Minuten wieder mit weiteren Anweisungen.
__________________ |
09.06.2013, 21:39 | #3 |
/// TB-Ausbilder | TR/Spy.ZBot.lntt.12 und EXP/CVE-2013-2423.J von Avira gefunden Ich fürchte, dein installiertes Microsoft Office Professional Plus 2010 ist keine Originalversion... Ist das korrekt?
__________________
__________________ |
09.06.2013, 21:54 | #4 |
| TR/Spy.ZBot.lntt.12 und EXP/CVE-2013-2423.J von Avira gefunden Hallo und erstmal vielen Dank für Dein Bemühen. Ja, ist korrekt. Kann das Problem daher kommen oder ist das ein Hinderungsgrund für eine Hilfe? Geändert von FelBie (09.06.2013 um 22:24 Uhr) |
10.06.2013, 18:11 | #5 |
/// TB-Ausbilder | TR/Spy.ZBot.lntt.12 und EXP/CVE-2013-2423.J von Avira gefunden Das bindet mir leider die Hände... Wir suchen nicht gezielt nach solchen Hinweisen, aber wenn wir sie sehen, dann können wir nicht mehr beide Augen zudrücken. Deshalb: Cracks und Keygens Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Nebst ihrer Illegalität sind Cracks und Patches aus dubioser Quelle auch sehr oft mit Schädlingen versehen, womit man sich also fast schon vorsätzlich infiziert. Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Wir haben dich in unserer Anleitung unter Punkt 8 der Foren-Regeln auch unmissverständlich darauf hingewiesen, wie wir damit umgehen werden. Diese Software hat ihren Preis und die Softwarefirmen leben von diesen Einnahmen. Als Alternative gibt es überall jede Menge sehr gute Freeware oder abgespeckte, günstig zu erwerbende Versionen. Unsere Empfehlung hier lautet, einen sauberen Neuanfang zu vollziehen, und unsere Hilfe beschränkt sich daher auf das Neuaufsetzen und Absichern deines Systems. Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Unterforum Alles rund um Windows. Bei dir läuft immer noch ein hässlicher Zbot. Der loggt Passwörter und Sonstiges mit. In diesem Zustand das System auf keinen Fall weiterbetreiben, sondern einstampfen und neu machen!
__________________ cheers, Leo |
Themen zu TR/Spy.ZBot.lntt.12 und EXP/CVE-2013-2423.J von Avira gefunden |
adobe, antivir, avg, avira, bho, bluescreen, cpu, defender, desktop, exp/cve-2013-2423.j, explorer, firefox, flash player, format, helper, home, mozilla, opera, pdf, plug-in, programme, realtek, registry, scan, software, super, system, vista |