| |
| |||||||
Log-Analyse und Auswertung: Unmengen "Undeliverable Mail"-Eingänge, mail-Account jetzt gesperrtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.10.2013, 20:19
| #1 |
| |  Unmengen "Undeliverable Mail"-Eingänge, mail-Account jetzt gesperrt Hi, seit gestern Mittag wird meine Inbox mit mails "Unzustellbare Nachricht an xyz" bzw. "Undeliverable Mail an xyz" zugebombt. Heute hat mir mein Provider wegen Abuse-Verdacht den Account gesperrt und drauf hingewiesen, dass er da auch nix machen kann. In Firefox und auch im Web-Zugang meiner mails habe ich aber weder Sendeaktivitäten noch gesendete mails finden können, welche zu diesen Rückläufern führen könnten. Bin aber kein Spezialist, möchte daher jetzt hier um Hilfe bitten, weil ich zuerst mal hoffe, den Fehler bei mir nicht selbst auf dem Computer zu haben. Daher danke vorab für Feeback. Die LogFiles von defogger und FRST unten und die Additions und GMER als Upload anbei: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:54 on 09/10/2013 (oli)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by oli (administrator) on OLI_BEA_HOME on 09-10-2013 19:56:18
Running from C:\Users\oli\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Chicony) C:\Program Files\Video Web Camera\traybar.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Chicony) C:\Program Files\Video Web Camera\CEC_MAIN.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Video Web Camera\traybar.exe [630784 2009-03-10] (Chicony)
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [474168 2008-11-06] (Conexant Systems, Inc.)
HKLM\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1565992 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: {64ad1e00-01a1-11e3-8b57-001f16bf3607} - E:\LGAutoRun.exe
MountPoints2: {aede8d1c-d36e-11df-a024-001f16bf3607} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
HKU\Default\...\RunOnce: [ScrSav] -
HKU\Default User\...\RunOnce: [ScrSav] -
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0809&m=easynote_tj65
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0809&m=easynote_tj65
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=DCFTDF&PC=DCFM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=DCFTDF&PC=DCFM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=BT5&o=15443&src=crm&q={searchTerms}&locale=de_DE
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {DD3BAE55-9DF0-41BC-BE0D-1714A39D1E02} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 80.69.100.182 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\oli\AppData\Roaming\Mozilla\Firefox\Profiles\rgnnl0gg.default-1372486854913
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S3 DAUpdaterSvc; C:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
==================== Drivers (Whitelisted) ====================
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [26112 2010-04-29] (Google Inc)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21576 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2010-10-20] (AVM Berlin)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-09 19:56 - 2013-10-09 19:56 - 00000000 ____D C:\FRST
2013-10-09 19:55 - 2013-10-09 19:55 - 01087213 _____ (Farbar) C:\Users\oli\Downloads\FRST.exe
2013-10-09 19:54 - 2013-10-09 19:54 - 00000468 _____ C:\Users\oli\Downloads\defogger_disable.log
2013-10-09 19:54 - 2013-10-09 19:54 - 00000000 _____ C:\Users\oli\defogger_reenable
2013-10-09 19:53 - 2013-10-09 19:53 - 00050477 _____ C:\Users\oli\Downloads\Defogger.exe
2013-10-01 15:28 - 2013-10-01 15:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-30 17:00 - 2013-09-30 17:00 - 00002016 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-17 21:35 - 2013-09-17 21:51 - 00527540 _____ C:\Users\oli\Desktop\Lebenslauf BW mit Bild und Anhang 20130917.odt
2013-09-17 21:14 - 2013-09-17 21:45 - 00000000 ____D C:\Users\oli\Documents\Eigene Scans
2013-09-17 20:33 - 2013-09-17 21:56 - 00055858 _____ C:\Users\oli\Desktop\Bewerbung BW 20130917.odt
2013-09-17 19:50 - 2013-09-17 19:50 - 00000000 ____D C:\Users\oli\AppData\Roaming\OpenOffice
