Plagegeister aller Art und deren Bekämpfung: Zeus/ZBot Telekom emailWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.08.2013, 17:05 | #1 |
| Zeus/ZBot Telekom email Hallo liebe Helfer. Habe heute bekannte email der Telekom erhalten, dass einer von 3 potentiellen Rechnern mit dem Trojaner ZBot infiziert sein soll. Avira und die von der Telekom empfohlene Software brachten keinen Erfolg / keinen Fund. Ich schreibe von Rechner 1. OTL habe ich bereits runtergeladen. Darf ich die logs posten? Danke! |
20.08.2013, 17:05 | #2 |
/// TB-Ausbilder | Zeus/ZBot Telekom email Wo steht was von OTL?
__________________Wir haben hier eine Erste Schritte - Anleitung. Befolge sie bitte.
__________________ |
20.08.2013, 17:06 | #3 |
| Zeus/ZBot Telekom email OTL habe ich nur geladen, nichts gemacht.
__________________Sorry. |
20.08.2013, 17:07 | #4 |
/// TB-Ausbilder | Zeus/ZBot Telekom email Ist ja nicht schlimm ... leg einfach los.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
20.08.2013, 17:09 | #5 |
| Zeus/ZBot Telekom email Ok. Was soll ich tun? |
20.08.2013, 17:18 | #6 |
/// TB-Ausbilder | Zeus/ZBot Telekom email Sich ein wenig auf dem Board umsehen und lesen hätte geholfen... Lesestoff: Erste Schritte-Anleitung Ohne Logfiles sind wir üblicherweise nicht in der Lage, dir fachgerecht und situationsbezogen zu helfen. Daher haben wir uns sehr viel Mühe mit zwei Startanleitungen gegeben, die wir an entscheidenden Stellen im Forum verlinkt haben. Ich möchte dich hiermit nochmal bitten diese durchzuführen:
__________________ --> Zeus/ZBot Telekom email |
20.08.2013, 17:25 | #7 |
| Zeus/ZBot Telekom email frst FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-08-2013 03 Ran by Corinna (administrator) on 20-08-2013 18:22:33 Running from C:\Users\Corinna\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe () C:\Windows\PLFSetI.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe () C:\Users\Corinna\Desktop\Defogger.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-06-09] () HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor) HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKCU\...\Run: [HP Photosmart 7520 series (NET)] - C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-14] (Adobe Systems Incorporated) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-06-29] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-10] (Avira Operations GmbH & Co. KG) HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] () HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] () Startup: C:\Users\Corinna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 7520 series (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 7520 series (Netzwerk).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox SearchScopes: HKCU - DefaultScope {4F236481-5C8B-4315-87C8-07E247E13238} URL = hxxp://www.google.de/search?q={searchTerms}&rlz= SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {4F236481-5C8B-4315-87C8-07E247E13238} URL = hxxp://www.google.de/search?q={searchTerms}&rlz= BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://www.google.com/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Google Drive) - C:\Users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\ CHR Extension: (Gmail) - C:\Users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-10] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-10] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-10] (Avira Operations GmbH & Co. KG) R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated) S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [246520 2010-04-04] (WildTangent, Inc.) R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.) R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-10] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-10] (Avira Operations GmbH & Co. KG) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-20 18:21 - 2013-08-20 18:22 - 01576196 _____ (Farbar) C:\Users\Corinna\Desktop\FRST64.exe 2013-08-20 18:20 - 2013-08-20 18:20 - 00000476 _____ C:\Users\Corinna\Desktop\defogger_disable.log 2013-08-20 18:20 - 2013-08-20 18:20 - 00000000 _____ C:\Users\Corinna\defogger_reenable 2013-08-20 18:19 - 2013-08-20 18:19 - 00050477 _____ C:\Users\Corinna\Desktop\Defogger.exe 2013-08-20 17:29 - 2013-08-20 17:29 - 00602112 _____ (OldTimer Tools) C:\Users\Corinna\Desktop\OTL.exe 2013-08-20 17:13 - 2013-08-20 17:27 - 00000000 ____D C:\ProgramData\HitmanPro 2013-08-20 17:13 - 2013-08-20 17:13 - 09853928 _____ (SurfRight B.V.) C:\Users\Corinna\Downloads\hitmanpro_x64.exe 2013-08-20 17:10 - 2013-08-20 17:10 - 00000000 ____D C:\ProgramData\boost_interprocess 2013-08-18 11:06 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-18 11:06 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-18 11:06 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-18 11:06 