| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: bsi sicherheitstestWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.01.2014, 10:26
| #1 |
 |  bsi sicherheitstest hallo ich hab über die bsi sicherheitstest seite erfahren das meine e-mail auch gehackt wurde jetzt hab ich antivire avast und bitdefender quickscan übern rechner laufen lassen sollten die nicht irgendwas finden? kann mir da einer helfen meinen rechner schadfrei zu bekommen danke schonmal |
|
22.01.2014, 11:54
| #2 |
| /// the machine /// TB-Ausbilder    | bsi sicherheitstest Hi,
__________________was hat dein rechner damit zu tun wenn Deine Mail Adresse gehackt wurde?  Google mal Email Spoofing Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
23.01.2014, 11:09
| #3 |
| | bsi sicherheitstest na weil die medien und diese bsi sagen das die hacker irgendwelche schadprogramme auf meinen rechner bzw die betroffenen rechner installert haben
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-01-2014
Ran by cevin (administrator) on CEVIN-PC on 23-01-2014 11:06:19
Running from C:\Users\cevin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
() C:\Program Files (x86)\Join Air\AssistantServices.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Farbar) C:\Users\cevin\Downloads\FRST64(2).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9E1AA96A9BC2CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE370
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\cevin\AppData\Roaming\Mozilla\Firefox\Profiles\0yzj76kz.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.gayromeo.com/
FF NetworkProxy: "ftp", "46.38.63.77"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "46.38.63.77"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "46.38.63.77"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "46.38.63.77"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @real.com/nppl3260;version=15.0.5.109 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.5.109 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.5.109 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\cevin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF SearchPlugin: C:\Users\cevin\AppData\Roaming\Mozilla\Firefox\Profiles\0yzj76kz.default\searchplugins\NJuNeXaeLAqLGUfGTsla
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Block site - C:\Users\cevin\AppData\Roaming\Mozilla\Firefox\Profiles\0yzj76kz.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-12-12]
FF Extension: Bitdefender QuickScan - C:\Users\cevin\AppData\Roaming\Mozilla\Firefox\Profiles\0yzj76kz.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2013-12-15]
FF Extension: Adblock Plus - C:\Users\cevin\AppData\Roaming\Mozilla\Firefox\Profiles\0yzj76kz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-19]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-05]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-12-28]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63600 2013-12-17] (CyberGhost S.R.L)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [796192 2009-08-18] (Acer Incorporated)
R2 IGBASVC; c:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3450368 2009-08-06] (Egis Technology Inc.)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-07] (Egis Technology Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
