|
Log-Analyse und Auswertung: Hotmail gehackt? Seltsamer Fall!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.07.2013, 19:36 | #1 |
| Hotmail gehackt? Seltsamer Fall! Also nachdem ich mein Handy gewechselt hatte von iPhone 4 auf S4 habe ich nach einiger Zeit die Meldung "serverpasswort wurde geändert geben sie ihr neues passwort ein" ich dachte das wäre alles nur fehlmeldungen vom android oder ich hätte die einstellung falsch getätigt, denn als ich immer auf abbrechen gedruckt habe ging alles ganz normal weiter. Gestern kam die Meldung wieder und danach war mein Passwort nicht mehr das selbe? Ich hab zwar alles wieder zuruckgesetzt und hab alles wie gewohnt aber trotzdem finde ich das komisch ? ich habe an niemanden Email gesendet und ich hab ganz normal Email bekommen und die waren auch ungelesen als ich meine adresse wieder hatte. Komisch oder? ich hab vor 1 woche mein pc mit anti malware programmen scannen lassen und es kam nichts raus. nur eines fand ich ungewöhnlich, ich hab vor paar eine email erhalten Ich möchte Sie wissen lassen, dass wir diesen Preis für Samsung Galaxy S4 brandneuen haben und kommt mit Zubehör in der Originalverpackung versiegelt Unsere aktuellen Förderung: 1 UNIT: Samsung Galaxy S4 ..... 450.00 EUR 3-5 Einheiten: Samsung Galaxy S4 ..... 400.00 EUR 6-10 Einheiten: Samsung Galaxy S4 ..... 350.00 EUR Kontakt E-Mails: itemssales4@gmail.com könnte ihr darauf was reimen? also meine Email habe ich zwar wieder nur find ich es komisch? sorry für meine umgangssprachliche ausdrucksweise aber ich hab den ganzen tag gearbeitet und kann mich kaum konzentrieren |
14.07.2013, 19:50 | #2 |
/// the machine /// TB-Ausbilder | Hotmail gehackt? Seltsamer Fall! hi.
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
15.07.2013, 14:20 | #3 |
| Hotmail gehackt? Seltsamer Fall! FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013 Ran by Samet (administrator) on 15-07-2013 15:19:52 Running from C:\Users\Samet\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Lenovo.) C:\windows\System32\TPHDEXLG64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2473568 2010-11-12] (Synaptics Incorporated) HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [231264 2009-09-02] (Lenovo.) HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-02-10] (Lenovo) HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-23] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7069600 2010-11-22] (Lenovo (Beijing) Limited) HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [418280 2012-07-25] (Autodesk, Inc.) HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [x] HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [x] MountPoints2: {cff06746-553e-11e2-9471-1c75086b9a4f} - E:\setup_vmc_lite.exe /checkApplicationPresence HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-02-10] (Lenovo) HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG) Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120628203956.dll No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120628203956.dll No File BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File Handler: msdaipp - No CLSID Value - Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler-x32: msdaipp - No CLSID Value - Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Samet\AppData\Roaming\Mozilla\Firefox\Profiles\aj0srvbq.default FF NewTab: user_pref("browser.newtab.url", ""); FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: DivXWebPlayer - C:\Users\Samet\AppData\Roaming\Mozilla\Firefox\Profiles\aj0srvbq.default\Extensions\DivXWebPlayer@divx.com.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] C:\Program Files (x86)\Common Files\McAfee\SystemCore Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://www.google.com/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR Extension: (YouTube) - C:\Users\Samet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\Samet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Wajam) - C:\Users\Samet\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0 CHR Extension: (Gmail) - C:\Users\Samet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG) S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [903456 2010-04-20] (Broadcom Corporation.) S4 Megatech-Software-Protection; c:\Megatech\MProtect\MPSERV.EXE [x] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-28] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-28] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG) U3 BcmSqlStartupSvc; S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x] U2 CLKMSVC10_3A60B698; U2 CLKMSVC10_C3B3B687; S3 clwvd; system32\DRIVERS\clwvd.sys [x] U2 DriverService; U2 iATAgentService; U2 idealife Update Service; U3 IGRS; U2 IviRegMgr; U2 nvUpdatusService; U2 Oasis2Service; U2 PCCarerService; U2 ReadyComm.DirectRouter; U2 RichVideo; U2 RtLedService; U2 SeaPort; U2 SoftwareService; U3 SQLWriter; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-15 15:15 - 2013-07-15 15:15 - 00019442 _____ C:\Users\Samet\Downloads\Addition.txt 2013-07-15 15:14 - 2013-07-15 15:14 - 00000000 ____D C:\FRST 2013-07-15 15:13 - 2013-07-15 15:13 - 01777839 _____ (Farbar) C:\Users\Samet\Downloads\FRST64.exe 2013-07-15 15:08 - 2013-07-15 15:08 - 00793536 _____ C:\Users\Samet\Downloads\ZipOpenerSetup(1).exe 2013-07-15 15:06 - 2013-07-15 15:06 - 00793536 _____ C:\Users\Samet\Downloads\ZipOpenerSetup.exe 2013-07-13 23:06 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-07-13 23:06 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-07-13 23:06 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-07-13 23:06 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-07-13 23:06 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-07-13 23:06 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-07-13 23:06 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-07-13 23:06 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-07-13 23:06 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-07-13 23:06 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-07-13 23:06 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-07-13 23:06 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-07-13 23:06 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-07-13 23:06 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-13 23:06 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-13 23:06 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-13 23:06 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-13 23:06 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-13 23:06 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-13 23:06 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-13 23:06 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-13 23:06 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-13 23:06 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-07-13 23:06 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-07-13 23:06 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-07-13 23:06 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-07-13 23:06 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-07-13 23:06 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-13 23:06 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-07-13 23:06 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-07-13 23:06 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-07-11 14:42 - 2013-07-11 14:42 - 00000000 ____D C:\166c26f32918085a21df3c2391e2f0 2013-07-11 10:11 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-11 10:11 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-11 10:11 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2013-07-11 10:11 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-11 10:11 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2013-07-11 10:10 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll 2013-07-11 10:10 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2013-07-08 13:43 - 2013-07-08 13:43 - 00000000 ____D C:\Users\Samet\Documents\Youcam 2013-07-05 19:07 - 2013-07-05 19:09 - 00000049 _____ C:\Users\Samet\Desktop\Hackers please read me!.txt 2013-07-05 08:47 - 2013-07-05 08:52 - 00000000 ____D C:\ProgramData\SecTaskMan 2013-07-05 08:47 - 2013-07-05 08:47 - 00000000 ____D C:\Program Files (x86)\Security Task Manager 2013-07-05 08:46 - 2013-07-05 08:46 - 02094432 _____ C:\Users\Samet\Downloads\SecurityTaskManager_Setup-1.8d.exe 2013-07-05 08:27 - 2013-07-05 08:28 - 00000000 ____D C:\Program Files\CCleaner 2013-07-05 08:27 - 2013-07-05 08:27 - 00002772 _____ C:\windows\System32\Tasks\CCleanerSkipUAC 