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-18 11:06 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-18 11:06 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-18 11:06 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-18 11:06 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-18 11:06 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-18 11:06 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-18 11:06 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-18 11:06 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-18 11:06 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-18 11:06 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-18 11:06 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-18 11:06 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-18 11:06 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-18 11:06 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-18 11:06 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-18 11:06 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-18 11:06 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-18 11:06 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-18 11:06 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-18 11:06 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-18 11:06 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-18 11:06 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-18 11:06 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-18 11:06 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-18 11:06 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-18 11:06 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-18 11:06 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-18 10:57 - 2013-08-18 11:00 - 00000000 ____D C:\Windows\system32\MRT 2013-08-18 10:56 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-18 10:56 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-18 10:56 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-18 10:56 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-18 10:56 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-18 10:56 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-18 10:56 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-18 10:56 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-18 10:56 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-18 10:56 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-18 10:56 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-18 10:56 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-18 10:56 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-18 10:56 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-18 10:56 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-18 10:55 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-10 12:16 - 2013-08-10 12:16 - 00000000 ____D C:\Users\Corinna\AppData\Roaming\Avira 2013-08-10 12:11 - 2013-08-10 12:11 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-08-10 12:10 - 2013-08-10 12:10 - 00002006 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-08-10 12:10 - 2013-08-10 12:03 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-08-10 12:10 - 2013-08-10 12:03 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-08-10 12:10 - 2013-08-10 12:03 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-08-10 12:09 - 2013-08-10 12:10 - 00000000 ____D C:\ProgramData\Avira 2013-08-10 12:09 - 2013-08-10 12:09 - 00000000 ____D C:\Program Files (x86)\Avira ==================== One Month Modified Files and Folders ======= 2013-08-20 18:22 - 2013-08-20 18:21 - 01576196 _____ (Farbar) C:\Users\Corinna\Desktop\FRST64.exe 2013-08-20 18:21 - 2012-11-18 13:54 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-20 18:20 - 2013-08-20 18:20 - 00000476 _____ C:\Users\Corinna\Desktop\defogger_disable.log 2013-08-20 18:20 - 2013-08-20 18:20 - 00000000 _____ C:\Users\Corinna\defogger_reenable 2013-08-20 18:20 - 2011-02-19 12:45 - 00000000 ____D C:\Users\Corinna 2013-08-20 18:19 - 2013-08-20 18:19 - 00050477 _____ C:\Users\Corinna\Desktop\Defogger.exe 2013-08-20 18:18 - 2013-01-13 18:18 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-20 17:29 - 2013-08-20 17:29 - 00602112 _____ (OldTimer Tools) C:\Users\Corinna\Desktop\OTL.exe 2013-08-20 17:27 - 2013-08-20 17:13 - 00000000 ____D C:\ProgramData\HitmanPro 2013-08-20 17:21 - 2012-11-18 13:54 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-20 17:17 - 2010-10-16 09:56 - 01123056 _____ C:\Windows\WindowsUpdate.log 2013-08-20 17:17 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-20 17:17 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-20 17:13 - 2013-08-20 17:13 - 09853928 _____ (SurfRight B.V.) C:\Users\Corinna\Downloads\hitmanpro_x64.exe 2013-08-20 17:10 - 2013-08-20 17:10 - 00000000 ____D C:\ProgramData\boost_interprocess 2013-08-20 17:06 - 