R2 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] ()
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-04-03] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [6656 2009-07-21] (Windows (R) Win 7 DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-04-03] ()
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24272 2010-11-19] (DiBcom S.A.)
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia)
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [25088 2009-07-21] (Nuvoton Technology Corporation)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [9216 2010-02-26] (Nokia)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [146928 2009-08-04] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 mod7700; system32\DRIVERS\mod7700.sys [x]
S3 PCDSRVC{6DD8E36B-4C656622-06020101}_0; \??\c:\users\cevin\appdata\local\temp\cyzwx_.9lzgs\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-23 11:05 - 2014-01-23 11:05 - 02077184 _____ (Farbar) C:\Users\cevin\Downloads\FRST64(2).exe
2014-01-23 11:01 - 2014-01-23 11:02 - 00000000 ____D C:\Users\cevin\AppData\Local\{672F17AB-9CD3-4CAB-AC3A-D7A4824C4532}
2014-01-22 22:46 - 2014-01-22 22:46 - 00000000 ____D C:\Users\cevin\AppData\Local\{839B7FEC-C6DD-4432-828D-9C431CF81260}
2014-01-22 10:45 - 2014-01-22 10:45 - 00000000 ____D C:\Users\cevin\AppData\Local\{BE5C2440-1922-47E0-AE16-8F9BDBDF259E}
2014-01-22 00:27 - 2014-01-22 00:27 - 00012105 _____ C:\Users\cevin\Documents\Unbenannt 1.odt
2014-01-21 22:44 - 2014-01-21 22:44 - 00000000 ____D C:\Users\cevin\AppData\Local\{6ADECD83-E334-4C43-B530-7FB5C12392AD}
2014-01-20 19:32 - 2014-01-20 19:32 - 00000000 ____D C:\Users\cevin\AppData\Local\{68F75432-C042-4B5A-9908-14053A2E687D}
2014-01-20 00:43 - 2014-01-20 00:43 - 00026697 _____ C:\Users\cevin\Documents\burnout.odt
2014-01-19 23:07 - 2014-01-19 23:07 - 00000000 ____D C:\Users\cevin\AppData\Local\{1FE5C073-DFCB-4A42-AB07-63469E3392BB}
2014-01-18 22:39 - 2014-01-18 22:39 - 00000000 ____D C:\Users\cevin\AppData\Local\{D7031E26-BA32-49D3-BD70-2B24472B0F87}
2014-01-18 10:38 - 2014-01-18 10:38 - 00000000 ____D C:\Users\cevin\AppData\Local\{0DEDAE7C-A5AC-42F4-804F-5F5870D8445E}
2014-01-17 09:32 - 2014-01-17 09:33 - 00000000 ____D C:\Users\cevin\AppData\Local\{732A7AD7-69BB-46B8-B3DD-F38F2CA3B20C}
2014-01-16 20:52 - 2014-01-16 20:52 - 00000000 ____D C:\Users\cevin\AppData\Local\{A836A931-8484-4780-8A75-1F08078ECE32}
2014-01-16 11:10 - 2014-01-16 11:10 - 00000000 ____D C:\Users\cevin\Documents\Bluetooth-Exchange-Ordner
2014-01-16 08:51 - 2014-01-16 08:52 - 00000000 ____D C:\Users\cevin\AppData\Local\{665CC402-8B27-4B97-8315-03D1387CBD9E}
2014-01-15 21:08 - 2014-01-15 21:09 - 00036653 _____ C:\Users\cevin\Downloads\pdf
2014-01-15 19:06 - 2014-01-15 19:06 - 00000000 ____D C:\Users\cevin\AppData\Local\{7BA72A21-0AE3-4E53-9D87-9534D5719F63}
2014-01-15 12:45 - 2014-01-15 12:45 - 00032705 _____ C:\Users\cevin\Documents\trauerfeier.odt
2014-01-14 23:03 - 2014-01-14 23:03 - 00000000 ____D C:\Users\cevin\AppData\Local\{876F4B69-EF64-4365-8CCC-39E92B68BF43}
