Web.de: Spam-Mails von meiner Adresse versendet

starX · 12.10.2013, 19:05

Guten Tag,
Ich bekomme heute seit 16:30 stündlich e-mails von "keineantwortadresse@web.de" mit dem Betreff:
Mail delivery failed: returning message to sender
Ich habe solche emails nie geschrieben und war innerhalb der letzten 24 Stunden nicht mal am PC.
Hier noch eine Kopie von so einer Mail:
(ich habe meine Adresse mit "XXXXXXX" ersetzt)

Zitat:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:

"leor-cp-408@ebay.com":
SMTP error from remote server in greeting:
host: data.ebay.com:
data.ebay.com
BLACKLIST

--- The header of the original message is following. ---

Received: from yrzrjcolgqym ([178.125.33.221]) by smtp.web.de (mrweb004) with
ESMTPA (Nemesis) id 0Mg1Nl-1V9xiY37YL-00NR7C for <leor-cp-408@ebay.com>; Sat,
12 Oct 2013 19:52:46 +0200
Date: Sat, 12 Oct 2013 18:47:11 -0700
Subject: Tast yC ial isUp set
To: <leor-cp-408@ebay.com>, <committedpeopleonly@yahoo.com>, <claes.planthaber@arbetskonsulter.com>, <mrduckk@aol.com>, <johnsears_5@hotmail.com>, <cj.1999@hotmail.com>, <eberhardguth@aol.com>
From: "hafy" <XXXXXXX@web.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-4"
Message-ID: <0MJZLX-1VT7gr0Hql-0038H6@smtp.web.de>
X-Provags-ID: V03:K0:9yPAAQhPFQUQqICKe0/GQ4yGLkEPvn9KD4FbYMEz0m/YDKQKd4X
iIT6xOpbIzQuLS37qxyRM04BvCEOrIyvB53atG7NcJACf8Vi+tf4VkfMrFjwgNuQu4ar5lo
f1lavi/ZIZ2d+pBnQdDH0KVTI6ioAhBJqFDaQTeSJjI+JVkh7riOYVGm7A5TMumzGKCruRB
ij84hePITbSwldv7XyTrA==

Schon einmal danke im Voraus

schrauber · 12.10.2013, 22:11

Hi,

Passwort von einem anderen Rechner aus ändern.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