2013-09-17 19:48 - 2013-09-17 19:48 - 00001074 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-17 19:46 - 2013-09-17 19:47 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-09-17 19:36 - 2013-09-17 19:39 - 162401424 _____ C:\Users\oli\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-09-13 19:26 - 2013-09-17 19:51 - 00088120 _____ C:\Users\oli\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-13 19:24 - 2013-10-07 08:23 - 00070776 _____ C:\Windows\setupact.log
2013-09-13 19:24 - 2013-09-13 19:24 - 00000000 _____ C:\Windows\setuperr.log
2013-09-13 19:23 - 2013-09-18 06:40 - 00361968 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 19:22 - 2013-10-02 14:05 - 00000654 _____ C:\Windows\PFRO.log
2013-09-13 17:27 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 17:27 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-13 17:27 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 17:27 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 17:27 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 17:27 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 17:27 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 17:27 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 17:27 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 19:19 - 2013-09-11 19:19 - 06953096 _____ (Microsoft Corporation) C:\Users\oli\Downloads\Silverlight.exe
2013-09-11 18:59 - 2013-09-12 20:38 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-09-11 18:59 - 2013-09-11 19:07 - 00000000 ____D C:\Users\oli\AppData\Local\Plex Media Server
2013-09-11 18:46 - 2013-09-11 18:47 - 64644056 _____ (Plex, Inc.) C:\Users\oli\Downloads\Plex-Media-Server-0.9.806.175-88ffbb2-en-US.exe
2013-09-11 18:38 - 2013-09-11 18:40 - 00000000 ____D C:\Users\oli\Documents\DVDFab9
==================== One Month Modified Files and Folders =======
2013-10-09 19:56 - 2013-10-09 19:56 - 00000000 ____D C:\FRST
2013-10-09 19:55 - 2013-10-09 19:55 - 01087213 _____ (Farbar) C:\Users\oli\Downloads\FRST.exe
2013-10-09 19:54 - 2013-10-09 19:54 - 00000468 _____ C:\Users\oli\Downloads\defogger_disable.log
2013-10-09 19:54 - 2013-10-09 19:54 - 00000000 _____ C:\Users\oli\defogger_reenable
2013-10-09 19:54 - 2010-05-23 15:45 - 00000000 ____D C:\Users\oli
2013-10-09 19:53 - 2013-10-09 19:53 - 00050477 _____ C:\Users\oli\Downloads\Defogger.exe
2013-10-09 19:30 - 2010-05-23 16:29 - 01249384 _____ C:\Windows\WindowsUpdate.log
2013-10-09 19:17 - 2012-05-18 17:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-09 19:10 - 2011-03-27 13:40 - 00000242 ____H C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
2013-10-09 16:17 - 2012-05-18 17:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 16:17 - 2011-06-17 07:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 08:30 - 2010-05-23 15:44 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-07 08:30 - 2010-05-23 15:44 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-07 08:23 - 2013-09-13 19:24 - 00070776 _____ C:\Windows\setupact.log
2013-10-07 08:23 - 2010-05-23 17:20 - 00000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-10-07 08:23 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-02 16:34 - 2012-04-27 22:49 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-02 14:09 - 2009-12-10 22:25 - 00000000 ____D C:\Users\oli\AppData\Local\Mozilla
2013-10-02 14:05 - 2013-09-13 19:22 - 00000654 _____ C:\Windows\PFRO.log
2013-10-01 15:28 - 2013-10-01 15:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-30 17:56 - 2013-09-07 08:13 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-30 17:56 - 2013-09-07 08:13 - 00000000 ____D C:\Program Files\iTunes
2013-09-30 17:56 - 2013-03-26 17:21 - 00000000 ____D C:\Users\oli\AppData\Roaming\vlc
2013-09-30 17:56 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-30 17:56 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-09-30 17:55 - 2013-09-07 08:14 - 00000000 ____D C:\Program Files\iPod
2013-09-30 17:55 - 2011-08-05 16:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-30 17:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-30 17:00 - 2013-09-30 17:00 - 00002016 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-30 17:00 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-19 19:39 - 2012-10-25 23:31 - 00000000 ____D C:\Users\oli\AppData\Roaming\ALFBanCo5