2014-01-14 23:02 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-14 23:02 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-14 23:02 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-14 23:02 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-14 23:02 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-14 23:02 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-14 23:02 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 23:02 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-14 23:02 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-13 20:32 - 2014-01-13 20:33 - 00000000 ____D C:\Users\cevin\AppData\Local\{649F1929-3C58-4DBA-8824-11F570E37B8A}
2014-01-12 23:16 - 2014-01-12 23:16 - 00000000 ____D C:\Users\cevin\AppData\Local\{E1EDD185-8D7B-4818-AC91-B096EA4AAE96}
2014-01-12 11:15 - 2014-01-12 11:15 - 00000000 ____D C:\Users\cevin\AppData\Local\{220C8A72-9294-475B-9C14-5D74D710AABF}
2014-01-11 22:12 - 2014-01-11 22:12 - 00000000 ____D C:\Users\cevin\AppData\Local\{421EABBF-7233-46F5-8090-18EEF8035245}
2014-01-11 10:11 - 2014-01-11 10:11 - 00000000 ____D C:\Users\cevin\AppData\Local\{59A3AF1E-AE4D-46CB-B279-3D93AE6D2836}
2014-01-10 15:33 - 2014-01-10 15:34 - 24480671 _____ C:\Users\cevin\Downloads\GT-I9205_UM_Open_Jellybean_Ger_Rev.1.1_130618.zip
2014-01-10 10:41 - 2014-01-10 10:41 - 00000000 ____D C:\Users\cevin\AppData\Local\{3F873BF1-EF90-47CE-BB87-FCE207CCB742}
2014-01-09 22:40 - 2014-01-09 22:41 - 00000000 ____D C:\Users\cevin\AppData\Local\{E10C6A93-FAF6-457E-88B4-A2F41DDD70B1}
2014-01-09 09:43 - 2014-01-09 09:43 - 00000000 ____D C:\Users\cevin\AppData\Local\{397E411D-C8E9-4CC8-87F2-DBBD6446A7AB}
2014-01-08 19:38 - 2014-01-08 19:38 - 00000000 ____D C:\Users\cevin\AppData\Local\{C94BDBAF-FD66-4B3C-9A8E-F5BAE9B2BE28}
2014-01-08 11:08 - 2014-01-08 11:08 - 03991704 _____ (AllAnonymity ) C:\Users\cevin\Downloads\iphider.exe
2014-01-07 22:46 - 2014-01-07 22:47 - 00000000 ____D C:\Users\cevin\AppData\Local\{69B08A7D-BE13-42EF-A1F7-624AAA11BD01}
2014-01-06 19:45 - 2014-01-06 19:45 - 00291808 _____ C:\Windows\Minidump\010614-37908-01.dmp
2014-01-06 10:23 - 2014-01-06 10:23 - 00000000 ____D C:\Users\cevin\AppData\Local\{C1F46F16-AF64-4499-A5B2-4D919E594D42}
2014-01-05 09:49 - 2014-01-05 09:49 - 00000000 ____D C:\Users\cevin\AppData\Local\{941CB7EC-5325-41DA-AD28-939325D3B491}
2014-01-04 09:23 - 2014-01-04 09:23 - 00000000 ____D C:\Users\cevin\AppData\Local\{A2FA76D1-C650-425D-A683-559829B4ECA3}
2014-01-03 21:54 - 2014-01-03 21:54 - 00291808 _____ C:\Windows\Minidump\010314-40139-01.dmp
2014-01-03 20:29 - 2014-01-03 20:30 - 00000000 ____D C:\Users\cevin\AppData\Local\{D84D7DA9-7090-475C-A7A3-0C60B6ECCBAA}
2014-01-02 23:34 - 2014-01-02 23:34 - 00000000 ____D C:\Users\cevin\AppData\Local\{51823512-AFF1-433D-83DC-16627B89E881}
2014-01-02 11:33 - 2014-01-02 11:34 - 00000000 ____D C:\Users\cevin\AppData\Local\{FE2BECC9-797C-4864-B13D-B9769D927102}
2014-01-01 23:33 - 2014-01-01 23:33 - 00000000 ____D C:\Users\cevin\AppData\Local\{08894ECD-3144-4EAB-ABB9-5E721966D844}
2014-01-01 11:32 - 2014-01-01 11:33 - 00000000 ____D C:\Users\cevin\AppData\Local\{32C66D0D-6A74-407C-854A-CC93253C7A3D}
2013-12-31 22:10 - 2013-12-31 22:10 - 00000000 ____D C:\Users\cevin\AppData\Local\{92D5213A-20E4-486A-B736-CD2FE82DA652}
2013-12-31 10:05 - 2013-12-31 10:06 - 00000000 ____D C:\Users\cevin\AppData\Local\{0FBAF810-25D9-4870-936D-C7E4153E2AF4}
2013-12-30 12:02 - 2013-12-30 12:03 - 00000000 ____D C:\Users\cevin\AppData\Local\{768532E1-5EB5-4519-942E-E2BA66095AE9}