starX · 13.10.2013, 13:17

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Stephan (administrator) on MED_WIN8_PC on 13-10-2013 14:08:20
Running from C:\Users\Stephan\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-05] ()
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1814440 2013-09-21] (Valve Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
MountPoints2: {91ca836d-0dce-11e2-be90-806e6f6e6963} - "H:\Autorun.exe" 
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs
Startup: C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 11-Registrierung.lnk
ShortcutTarget: FIFA 11-Registrierung.lnk -> C:\Program Files (x86)\EA SPORTS\FIFA 11\Support\EAregister.exe (Leader Technologies)
Startup: C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
SearchScopes: HKCU - DefaultScope {08DAAB17-65B2-44ED-99F3-589BD23FEA79} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {08DAAB17-65B2-44ED-99F3-589BD23FEA79} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Chrome: 
=======
CHR HomePage: hxxp://lenovo13.msn.com/
CHR RestoreOnStartup: "hxxp://web.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Battlefield Play4Free) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0
CHR Extension: (Gmail) - C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-09] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-06] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-22] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-09-27] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132088 2013-09-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-05-08] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-09-27] ()
S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation                           )
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation                           )
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-13 07:57 - 2013-10-13 07:58 - 00023664 _____ C:\Users\Stephan\Desktop\Addition.txt
2013-10-13 07:56 - 2013-10-13 07:56 - 01954124 _____ (Farbar) C:\Users\Stephan\Desktop\FRST64.exe
2013-10-13 07:56 - 2013-10-13 07:56 - 00000000 ____D C:\FRST
2013-10-13 07:55 - 2013-10-13 07:56 - 01954124 _____ (Farbar) C:\Users\Stephan\Downloads\FRST64.exe
2013-10-13 07:55 - 2013-10-13 07:55 - 01087213 _____ (Farbar) C:\Users\Stephan\Downloads\FRST.exe
2013-10-12 19:55 - 2013-10-12 19:55 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-12 19:55 - 2013-10-12 19:55 - 00001926 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-12 19:55 - 2013-10-12 19:55 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-12 19:55 - 2013-08-30 09:48 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-12 19:55 - 2013-08-30 09:48 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-12 19:55 - 2013-08-30 09:48 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-12 19:55 - 2013-08-30 09:48 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-12 19:55 - 2013-08-30 09:48 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-10-12 19:55 - 2013-08-30 09:48 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-12 19:55 - 2013-08-30 09:48 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-10-12 19:55 - 2013-08-30 09:48 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-12 19:55 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-12 19:55 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-12 19:54 - 2013-10-12 19:54 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-12 19:54 - 2013-10-12 19:54 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-12 19:31 - 2013-10-12 19:53 - 131918888 _____ C:\Users\Stephan\Downloads\avast_free_antivirus_setup.exe
2013-10-12 19:30 - 2013-10-12 19:30 - 00000000 ____D C:\Users\Stephan\Downloads\avast!-Free-Antivirus
2013-10-12 19:18 - 2013-10-12 19:18 - 01345792 _____ C:\Users\Stephan\Downloads\avast!-Free-Antivirus-Setup.exe
2013-10-09 16:36 - 2013-10-12 19:09 - 100651105 _____ C:\Windows\SysWOW64\싿垣LŒ
2013-10-08 17:08 - 2013-10-08 17:08 - 99859239 _____ C:\Windows\SysWOW64\ᖟ조LŖ
2013-10-04 21:34 - 2013-10-04 21:34 - 00001843 _____ C:\Users\Stephan\Downloads\rdf
2013-10-02 17:25 - 2013-10-02 17:25 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\.mono
2013-10-02 17:07 - 2013-10-02 17:07 - 00000222 _____ C:\Users\Stephan\Desktop\Smashmuck Champions.url
2013-09-29 19:24 - 2013-10-07 16:35 - 99717279 _____ C:\Windows\SysWOW64\À·
2013-09-27 20:11 - 2013-09-27 20:11 - 98286374 _____ C:\Windows\SysWOW64\ç⛨眽
2013-09-27 19:54 - 2013-09-27 19:54 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-09-27 19:53 - 2013-09-27 19:53 - 00501032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-27 18:58 - 2013-09-27 18:58 - 00000165 ____H C:\Users\Stephan\Documents\~$1vs1.xlsx
2013-09-27 17:32 - 2013-09-27 17:32 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Guild Wars 2
2013-09-27 17:19 - 2013-09-27 17:19 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-09-27 17:18 - 2013-09-27 17:19 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Origin
2013-09-27 17:18 - 2013-09-27 17:19 - 00000000 ____D C:\Users\Stephan\AppData\Local\Origin
2013-09-27 17:16 - 2013-09-27 17:19 - 00000000 ____D C:\ProgramData\Origin
2013-09-27 17:16 - 2013-09-27 17:18 - 00000000 ____D C:\Program Files (x86)\Origin
2013-09-27 17:16 - 2013-09-27 17:16 - 16954472 _____ (Electronic Arts, Inc.) C:\Users\Stephan\Downloads\OriginThinSetup.exe
2013-09-27 15:29 - 2013-09-27 15:30 - 00000000 ____D C:\Users\Stephan\AppData\Local\Risen
2013-09-27 15:08 - 2013-09-27 15:08 - 00314016 _____ C:\Windows\system32\Drivers\atksgt.sys
2013-09-27 15:08 - 2013-09-27 15:08 - 00043680 _____ C:\Windows\system32\Drivers\lirsgt.sys
2013-09-27 15:08 - 2013-09-27 15:08 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-09-27 15:00 - 2013-09-27 15:00 - 00000000 ____D C:\Program Files (x86)\Deep Silver
2013-09-25 19:58 - 2013-10-11 15:18 - 00010304 _____ C:\Users\Stephan\Documents\1vs1.xlsx
2013-09-21 12:49 - 2013-09-21 13:24 - 00000000 ____D C:\Users\Stephan\Documents\GTA San Andreas User Files
2013-09-21 12:34 - 2013-09-21 12:34 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2013-09-16 17:16 - 2013-09-26 16:42 - 97961477 _____ C:\Windows\SysWOW64\뼞ᨈLĥ