2013-09-19 19:39 - 2012-10-25 23:30 - 00000000 ____D C:\ProgramData\AlfBanCo5
2013-09-18 06:40 - 2013-09-13 19:23 - 00361968 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-17 21:56 - 2013-09-17 20:33 - 00055858 _____ C:\Users\oli\Desktop\Bewerbung BW 20130917.odt
2013-09-17 21:56 - 2013-08-14 20:27 - 00202752 ___SH C:\Users\oli\Desktop\Thumbs.db
2013-09-17 21:51 - 2013-09-17 21:35 - 00527540 _____ C:\Users\oli\Desktop\Lebenslauf BW mit Bild und Anhang 20130917.odt
2013-09-17 21:45 - 2013-09-17 21:14 - 00000000 ____D C:\Users\oli\Documents\Eigene Scans
2013-09-17 19:51 - 2013-09-13 19:26 - 00088120 _____ C:\Users\oli\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-17 19:50 - 2013-09-17 19:50 - 00000000 ____D C:\Users\oli\AppData\Roaming\OpenOffice
2013-09-17 19:48 - 2013-09-17 19:48 - 00001074 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-17 19:47 - 2013-09-17 19:46 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-09-17 19:46 - 2009-12-16 21:48 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2013-09-17 19:39 - 2013-09-17 19:36 - 162401424 _____ C:\Users\oli\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-09-15 14:32 - 2012-10-25 23:30 - 00000000 ____D C:\Program Files\ALFBanCo5
2013-09-13 22:06 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-13 21:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-13 19:24 - 2013-09-13 19:24 - 00000000 _____ C:\Windows\setuperr.log
2013-09-13 19:21 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-13 19:03 - 2013-08-14 19:46 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 19:01 - 2010-06-13 18:49 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 21:58 - 2013-04-24 12:07 - 00000000 ____D C:\Users\oli\AppData\Roaming\Wise Disk Cleaner
2013-09-12 21:52 - 2009-07-14 04:03 - 57933824 _____ C:\Windows\system32\config\software.bak
2013-09-12 21:52 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\default.bak
2013-09-12 21:52 - 2009-07-14 04:03 - 00057344 _____ C:\Windows\system32\config\sam.bak
2013-09-12 21:52 - 2009-07-14 04:03 - 00024576 _____ C:\Windows\system32\config\security.bak
2013-09-12 21:51 - 2013-04-24 12:00 - 22859776 _____ C:\Windows\system32\config\components.rhk
2013-09-12 21:02 - 2009-03-26 03:08 - 00000000 ____D C:\Program Files\Packard Bell
2013-09-12 21:01 - 2009-08-28 23:43 - 00000000 ____D C:\Program Files\NewTech Infosystems
2013-09-12 20:59 - 2009-03-04 21:46 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-12 20:51 - 2012-05-02 21:02 - 00000000 ____D C:\Program Files\Nokia
2013-09-12 20:48 - 2012-05-02 21:05 - 00000000 ____D C:\ProgramData\Nokia
2013-09-12 20:47 - 2013-08-10 19:10 - 00000000 ____D C:\Users\oli\AppData\Roaming\Nokia Suite
2013-09-12 20:47 - 2013-08-10 19:09 - 00000000 ____D C:\Users\oli\AppData\Roaming\Nokia
2013-09-12 20:43 - 2013-02-07 16:58 - 00000000 ____D C:\Program Files\WISO
2013-09-12 20:42 - 2013-02-07 17:00 - 00000503 _____ C:\Windows\wiso.ini
2013-09-12 20:38 - 2013-09-11 18:59 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-09-11 19:19 - 2013-09-11 19:19 - 06953096 _____ (Microsoft Corporation) C:\Users\oli\Downloads\Silverlight.exe
2013-09-11 19:07 - 2013-09-11 18:59 - 00000000 ____D C:\Users\oli\AppData\Local\Plex Media Server
2013-09-11 18:47 - 2013-09-11 18:46 - 64644056 _____ (Plex, Inc.) C:\Users\oli\Downloads\Plex-Media-Server-0.9.806.175-88ffbb2-en-US.exe
2013-09-11 18:40 - 2013-09-11 18:38 - 00000000 ____D C:\Users\oli\Documents\DVDFab9
Files to move or delete:
====================
C:\ProgramData\btz6oc.pad
C:\ProgramData\eqfirl.pad
C:\ProgramData\rundll32.exe
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-01 15:09
==================== End Of Log ============================
Danke! Supertigger  Geändert von supertigger (09.10.2013 um 20:26 Uhr) |
| Themen zu Unmengen "Undeliverable Mail"-Eingänge, mail-Account jetzt gesperrt |
| administrator, antivirus, avast, desktop, farbar, farbar recovery scan tool, fehler, firefox, flash player, gesperrt, home, installation, java/exploit.cve-2013-0422.ee, mozilla, rundll, software, svchost.exe, system, trojan.agent.gen, trojan.fakealert, windows, winlogon.exe |
Baum-Darstellung