2013-12-29 22:54 - 2013-12-29 22:55 - 00000000 ____D C:\Users\cevin\AppData\Local\{A6892A8F-42DF-4481-B7C4-E558436E74B1}
2013-12-29 10:52 - 2013-12-29 10:54 - 00000000 ____D C:\Users\cevin\AppData\Local\{D33CE2F7-1401-4B82-9B1C-BCD1180F71BC}
2013-12-28 20:12 - 2013-12-28 20:12 - 00000000 ____D C:\Users\cevin\AppData\Local\{F8DD6179-CDBC-4609-8810-DB6D830D26D9}
2013-12-27 22:40 - 2013-12-27 22:40 - 00000000 ____D C:\Users\cevin\AppData\Local\{3607CC81-7A7E-44F6-A773-A6521D2EADEF}
2013-12-25 23:24 - 2013-12-25 23:24 - 00000000 ____D C:\Users\cevin\AppData\Local\{19F5047E-F832-4C35-91C1-E481FDDC8A37}
2013-12-25 11:23 - 2013-12-25 11:24 - 00000000 ____D C:\Users\cevin\AppData\Local\{5B2768B3-65C2-486F-8D8A-B521486A7709}
2013-12-24 20:51 - 2013-12-24 20:52 - 00000000 ____D C:\Users\cevin\AppData\Local\{E3043295-4545-49B2-A2B8-0F2BD249568E}
==================== One Month Modified Files and Folders =======
2014-01-23 11:06 - 2013-12-15 11:10 - 00014289 _____ C:\Users\cevin\Downloads\FRST.txt
2014-01-23 11:05 - 2014-01-23 11:05 - 02077184 _____ (Farbar) C:\Users\cevin\Downloads\FRST64(2).exe
2014-01-23 11:02 - 2014-01-23 11:01 - 00000000 ____D C:\Users\cevin\AppData\Local\{672F17AB-9CD3-4CAB-AC3A-D7A4824C4532}
2014-01-23 10:58 - 2013-06-28 22:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-23 10:54 - 2009-07-14 05:45 - 00017376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-23 10:54 - 2009-07-14 05:45 - 00017376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-23 10:45 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-23 10:45 - 2009-07-14 05:51 - 00201197 _____ C:\Windows\setupact.log
2014-01-22 23:44 - 2010-01-26 16:30 - 01632696 _____ C:\Windows\WindowsUpdate.log
2014-01-22 23:05 - 2012-05-26 20:25 - 00000000 ____D C:\Users\cevin\AppData\Roaming\vlc
2014-01-22 23:04 - 2013-12-03 23:02 - 00271897 _____ C:\Windows\IE11_main.log
2014-01-22 22:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-22 22:46 - 2014-01-22 22:46 - 00000000 ____D C:\Users\cevin\AppData\Local\{839B7FEC-C6DD-4432-828D-9C431CF81260}
2014-01-22 10:45 - 2014-01-22 10:45 - 00000000 ____D C:\Users\cevin\AppData\Local\{BE5C2440-1922-47E0-AE16-8F9BDBDF259E}
2014-01-22 10:24 - 2011-07-24 17:11 - 00000000 ____D C:\Users\cevin\AppData\Roaming\QuickScan
2014-01-22 09:59 - 2013-07-05 08:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-22 00:27 - 2014-01-22 00:27 - 00012105 _____ C:\Users\cevin\Documents\Unbenannt 1.odt
2014-01-21 22:44 - 2014-01-21 22:44 - 00000000 ____D C:\Users\cevin\AppData\Local\{6ADECD83-E334-4C43-B530-7FB5C12392AD}
2014-01-20 19:32 - 2014-01-20 19:32 - 00000000 ____D C:\Users\cevin\AppData\Local\{68F75432-C042-4B5A-9908-14053A2E687D}
2014-01-20 00:43 - 2014-01-20 00:43 - 00026697 _____ C:\Users\cevin\Documents\burnout.odt
2014-01-19 23:07 - 2014-01-19 23:07 - 00000000 ____D C:\Users\cevin\AppData\Local\{1FE5C073-DFCB-4A42-AB07-63469E3392BB}
2014-01-18 22:39 - 2014-01-18 22:39 - 00000000 ____D C:\Users\cevin\AppData\Local\{D7031E26-BA32-49D3-BD70-2B24472B0F87}
2014-01-18 10:38 - 2014-01-18 10:38 - 00000000 ____D C:\Users\cevin\AppData\Local\{0DEDAE7C-A5AC-42F4-804F-5F5870D8445E}
2014-01-17 09:33 - 2014-01-17 09:32 - 00000000 ____D C:\Users\cevin\AppData\Local\{732A7AD7-69BB-46B8-B3DD-F38F2CA3B20C}