2011-12-17 18:37 - 00023128 _____ C:\Windows\setupact.log 2013-08-20 17:06 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-18 11:02 - 2010-10-16 19:47 - 00657910 _____ C:\Windows\system32\perfh007.dat 2013-08-18 11:02 - 2010-10-16 19:47 - 00131250 _____ C:\Windows\system32\perfc007.dat 2013-08-18 11:02 - 2009-07-14 07:13 - 01529334 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-18 11:00 - 2013-08-18 10:57 - 00000000 ____D C:\Windows\system32\MRT 2013-08-18 10:57 - 2011-02-24 18:51 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-10 15:40 - 2013-06-30 17:13 - 00011861 _____ C:\Users\Corinna\Documents\USA Florida Reise 2013.xlsx 2013-08-10 15:29 - 2011-09-11 10:04 - 00000000 ____D C:\Users\Corinna\Documents\Kreditkarte 2013-08-10 15:08 - 2012-05-06 15:02 - 00013324 _____ C:\Windows\PFRO.log 2013-08-10 12:16 - 2013-08-10 12:16 - 00000000 ____D C:\Users\Corinna\AppData\Roaming\Avira 2013-08-10 12:11 - 2013-08-10 12:11 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-08-10 12:10 - 2013-08-10 12:10 - 00002006 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-08-10 12:10 - 2013-08-10 12:09 - 00000000 ____D C:\ProgramData\Avira 2013-08-10 12:09 - 2013-08-10 12:09 - 00000000 ____D C:\Program Files (x86)\Avira 2013-08-10 12:03 - 2013-08-10 12:10 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-08-10 12:03 - 2013-08-10 12:10 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-08-10 12:03 - 2013-08-10 12:10 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-08-04 17:22 - 2012-11-18 13:55 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-07-26 07:13 - 2013-08-18 11:06 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-26 07:13 - 2013-08-18 11:06 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-26 07:13 - 2013-08-18 11:06 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-26 07:12 - 2013-08-18 11:06 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-26 07:12 - 2013-08-18 11:06 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-26 07:12 - 2013-08-18 11:06 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-26 07:12 - 2013-08-18 11:06 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-26 07:12 - 2013-08-18 11:06 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-26 07:12 - 2013-08-18 11:06 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-26 07:12 - 2013-08-18 11:06 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-26 07:12 - 2013-08-18 11:06 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-26 07:12 - 2013-08-18 11:06 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-26 07:12 - 2013-08-18 11:06 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-26 07:12 - 2013-08-18 11:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-26 05:35 - 2013-08-18 11:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-26 05:13 - 2013-08-18 11:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-26 05:13 - 2013-08-18 11:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-26 05:12 - 2013-08-18 11:06 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-26 05:12 - 2013-08-18 11:06 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-26 05:12 - 2013-08-18 11:06 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-26 05:12 - 2013-08-18 11:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-26 05:12 - 2013-08-18 11:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-26 05:12 - 2013-08-18 11:06 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-26 05:12 - 2013-08-18 11:06 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-26 05:12 - 2013-08-18 11:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-26 05:12 - 2013-08-18 11:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-26 05:11 - 2013-08-18 11:06 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-26 05:11 - 2013-08-18 11:06 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-26 04:49 - 2013-08-18 11:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-26 04:39 - 2013-08-18 11:06 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-26 03:59 - 2013-08-18 11:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-25 11:25 - 2013-08-18 10:56 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-25 10:57 - 2013-08-18 10:56 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-21 17:16 - 2012-11-18 13:54 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-21 17:16 - 2012-11-18 13:54 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-22 13:57 ==================== End Of Log ============================ --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2013 03 Ran by Corinna at 2013-08-20 18:23:06 Running from C:\Users\Corinna\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Acrobat.com (x32 Version: 1.6.65) Adobe AIR (x32 Version: Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Photoshop Elements 8.0 (x32 Version: 