==================== One Month Modified Files and Folders =======

2013-10-13 14:09 - 2013-02-05 21:37 - 00000000 ____D C:\Users\Stephan\AppData\Local\PMB Files
2013-10-13 14:08 - 2013-02-05 22:08 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Skype
2013-10-13 14:07 - 2013-02-05 21:32 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-13 14:07 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-10-13 07:58 - 2013-10-13 07:57 - 00023664 _____ C:\Users\Stephan\Desktop\Addition.txt
2013-10-13 07:56 - 2013-10-13 07:56 - 01954124 _____ (Farbar) C:\Users\Stephan\Desktop\FRST64.exe
2013-10-13 07:56 - 2013-10-13 07:56 - 00000000 ____D C:\FRST
2013-10-13 07:56 - 2013-10-13 07:55 - 01954124 _____ (Farbar) C:\Users\Stephan\Downloads\FRST64.exe
2013-10-13 07:55 - 2013-10-13 07:55 - 01087213 _____ (Farbar) C:\Users\Stephan\Downloads\FRST.exe
2013-10-13 07:51 - 2013-02-05 22:01 - 00000000 ____D C:\Users\Stephan\AppData\Local\LogMeIn Hamachi
2013-10-13 07:50 - 2013-02-05 21:24 - 01508559 _____ C:\Windows\WindowsUpdate.log
2013-10-12 22:16 - 2013-02-05 21:32 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-12 21:03 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-10-12 20:49 - 2013-05-22 19:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-12 20:49 - 2012-07-26 07:26 - 00000167 _____ C:\Windows\win.ini
2013-10-12 20:46 - 2013-02-24 14:47 - 00000000 ___RD C:\Users\Stephan\Desktop\Uberflussig
2013-10-12 19:55 - 2013-10-12 19:55 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-12 19:55 - 2013-10-12 19:55 - 00001926 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-12 19:55 - 2013-10-12 19:55 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-12 19:54 - 2013-10-12 19:54 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-12 19:54 - 2013-10-12 19:54 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-12 19:53 - 2013-10-12 19:31 - 131918888 _____ C:\Users\Stephan\Downloads\avast_free_antivirus_setup.exe
2013-10-12 19:30 - 2013-10-12 19:30 - 00000000 ____D C:\Users\Stephan\Downloads\avast!-Free-Antivirus
2013-10-12 19:18 - 2013-10-12 19:18 - 01345792 _____ C:\Users\Stephan\Downloads\avast!-Free-Antivirus-Setup.exe
2013-10-12 19:09 - 2013-10-09 16:36 - 100651105 _____ C:\Windows\SysWOW64\싿垣LŒ
2013-10-11 15:18 - 2013-09-25 19:58 - 00010304 _____ C:\Users\Stephan\Documents\1vs1.xlsx
2013-10-10 21:11 - 2013-02-05 21:32 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-10 21:11 - 2013-02-05 21:32 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-10 14:08 - 2013-02-22 18:57 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-10-10 13:42 - 2013-05-02 17:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-10 13:42 - 2013-02-05 22:08 - 00000000 ____D C:\ProgramData\Skype
2013-10-08 20:48 - 2013-03-04 21:25 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\TS3Client
2013-10-08 19:24 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-08 17:08 - 2013-10-08 17:08 - 99859239 _____ C:\Windows\SysWOW64\ᖟ조LŖ
2013-10-07 16:35 - 2013-09-29 19:24 - 99717279 _____ C:\Windows\SysWOW64\À·
2013-10-06 14:57 - 2013-03-03 14:35 - 00000000 ____D C:\Users\Stephan\Documents\FIFA 11
2013-10-05 13:01 - 2013-03-23 16:20 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-04 21:34 - 2013-10-04 21:34 - 00001843 _____ C:\Users\Stephan\Downloads\rdf
2013-10-02 17:25 - 2013-10-02 17:25 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\.mono