2014-01-16 20:52 - 2014-01-16 20:52 - 00000000 ____D C:\Users\cevin\AppData\Local\{A836A931-8484-4780-8A75-1F08078ECE32}
2014-01-16 14:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-16 11:10 - 2014-01-16 11:10 - 00000000 ____D C:\Users\cevin\Documents\Bluetooth-Exchange-Ordner
2014-01-16 11:07 - 2010-01-27 01:23 - 00654400 _____ C:\Windows\system32\perfh007.dat
2014-01-16 11:07 - 2010-01-27 01:23 - 00130240 _____ C:\Windows\system32\perfc007.dat
2014-01-16 11:07 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-16 08:52 - 2014-01-16 08:51 - 00000000 ____D C:\Users\cevin\AppData\Local\{665CC402-8B27-4B97-8315-03D1387CBD9E}
2014-01-15 21:09 - 2014-01-15 21:08 - 00036653 _____ C:\Users\cevin\Downloads\pdf
2014-01-15 19:06 - 2014-01-15 19:06 - 00000000 ____D C:\Users\cevin\AppData\Local\{7BA72A21-0AE3-4E53-9D87-9534D5719F63}
2014-01-15 19:00 - 2009-07-14 05:45 - 00337312 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 12:45 - 2014-01-15 12:45 - 00032705 _____ C:\Users\cevin\Documents\trauerfeier.odt
2014-01-14 23:12 - 2013-08-15 09:56 - 00000000 ____D C:\Windows\system32\MRT
2014-01-14 23:05 - 2010-05-23 10:48 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 23:03 - 2014-01-14 23:03 - 00000000 ____D C:\Users\cevin\AppData\Local\{876F4B69-EF64-4365-8CCC-39E92B68BF43}
2014-01-13 20:33 - 2014-01-13 20:32 - 00000000 ____D C:\Users\cevin\AppData\Local\{649F1929-3C58-4DBA-8824-11F570E37B8A}
2014-01-12 23:16 - 2014-01-12 23:16 - 00000000 ____D C:\Users\cevin\AppData\Local\{E1EDD185-8D7B-4818-AC91-B096EA4AAE96}
2014-01-12 11:15 - 2014-01-12 11:15 - 00000000 ____D C:\Users\cevin\AppData\Local\{220C8A72-9294-475B-9C14-5D74D710AABF}
2014-01-11 22:12 - 2014-01-11 22:12 - 00000000 ____D C:\Users\cevin\AppData\Local\{421EABBF-7233-46F5-8090-18EEF8035245}
2014-01-11 10:11 - 2014-01-11 10:11 - 00000000 ____D C:\Users\cevin\AppData\Local\{59A3AF1E-AE4D-46CB-B279-3D93AE6D2836}
2014-01-10 15:34 - 2014-01-10 15:33 - 24480671 _____ C:\Users\cevin\Downloads\GT-I9205_UM_Open_Jellybean_Ger_Rev.1.1_130618.zip
2014-01-10 10:41 - 2014-01-10 10:41 - 00000000 ____D C:\Users\cevin\AppData\Local\{3F873BF1-EF90-47CE-BB87-FCE207CCB742}
2014-01-09 22:41 - 2014-01-09 22:40 - 00000000 ____D C:\Users\cevin\AppData\Local\{E10C6A93-FAF6-457E-88B4-A2F41DDD70B1}
2014-01-09 09:43 - 2014-01-09 09:43 - 00000000 ____D C:\Users\cevin\AppData\Local\{397E411D-C8E9-4CC8-87F2-DBBD6446A7AB}
2014-01-08 19:38 - 2014-01-08 19:38 - 00000000 ____D C:\Users\cevin\AppData\Local\{C94BDBAF-FD66-4B3C-9A8E-F5BAE9B2BE28}
2014-01-08 11:08 - 2014-01-08 11:08 - 03991704 _____ (AllAnonymity ) C:\Users\cevin\Downloads\iphider.exe
2014-01-07 22:47 - 2014-01-07 22:46 - 00000000 ____D C:\Users\cevin\AppData\Local\{69B08A7D-BE13-42EF-A1F7-624AAA11BD01}
2014-01-06 19:45 - 2014-01-06 19:45 - 00291808 _____ C:\Windows\Minidump\010614-37908-01.dmp
2014-01-06 19:45 - 2010-03-20 11:00 - 453942792 _____ C:\Windows\MEMORY.DMP
2014-01-06 19:45 - 2010-03-20 11:00 - 00000000 ____D C:\Windows\Minidump
2014-01-06 10:23 - 2014-01-06 10:23 - 00000000 ____D C:\Users\cevin\AppData\Local\{C1F46F16-AF64-4499-A5B2-4D919E594D42}
2014-01-05 09:49 - 2014-01-05 09:49 - 00000000 ____D C:\Users\cevin\AppData\Local\{941CB7EC-5325-41DA-AD28-939325D3B491}
2014-01-04 09:23 - 2014-01-04 09:23 - 00000000 ____D C:\Users\cevin\AppData\Local\{A2FA76D1-C650-425D-A683-559829B4ECA3}