2013-07-05 08:26 - 2013-07-05 08:26 - 03357912 _____ (Piriform Ltd) C:\Users\Samet\Downloads\ccsetup403_slim.exe 2013-07-04 11:19 - 2013-07-04 14:18 - 00000000 ____D C:\Users\Samet\Documents\Anti-Malware 2013-07-04 11:15 - 2013-07-04 11:17 - 190490568 _____ (Emsisoft GmbH ) C:\Users\Samet\Downloads\EmsisoftAntiMalwareSetup_8.0.exe 2013-07-01 11:38 - 2013-07-01 11:38 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\stflt.sys 2013-07-01 11:36 - 2013-07-01 11:36 - 05049344 _____ (Crawler.com ) C:\Users\Samet\Downloads\SpywareTerminatorSetup_3.0.0.82.exe 2013-07-01 10:55 - 2013-07-01 10:55 - 01276304 _____ C:\Users\Samet\Downloads\MalAware.exe 2013-06-27 12:37 - 2013-06-28 13:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-06-26 13:14 - 2013-06-26 13:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-07-15 15:16 - 2009-07-14 06:45 - 00021072 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-15 15:16 - 2009-07-14 06:45 - 00021072 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-15 15:15 - 2013-07-15 15:15 - 00019442 _____ C:\Users\Samet\Downloads\Addition.txt 2013-07-15 15:14 - 2013-07-15 15:14 - 00000000 ____D C:\FRST 2013-07-15 15:13 - 2013-07-15 15:13 - 01777839 _____ (Farbar) C:\Users\Samet\Downloads\FRST64.exe 2013-07-15 15:12 - 2012-02-09 23:26 - 01131283 _____ C:\windows\WindowsUpdate.log 2013-07-15 15:08 - 2013-07-15 15:08 - 00793536 _____ C:\Users\Samet\Downloads\ZipOpenerSetup(1).exe 2013-07-15 15:06 - 2013-07-15 15:06 - 00793536 _____ C:\Users\Samet\Downloads\ZipOpenerSetup.exe 2013-07-15 15:03 - 2012-02-09 23:58 - 00224256 _____ C:\windows\system32\TPHDLOG0.LOG 2013-07-15 14:52 - 2012-06-28 00:31 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-15 14:49 - 2012-02-09 23:58 - 00728256 _____ C:\windows\system32\TPAPSLOG.LOG 2013-07-15 14:40 - 2012-02-09 23:52 - 00001124 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-15 13:03 - 2012-02-10 00:02 - 02401593 _____ C:\FaceProv.log 2013-07-15 13:03 - 2012-02-10 00:02 - 00000000 ____D C:\ProgramData\VeriFace 2013-07-15 12:37 - 2013-01-31 14:59 - 00000000 ____D C:\Users\Samet\Desktop\Bewerbung 2013 2013-07-15 12:19 - 2012-07-12 11:37 - 01234432 ___SH C:\Users\Samet\Desktop\Thumbs.db 2013-07-15 12:14 - 2012-07-21 11:26 - 00000000 ____D C:\Users\Samet\AppData\Roaming\vlc 2013-07-15 12:09 - 2012-02-09 15:13 - 00697526 _____ C:\windows\system32\perfh007.dat 2013-07-15 12:09 - 2012-02-09 15:13 - 00148532 _____ C:\windows\system32\perfc007.dat 2013-07-15 12:09 - 2009-07-14 07:13 - 01614852 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-15 11:59 - 2012-02-10 00:08 - 00450572 _____ C:\windows\system32\fastboot.set 2013-07-15 11:59 - 2012-02-09 23:52 - 00001120 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-15 11:58 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-15 11:58 - 2009-07-14 06:51 - 00093542 _____ C:\windows\setupact.log 2013-07-14 20:03 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-14 20:03 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-14 00:23 - 2013-01-26 01:54 - 00000000 ____D C:\Users\Samet\Desktop\Design 2013-07-13 23:35 - 2012-02-09 23:52 - 00004120 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-13 23:35 - 2012-02-09 23:52 - 00003868 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-13 22:57 - 2009-07-14 06:45 - 00381944 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-13 22:56 - 2013-03-15 06:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-13 22:56 - 2013-03-15 06:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-13 22:56 - 2011-02-22 13:42 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-11 14:42 - 2013-07-11 14:42 - 00000000 ____D C:\166c26f32918085a21df3c2391e2f0 2013-07-11 14:39 - 2012-06-28 13:34 - 00000000 ____D C:\Users\Samet\AppData\Roaming\SoftGrid Client 2013-07-11 10:12 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF 2013-07-08 13:43 - 2013-07-08 13:43 - 00000000 ____D C:\Users\Samet\Documents\Youcam 2013-07-08 11:07 - 2012-07-04 10:16 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-07-05 19:09 - 2013-07-05 19:07 - 00000049 _____ C:\Users\Samet\Desktop\Hackers please read me!.txt 2013-07-05 08:52 - 2013-07-05 08:47 - 00000000 ____D C:\ProgramData\SecTaskMan 2013-07-05 08:47 - 2013-07-05 08:47 - 00000000 ____D C:\Program Files (x86)\Security