2013-10-02 17:07 - 2013-10-02 17:07 - 00000222 _____ C:\Users\Stephan\Desktop\Smashmuck Champions.url
2013-09-28 16:38 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-09-28 13:10 - 2013-03-24 14:23 - 00000000 ____D C:\Users\Stephan\Desktop\Programme
2013-09-28 13:10 - 2013-02-24 14:48 - 00000000 ____D C:\Users\Stephan\Desktop\Spiele
2013-09-27 20:11 - 2013-09-27 20:11 - 98286374 _____ C:\Windows\SysWOW64\ç⛨眽
2013-09-27 19:54 - 2013-09-27 19:54 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-09-27 19:53 - 2013-09-27 19:53 - 00501032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-27 19:52 - 2012-08-28 13:13 - 00049450 _____ C:\Windows\PFRO.log
2013-09-27 19:51 - 2013-02-06 20:52 - 00000000 ____D C:\Users\Stephan\Documents\gothic3
2013-09-27 19:11 - 2013-02-06 19:26 - 00000000 ____D C:\Program Files (x86)\osu!
2013-09-27 18:58 - 2013-09-27 18:58 - 00000165 ____H C:\Users\Stephan\Documents\~$1vs1.xlsx
2013-09-27 17:32 - 2013-09-27 17:32 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Guild Wars 2
2013-09-27 17:32 - 2013-02-07 19:24 - 00000000 ____D C:\Users\Stephan\Documents\Guild Wars 2
2013-09-27 17:19 - 2013-09-27 17:19 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-09-27 17:19 - 2013-09-27 17:18 - 00000000 ____D C:\Users\Stephan\AppData\Roaming\Origin
2013-09-27 17:19 - 2013-09-27 17:18 - 00000000 ____D C:\Users\Stephan\AppData\Local\Origin
2013-09-27 17:19 - 2013-09-27 17:16 - 00000000 ____D C:\ProgramData\Origin
2013-09-27 17:18 - 2013-09-27 17:16 - 00000000 ____D C:\Program Files (x86)\Origin
2013-09-27 17:16 - 2013-09-27 17:16 - 16954472 _____ (Electronic Arts, Inc.) C:\Users\Stephan\Downloads\OriginThinSetup.exe
2013-09-27 15:30 - 2013-09-27 15:29 - 00000000 ____D C:\Users\Stephan\AppData\Local\Risen
2013-09-27 15:08 - 2013-09-27 15:08 - 00314016 _____ C:\Windows\system32\Drivers\atksgt.sys
2013-09-27 15:08 - 2013-09-27 15:08 - 00043680 _____ C:\Windows\system32\Drivers\lirsgt.sys
2013-09-27 15:08 - 2013-09-27 15:08 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-09-27 15:07 - 2012-08-29 17:55 - 00195929 _____ C:\Windows\DirectX.log
2013-09-27 15:00 - 2013-09-27 15:00 - 00000000 ____D C:\Program Files (x86)\Deep Silver
2013-09-27 15:00 - 2012-09-10 12:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-26 16:42 - 2013-09-16 17:16 - 97961477 _____ C:\Windows\SysWOW64\뼞ᨈLĥ
2013-09-21 13:24 - 2013-09-21 12:49 - 00000000 ____D C:\Users\Stephan\Documents\GTA San Andreas User Files
2013-09-21 12:34 - 2013-09-21 12:34 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2013-09-19 01:26 - 2013-03-09 23:04 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 01:26 - 2013-03-09 23:04 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-15 19:41 - 2013-04-18 08:07 - 00000000 ____D C:\Users\Stephan\Desktop\Seminar
2013-09-15 18:50 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-09-15 18:49 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-09-15 18:49 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-15 18:49 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-09-14 17:08 - 2013-07-14 16:32 - 00000000 ____D C:\Windows\system32\MRT
2013-09-14 17:06 - 2013-02-07 20:58 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-13 21:00 - 2013-03-01 23:52 - 00000000 ____D C:\Users\Stephan\Documents\Benutzerdefinierte Office-Vorlagen