2014-01-03 21:54 - 2014-01-03 21:54 - 00291808 _____ C:\Windows\Minidump\010314-40139-01.dmp
2014-01-03 20:30 - 2014-01-03 20:29 - 00000000 ____D C:\Users\cevin\AppData\Local\{D84D7DA9-7090-475C-A7A3-0C60B6ECCBAA}
2014-01-02 23:34 - 2014-01-02 23:34 - 00000000 ____D C:\Users\cevin\AppData\Local\{51823512-AFF1-433D-83DC-16627B89E881}
2014-01-02 11:34 - 2014-01-02 11:33 - 00000000 ____D C:\Users\cevin\AppData\Local\{FE2BECC9-797C-4864-B13D-B9769D927102}
2014-01-01 23:33 - 2014-01-01 23:33 - 00000000 ____D C:\Users\cevin\AppData\Local\{08894ECD-3144-4EAB-ABB9-5E721966D844}
2014-01-01 11:33 - 2014-01-01 11:32 - 00000000 ____D C:\Users\cevin\AppData\Local\{32C66D0D-6A74-407C-854A-CC93253C7A3D}
2013-12-31 22:10 - 2013-12-31 22:10 - 00000000 ____D C:\Users\cevin\AppData\Local\{92D5213A-20E4-486A-B736-CD2FE82DA652}
2013-12-31 10:06 - 2013-12-31 10:05 - 00000000 ____D C:\Users\cevin\AppData\Local\{0FBAF810-25D9-4870-936D-C7E4153E2AF4}
2013-12-30 12:03 - 2013-12-30 12:02 - 00000000 ____D C:\Users\cevin\AppData\Local\{768532E1-5EB5-4519-942E-E2BA66095AE9}
2013-12-29 22:55 - 2013-12-29 22:54 - 00000000 ____D C:\Users\cevin\AppData\Local\{A6892A8F-42DF-4481-B7C4-E558436E74B1}
2013-12-29 10:54 - 2013-12-29 10:52 - 00000000 ____D C:\Users\cevin\AppData\Local\{D33CE2F7-1401-4B82-9B1C-BCD1180F71BC}
2013-12-28 20:12 - 2013-12-28 20:12 - 00000000 ____D C:\Users\cevin\AppData\Local\{F8DD6179-CDBC-4609-8810-DB6D830D26D9}
2013-12-28 20:08 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-27 22:40 - 2013-12-27 22:40 - 00000000 ____D C:\Users\cevin\AppData\Local\{3607CC81-7A7E-44F6-A773-A6521D2EADEF}
2013-12-25 23:24 - 2013-12-25 23:24 - 00000000 ____D C:\Users\cevin\AppData\Local\{19F5047E-F832-4C35-91C1-E481FDDC8A37}
2013-12-25 11:24 - 2013-12-25 11:23 - 00000000 ____D C:\Users\cevin\AppData\Local\{5B2768B3-65C2-486F-8D8A-B521486A7709}
2013-12-24 20:52 - 2013-12-24 20:51 - 00000000 ____D C:\Users\cevin\AppData\Local\{E3043295-4545-49B2-A2B8-0F2BD249568E}
Some content of TEMP:
====================
C:\Users\cevin\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-16 14:29
==================== End Of Log ============================
--- --- --- |
|
24.01.2014, 07:37
| #4 |
| /// the machine /// TB-Ausbilder | bsi sicherheitstest Ja, dieser BSI Wahn ist der Witz des Jahrhunderts. Aber Hauptsache alle Leute verrückt machen und die Foren damit fluten. Rechner ist sauber
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.01.2014, 11:37
| #5 |
| | bsi sicherheitstest danke aber wo haben die den meine e-mail mit passwort her und was können die damit machen wenn mein e-mail passwort nen ganz anderes ist als alle anderen |
|
25.01.2014, 11:23
| #6 |
| /// the machine /// TB-Ausbilder | bsi sicherheitstest Tja, keiner weiß woher die die Adressen haben. Wurde die Adressen von Infektionen gesammelt, oder einfach nur von Unternehmen vertickert..... Fakt ist: Deine vom BSI angegebene Email Adresse wurde, wenn überhaupt, online gehackt, ohne Zutun von Malware auf deinem Rechner. PW ändern und fertig.
__________________ --> bsi sicherheitstest |
|
| Themen zu bsi sicherheitstest |
| avast, bitdefender, defender, e-mail, gehackt, laufe, laufen, rechner, schonmal, seite, sicherheitstest |
Linear-Darstellung