8.0) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Advertising Center (x32 Version: Agatha Christie - Death on the Nile (x32 Version: Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: Apple Software Update (x32 Version: Avira Free Antivirus (x32 Version: Backup Manager Basic (x32 Version: Bejeweled 2 Deluxe (x32 Version: Bonjour (Version: Broadcom Gigabit NetLink Controller (Version: Build-a-lot 2 (x32 Version: Chuzzle Deluxe (x32 Version: Diner Dash 2 Restaurant Rescue (x32 Version: eaner (Version: 3.04) Farm Frenzy (x32 Version: FATE (x32 Version: Final Drive Nitro (x32 Version: Google Chrome (x32 Version: 28.0.1500.95) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358) Google Update Helper (x32 Version: HP Photosmart 7520 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0) iCloud (Version: Identity Card (x32 Version: 1.00.3003) ImagXpress (x32 Version: Insaniquarium Deluxe (x32 Version: Intel(R) Control Center (x32 Version: Intel(R) Graphics Media Accelerator Driver (x32 Version: Intel(R) Management Engine Components (x32 Version: Intel(R) Rapid Storage Technology (x32 Version: iTunes (Version: Java(TM) 7 Update 4 (64-bit) (Version: 7.0.40) Jewel Quest Solitaire 2 (x32 Version: John Deere Drive Green (x32 Version: Junk Mail filter update (x32 Version: 14.0.8117.416) Launch Manager (x32 Version: 4.0.14) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (x32 Version: Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Silverlight (x32 Version: 4.0.50401.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) MSVCRT (x32 Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Nero 9 Essentials (x32) Nero ControlCenter (x32 Version: Nero DiscSpeed (x32 Version: Nero DiscSpeed Help (x32 Version: Nero DriveSpeed (x32 Version: Nero DriveSpeed Help (x32 Version: Nero Express Help (x32 Version: Nero InfoTool (x32 Version: Nero InfoTool Help (x32 Version: Nero Installer (x32 Version: Nero Online Upgrade (x32 Version: Nero StartSmart (x32 Version: Nero StartSmart Help (x32 Version: Nero StartSmart OEM (x32 Version: NeroExpress (x32 Version: neroxml (x32 Version: 1.0.0) OnlineFotoservice (x32) Packard Bell Game Console (x32) Packard Bell Games (x32 Version: Packard Bell InfoCentre (x32 Version: 3.02.3000) Packard Bell MyBackup (x32 Version: Packard Bell Power Management (x32 Version: 5.00.3005) Packard Bell Recovery Management (x32 Version: 4.05.3013) Packard Bell Registration (x32 Version: 1.03.3003) Packard Bell ScreenSaver (x32 Version: 1.1.0806.2010) Packard Bell Social Networks (x32 Version: 1.0.1901) Packard Bell Updater (x32 Version: 1.02.3001) Penguins! (x32 Version: Plants vs. Zombies (x32 Version: Polar Bowler (x32 Version: Polar Golfer (x32 Version: QuickTime (x32 Version: Realtek High Definition Audio Driver (x32 Version: Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30122) Safari (x32 Version: Skype™ 4.1 (x32 Version: 4.1.179) Synaptics Pointing Device Driver (Version: Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Video Web Camera (x32 Version: Virtual Villagers 4 - The Tree of Life (x32 Version: VoiceOver Kit (x32 Version: Welcome Center (x32 Version: 1.02.3004) Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5) Windows Live Call (x32 Version: 14.0.8117.0416) Windows Live Communications Platform (x32 Version: 14.0.8117.416) Windows Live Essentials (x32 Version: 14.0.8117.0416) Windows Live Essentials (x32 Version: 14.0.8117.416) Windows Live Fotogalerie (x32 Version: 14.0.8117.416) Windows Live Mail (x32 Version: 14.0.8117.0416) Windows Live Messenger (x32 Version: 14.0.8117.0416) Windows Live Movie Maker (x32 Version: 14.0.8117.0416) Windows Live Sync (x32 Version: 14.0.8117.416) Windows Live Writer (x32 Version: 14.0.8117.0416) Windows Live-Uploadtool (x32 Version: 14.0.8014.1029) WinRAR (x32) Zuma Deluxe (x32 Version: Zuma's Revenge (x32 Version: ==================== Restore Points ========================= 07-06-2013 15:54:42 Windows Update 11-06-2013 15:17:16 Windows Update 15-06-2013 13:09:54 Windows Update 25-06-2013 17:24:06 Windows Update 30-06-2013 14:52:13 Windows Update 07-07-2013 12:59:02 Windows Update 14-07-2013 08:50:27 Windows Update 22-07-2013 18:24:43 Windows Update 28-07-2013 12:17:33 Windows Update 03-08-2013 15:05:58 Windows Update 10-08-2013 10:00:01 Windows Update 18-08-2013 08:56:44 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {24393275-E9E3-4AEA-89FB-DDFD2F306201} - System32\Tasks\{6A0A83DC-045E-4914-8695-565456595131} => C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013-07-26] (Microsoft Corporation) Task: {34739008-C0B8-4A69-8D53-67E305556C22} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-14] (Adobe Systems Incorporated) Task: {3E4D869C-F2C8-40B6-AEC9-42DBB1BAFC24} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {446A3F85-92A2-4D21-AE7F-26B355D8EC3F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-18] (Google