Task Manager 2013-07-05 08:46 - 2013-07-05 08:46 - 02094432 _____ C:\Users\Samet\Downloads\SecurityTaskManager_Setup-1.8d.exe 2013-07-05 08:37 - 2012-09-27 17:48 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-07-05 08:28 - 2013-07-05 08:27 - 00000000 ____D C:\Program Files\CCleaner 2013-07-05 08:27 - 2013-07-05 08:27 - 00002772 _____ C:\windows\System32\Tasks\CCleanerSkipUAC 2013-07-05 08:26 - 2013-07-05 08:26 - 03357912 _____ (Piriform Ltd) C:\Users\Samet\Downloads\ccsetup403_slim.exe 2013-07-05 08:20 - 2013-01-12 14:52 - 00000000 ____D C:\Users\Familie 2013-07-04 14:18 - 2013-07-04 11:19 - 00000000 ____D C:\Users\Samet\Documents\Anti-Malware 2013-07-04 11:17 - 2013-07-04 11:15 - 190490568 _____ (Emsisoft GmbH ) C:\Users\Samet\Downloads\EmsisoftAntiMalwareSetup_8.0.exe 2013-07-01 11:38 - 2013-07-01 11:38 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\stflt.sys 2013-07-01 11:36 - 2013-07-01 11:36 - 05049344 _____ (Crawler.com ) C:\Users\Samet\Downloads\SpywareTerminatorSetup_3.0.0.82.exe 2013-07-01 10:55 - 2013-07-01 10:55 - 01276304 _____ C:\Users\Samet\Downloads\MalAware.exe 2013-06-29 13:44 - 2012-06-27 23:50 - 00000000 ____D C:\Users\Samet\AppData\Local\Google 2013-06-28 20:08 - 2012-06-27 23:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-06-28 20:08 - 2010-11-21 05:47 - 00107858 _____ C:\windows\PFRO.log 2013-06-28 13:44 - 2013-06-27 12:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-06-28 13:44 - 2013-05-14 19:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird.bak 2013-06-27 14:34 - 2013-06-12 14:23 - 00000000 ____D C:\Users\Samet\Desktop\Musik 2012 2013-06-27 11:46 - 2013-05-07 14:50 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2013-06-26 13:14 - 2013-06-26 13:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-25 23:04 - 2012-06-28 13:33 - 01592746 _____ C:\windows\SysWOW64\PerfStringBackup.INI 2013-06-23 12:22 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-23 12:15 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2013 Ran by Samet at 2013-07-15 15:29:16 Running from C:\Users\Samet\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Active Protection System (x32 Version: 1.70.08) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) Apple Application Support (x32 Version: 2.2.2) Apple Mobile Device Support (Version: 6.0.0.59) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.26) AutoCAD Mechanical 2013 - Deutsch (German) (Version: 17.0.109.0) AutoCAD Mechanical 2013 - Deutsch (German) (Version: 17.0.48.0) AutoCAD Mechanical 2013 - Deutsch (German) SP1 (Version: 1) AutoCAD Mechanical 2013 Language Pack - Deutsch (German) (Version: 17.0.48.0) Autodesk Content Service (x32 Version: 3.0.84.0) Autodesk Content Service Language Pack (x32 Version: 3.0.84.0) Autodesk Material Library 2013 (x32 Version: 3.0.13) Autodesk Material Library Base Resolution Image Library 2013 (x32 Version: 3.0.13) Autodesk Sync (Version: 3.5.102.0) Avira Free Antivirus (x32 Version: 13.0.0.3737) Bonjour (Version: 3.0.0.10) CCleaner (Version: 4.03) Counter-Strike 1.6 (x32) D3DX10 (x32 Version: 15.4.2368.0902) dows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800) Energy Management (x32 Version: 5.4.2.6) FARO LS 1.1.406.58 (x32 Version: 4.6.58.2) Free YouTube to MP3 Converter version 3.11.35.1031 (x32 Version: 3.11.35.1031) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358) Google Update Helper (x32 Version: 1.3.21.153) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2189) Intel(R) Management Engine Components (x32 Version: 6.0.0.1179) Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014) Junk Mail filter update (x32 Version: 15.4.3502.0922) Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.2.1.1900) Lenovo EasyCamera (x32 Version: 1.10.1004.1) Lenovo EE Boot Optimizer (Version: 0.0.1.7) Lenovo OneKey Recovery (Version: 7.0.1230) Lenovo OneKey Recovery (x32 Version: 7.0.1230) Lenovo Security Suite (x32 Version: 1.0.4.6) MegaCAD 3D Unfold&SF 2011-SR1 (x32) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Access database engine 2007 (German) (x32 Version: 12.0.6425.1000) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000) Microsoft Office XP Professional mit FrontPage (x32 Version: 10.0.2701.0) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 17.0.7) Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MSXML 4.0 SP2 Parser und SDK (x32 Version: 4.20.9818.0) PDFCreator (x32 Version: 1.4.1) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6201) Security Task Manager 1.8d (x32 Version: 1.8d) Shared C Run-time for x64 (Version: 10.0.0) Synaptics Pointing Device Driver (Version: 15.2.1.