Some content of TEMP:
====================
C:\Users\Stephan\AppData\Local\Temp\AppLauncher.exe
C:\Users\Stephan\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Stephan\AppData\Local\Temp\AskSLib.dll
C:\Users\Stephan\AppData\Local\Temp\AutoRun.exe
C:\Users\Stephan\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Stephan\AppData\Local\Temp\COMAP.EXE
C:\Users\Stephan\AppData\Local\Temp\Gw2.exe
C:\Users\Stephan\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Stephan\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Stephan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Stephan\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Stephan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Stephan\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Stephan\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Stephan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Stephan\AppData\Local\Temp\swt-win32-3740.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-09 18:58

==================== End Of Log ============================

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Stephan at 2013-10-13 07:57:35
Running from C:\Users\Stephan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-PDF Website Converter Version 1.0.6 (Build 164) (x32 Version: 7-PDF Website Converter - Version 1.0.6 (Build 164))
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
ArcaniA - Gothic 4 (x32)
Ashampoo AppLauncher (Medion) v.1.0.0 (x32 Version: 1.0.0)
avast! Free Antivirus (x32 Version: 8.0.1497.0)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
AVS Audio Editor 7.2 (x32 Version: 7.2.1.487)
Battlefield Play4Free (Stephan) (HKCU)
BlueJ (x32 Version: 3.0.9)
Cube World version 0.0.1 (x32 Version: 0.0.1)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3111_44883)
CyberLink PhotoDirector 3 (x32 Version: 3.0.3124)
CyberLink PhotoNow (x32 Version: 1.1.7717)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1920)
CyberLink PowerDirector (Version: 9.0.0.3815c)
CyberLink PowerDVD 10 (x32 Version: 10.0.4125.02)
CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.2715b)
CyberLink PowerRecover (Version: 5.7.0.0906)
CyberLink PowerRecover (x32 Version: 5.7.0.0906)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dota 2 (x32)
EA Installer (x32 Version: 2.3.0.74)
FIFA 11 (x32 Version: 1.0.0.0)
FormatFactory 3.0.1 (x32 Version: 3.0.1)
Fotogalerie (x32 Version: 16.4.3503.0728)
Fotogalerija (x32 Version: 16.4.3503.0728)
Fotogalleri (x32 Version: 16.4.3503.0728)
Fotogalleriet (x32 Version: 16.4.3503.0728)
Fotoğraf Galerisi (x32 Version: 16.4.3503.0728)
Fotótár (x32 Version: 16.4.3503.0728)
Fraps (remove only) (x32)
Free YouTube to MP3 Converter version 3.12.0.128 (x32 Version: 3.12.0.128)
FUSSBALL MANAGER 11 (x32 Version: 1.0.0.3)
Fussball Manager 2004 (x32)
Galeria de Fotografias (x32 Version: 16.4.3503.0728)
Galería de fotos (x32 Version: 16.4.3503.0728)
Galeria fotografii (x32 Version: 16.4.3503.0728)
Galerie de photos (x32 Version: 16.4.3503.0728)
Ghost Recon Online (EU) (HKCU Version: 1.34.1166.2)
Google Chrome (x32 Version: 30.0.1599.69)
Google Update Helper (x32 Version: 1.3.21.165)
Gothic 3 (x32 Version: 1.0.0)
Grand Theft Auto San Andreas (x32 Version: 1.00.00001)
GUILD WARS (x32)
Guild Wars 2 (x32)
GW2hud (HKCU Version: 1.0.0.0)
Hi-Rez Studios Authenticate and Update Service (x32 Version: 3.0.0.0)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1281)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.4.1001)
Intel® Trusted Connect Service Client (Version: 1.24.738.1)
Java 7 Update 15 (64-bit) (Version: 7.0.150)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java SE Development Kit 7 Update 17 (x32 Version: 1.7.0.170)
League of Legends (x32 Version: 1.3)
LogMeIn Hamachi (x32 Version: 2.1.0.374)
LOLReplay (x32 Version: 0.8.1.4)
Mediathek (x32 Version: 1.4.0)
Medion Home Cinema 10 (x32 Version: 10.0)
Medion Home Cinema 10 (x32 Version: 10.1924)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4535.1511)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3503.0728)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
Need for Speed™ Most Wanted (x32)
NVIDIA Control Panel 306.14 (Version: 306.14)
NVIDIA Graphics Driver 306.14 (Version: 306.14)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (x32 Version: 9.12.0807)
NVIDIA PhysX System Software 9.12.0807 (Version: 9.12.0807)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4535.1511)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4535.1511)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4535.1511)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Origin (x32 Version: 9.3.6.4643)
osu! (x32 Version: 0.0.0.0)
Pando Media Booster (x32 Version: 2.6.0.8)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
PlanetSide 2 (HKCU Version: 1.0.3.183)
PlanetSide 2 (x32)
Podstawowe programy Windows Live (x32 Version: 16.4.3503.0728)
PokerStars.eu (x32)
Port Royale 2 (x32)
PunkBuster Services (x32 Version: 0.993)
QuickLaunch (x32 Version: 1.00.0019)
Raccolta foto (x32 Version: 16.4.3503.0728)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6710)
Risen (x32 Version: 1.00.0000)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Skype™ 6.9 (x32 Version: 6.9.106)
Smashmuck Champions (x32)
Smite (x32 Version: 0.1.1667.2)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.10)
TmUnitedForever (x32)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Windows Live (x32 Version: 16.4.3503.0728)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live Temel Parçalar (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
Συλλογή φωτογραφιών (x32 Version: 16.4.3503.0728)