Inc.) Task: {4E309884-2C9A-4184-A8D7-6E86B07E8933} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A179C7ED-13E9-4391-9B38-D9DE0D973330} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-18] (Google Inc.) Task: {BCA7EC9F-FE1F-49ED-8554-0CE157830CBF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/21/2013 08:10:30 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6016865 Error: (07/21/2013 08:10:30 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6016865 Error: (07/21/2013 08:10:30 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/21/2013 08:10:29 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6015819 Error: (07/21/2013 08:10:29 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6015819 Error: (07/21/2013 08:10:29 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/21/2013 08:10:28 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6014790 Error: (07/21/2013 08:10:28 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6014790 Error: (07/21/2013 08:10:28 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/21/2013 08:10:27 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6013776 System errors: ============= Error: (08/20/2013 05:13:20 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (08/20/2013 05:08:42 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (08/20/2013 05:07:56 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (08/18/2013 03:57:08 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (08/18/2013 03:56:30 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (08/18/2013 01:47:37 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (08/18/2013 01:46:40 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (08/18/2013 11:13:36 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (08/18/2013 10:45:36 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (08/18/2013 10:45:09 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Microsoft Office Sessions: ========================= Error: (07/21/2013 08:10:30 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6016865 Error: (07/21/2013 08:10:30 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6016865 Error: (07/21/2013 08:10:30 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/21/2013 08:10:29 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6015819 Error: (07/21/2013 08:10:29 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6015819 Error: (07/21/2013 08:10:29 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/21/2013 08:10:28 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6014790 Error: (07/21/2013 08:10:28 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6014790 Error: (07/21/2013 08:10:28 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/21/2013 08:10:27 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6013776 ==================== Memory info =========================== Percentage of memory in use: 66% Total physical RAM: 2806.71 MB Available physical RAM: 942.04 MB Total Pagefile: 5611.61 MB Available Pagefile: 3408.01 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:284.99 GB) (Free:222.27 GB) NTFS Drive d: (NK - Fotos) (CDROM) (Total:0.23 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 8EB7A529) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
20.08.2013, 17:27 | #8 |
/// TB-Ausbilder | Zeus/ZBot Telekom email Ja prima. Also in diesem Logfile ist nichts von einem ZBot zu sehen. Damit wir sicher sind ... Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
20.08.2013, 17:32 | #9 |
| Zeus/ZBot Telekom email defogger Code:
ATTFilter defogger_disable by jpshortstuff ( Log created at 18:20 on 20/08/2013 (Corinna) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- wie gehe ich mit Rechner 2 vor? separates Thema? oder einfach die logs hierein posten? |
20.08.2013, 17:32 | #10 |
/// TB-Ausbilder | Zeus/ZBot Telekom email Einen nach dem anderen. Wir machen erst hier fertig.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
20.08.2013, 17:34 | #11 |
| Zeus/ZBot Telekom email ok...danke auf jeden Fall schonmal für die schnelle und kompetente Hilfe!!! *DAUMENHOCH* |
20.08.2013, 17:34 | #12 |
/// TB-Ausbilder | Zeus/ZBot Telekom email Wir sind ja noch lange nicht fertig.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
20.08.2013, 17:50 | #13 |
| Zeus/ZBot Telekom email scan läuft....steht bei 75% ohne fund |
20.08.2013, 18:56 | #14 | |
/// TB-Ausbilder | Zeus/ZBot Telekom emailZitat:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
20.08.2013, 19:05 | #15 |
| Zeus/ZBot Telekom email so eset ist fertig: Code:
ATTFilter C:\Users\Corinna\Pictures\reading\AUTORUN.INF Win32/AutoRun.GD worm |
Themen zu Zeus/ZBot Telekom email |
bekannte, bereits, email, erfolg, erhalte, erhalten, heute, infiziert, liebe, poste, posten, potentielle, rechner, rechnern, software, telekom, troja, trojaner, trojaner zbot, zbot, zeus/zbot |