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) VeriFace (x32 Version: 4.0.1.0126) VLC media player 2.0.3 (x32 Version: 2.0.3) Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (Version: 04/08/2010 6.3.5.430) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3508.1109) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) Windows-Treiberpaket - Lenovo (ACPIVPC) System (01/20/2010 6.4.0.1) (Version: 01/20/2010 6.4.0.1) WinRAR 4.20 (64-Bit) (Version: 4.20.0) ==================== Restore Points ========================= 22-06-2013 10:06:47 Windows Update 25-06-2013 20:57:01 Windows Update 25-06-2013 22:15:06 Windows Update 05-07-2013 06:30:42 Removed Update Manager for SweetPacks 1.1 05-07-2013 06:32:03 Removed Update Manager for SweetPacks 1.1 05-07-2013 06:32:47 Removed Update Manager for SweetPacks 1.1 05-07-2013 06:33:49 Removed Apple Software Update 05-07-2013 06:34:44 Removed iTunes 05-07-2013 06:52:13 Datei in Quarantäne Ordner verschieben: MPServ.exe 08-07-2013 11:47:12 Konfiguriert YouCam 11-07-2013 12:39:58 Windows Update 13-07-2013 21:02:44 Windows Update 13-07-2013 22:45:33 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {19323004-52BF-4292-8EAB-1FDD2312E41D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-09] (Google Inc.) Task: {419C9437-05FC-46C3-B26E-AA0755107F44} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {5CBB060F-256A-4DB5-B86E-531A67C291D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-09] (Google Inc.) Task: {67EF1862-4B34-4C6D-A6A2-D9A77E30431E} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SelfUpdater\SoftwareUpdater.Ui.exe No File Task: {712F3C5C-5155-48FE-AE58-0B5449B61EB0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {95F53648-B2C3-4423-AD68-6CB12A89F08E} - System32\Tasks\Funmoods => C:\Users\Familie\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE No File Task: {9BAB9980-CE61-4723-ACC8-D483D60FD0E0} - System32\Tasks\Hoolapp For Android => C:\Users\Familie\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE No File Task: {A6965D37-A5D6-436D-BECA-758DE79D6856} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {BF105BFF-56C2-43C6-955F-98CC9ABA9C07} - System32\Tasks\Software Updater => C:\Program Files (x86)\SelfUpdater\SoftwareUpdater.Bootstrapper.exe No File Task: {FC6D5B02-ED79-419F-BE8B-42811ECF9894} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/15/2013 03:26:00 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/15/2013 00:09:24 PM) (Source: CVHSVC) (User: ) Description: Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error: (07/15/2013 00:00:18 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/14/2013 08:05:43 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2013 11:46:22 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2013 11:40:33 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2013 10:58:08 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/11/2013 11:46:10 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{81c994d4-c108-11e1-973d-64273785a5f5}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator Error: (07/11/2013 11:46:09 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{81c994d4-c108-11e1-973d-64273785a5f5}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator Error: (07/11/2013 11:31:31 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/15/2013 03:24:54 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (07/15/2013 11:59:30 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (07/14/2013 08:04:56 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (07/13/2013 11:46:05 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (07/13/2013 11:44:59 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 13.07.2013 um 23:43:15 unerwartet heruntergefahren. Error: (07/13/2013 11:40:22 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error: (07/13/2013 11:39:36 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 13.07.2013 um 23:36:17 unerwartet heruntergefahren. Error: (07/13/2013 11:11:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2847927) Error: (07/13/2013 11:11:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2803821) Error: (07/13/2013 10:58:23 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Microsoft Office Sessions: ========================= Error: (07/15/2013 03:26:00 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/15/2013 00:09:24 PM) (Source: CVHSVC)(User: ) Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error: (07/15/2013 00:00:18 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/14/2013 08:05:43 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2013 11:46:22 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2013 11:40:33 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2013 10:58:08 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/11/2013 11:46:10 AM) (Source: VSS)(User: ) Description: Error calling CreateFile on volume '\\?\Volume{81c994d4-c108-11e1-973d-64273785a5f5}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator Error: (07/11/2013 11:46:09 AM) (Source: VSS)(User: ) Description: Error calling CreateFile on volume '\\?\Volume{81c994d4-c108-11e1-973d-64273785a5f5}\'0x80070005, Zugriff verweigert Vorgang: Überprüfen, ob das Volume vom Anbieter unterstützt wird Volume einem Schattenkopiesatz hinzufügen Kontext: Ausführungskontext: Coordinator Anbieter-ID: {00000000-0000-0000-0000-000000000000} Volumename: Q:\ Ausführungskontext: Coordinator Error: (07/11/2013 11:31:31 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 38% Total physical RAM: 3893.86 MB Available physical RAM: 2410.41 MB Total Pagefile: 7785.9 MB Available Pagefile: 6212.48 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:254.14 GB) (Free:28.23 GB) NTFS (Disk=0 Partition=2) Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.02 GB) NTFS (Disk=0 Partition=4) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 1A6408CB) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=254 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=15 GB) - (Type=12) ==================== End Of Log ============================ |
15.07.2013, 18:49 | #4 |
/// the machine /// TB-Ausbilder | Hotmail gehackt? Seltsamer Fall! Ich seh jetzt nix extravagantes auf dem Rechner. Email Adressen sind eben nicht sicher, werden oft gehackt
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.07.2013, 09:25 | #5 |
| Hotmail gehackt? Seltsamer Fall! ich danke dir für deine arbeit aber das seltsame ist das nichts "angefasst" wurde. zudem kam diese nachricht dass mein serverpasswort geändert wurde jedoch hab ich locker 2.3 wochen meine adresse wie üblich benutzt, es war nichts geändert... |
16.07.2013, 10:59 | #6 |
/// the machine /// TB-Ausbilder | Hotmail gehackt? Seltsamer Fall! Die nachricht kam doch vom Iphone? Hab ich auch als, dann hab ich sogar nen fehlgeschlagenen Login Versuch der mir auf der Webseite angezeigt wird, dabei war es nur mein Smartphone.
__________________ --> Hotmail gehackt? Seltsamer Fall! |
16.07.2013, 11:31 | #7 |
| Hotmail gehackt? Seltsamer Fall! es war von einem androidgerät. ja aber beim letzten mal hat hotmail.de mein passwort auch nicht anerkannt und ich habs zurückgesetzt. |
16.07.2013, 12:10 | #8 |
/// the machine /// TB-Ausbilder | Hotmail gehackt? Seltsamer Fall! Es liegt aber definitiv nicht an deinem Rechner. Klar könen wir weiter scannen, ich hab noch 100 Tools in der Liste, kein Thema
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.07.2013, 16:07 | #9 |
| Hotmail gehackt? Seltsamer Fall! ich vertraue dir schon. aber denkst es könnte sowas wie server problem oder etc. bei mircosoft sein oder war wirklich jemand an meiner email adresse dran? ich kanns mir ehrlich gesagt kaum vorstellen |
17.07.2013, 07:28 | #10 |
/// the machine /// TB-Ausbilder | Hotmail gehackt? Seltsamer Fall! Das kommt am Tag hundert mal vor, ich tippe drauf jemadn war an deiner Mailadresse. Auf jeden Fall PW ändern falls noch nicht gemacht.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Hotmail gehackt? Seltsamer Fall! |
adresse, aktuelle, anti, brand, einstellung, email, erhalte, falsch, galaxy, gehackt, gen, gesendet, geändert, handy, hotmail, mail, malware, meldung, neues, nicht mehr, nichts, preis, programme, samsung galaxy s4, scan, scannen, woche |