==================== Restore Points  =========================

02-10-2013 17:42:17 Geplanter Prüfpunkt
12-10-2013 17:54:31 avast! Free Antivirus Setup

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {10262CC8-E0C5-42E9-B1E3-A473B87A8C25} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-10-10] (Microsoft Corporation)
Task: {38E7B341-1EC4-4D3F-9A19-39BFE16568AA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4294B0DA-C0DC-4828-8488-6EDEF352B220} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
Task: {A0AF7931-0D47-43BB-A89F-2FFF57A441DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)
Task: {A3365743-6F44-49E8-8110-355E1AEA7124} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {AE8461A2-1867-41E6-959E-485284B98A34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-05] (Google Inc.)
Task: {B5C0D600-2E91-4321-92B8-6A429ECE1351} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {F9AE50C3-8649-4547-9751-F095F4241322} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-06] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-04 01:09 - 2013-04-04 01:09 - 04300432 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-05-08 18:20 - 2013-05-08 17:17 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-08-21 19:17 - 2013-08-21 19:17 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\9b61416a45a6322490dbb27382930695\PSIClient.ni.dll
2012-09-10 13:14 - 2012-07-18 20:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-10-12 20:03 - 2013-10-12 17:00 - 02105856 _____ () C:\Program Files\AVAST Software\Avast\defs\13101200\algo.dll
2012-09-10 13:40 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-10-08 17:11 - 2013-10-03 08:02 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
2013-10-08 17:11 - 2013-10-03 08:02 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll
2013-10-08 17:11 - 2013-10-03 08:03 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
2013-10-08 17:11 - 2013-10-03 08:03 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
2013-10-08 17:11 - 2013-10-03 08:02 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
2013-10-10 14:15 - 2013-10-10 14:15 - 13584776 _____ () C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.9.900.117\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2013 07:48:22 AM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (10/12/2013 09:40:11 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (10/12/2013 07:19:09 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (10/10/2013 09:38:23 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (10/10/2013 01:51:13 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (10/09/2013 08:08:03 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: IAStorIcon.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.InvalidOperationException
Stapel:

Server stack trace: 
   bei System.ServiceModel.Channels.ServiceChannel.PrepareCall(ProxyOperationRuntime operation, Boolean oneway, ProxyRpc& rpc)
   bei System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
   bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
   bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
   bei IAStorDataMgrSvcInterfaces.IPublisher.Unsubscribe()
   bei IAStorIcon.StorageIcon.Stop()
   bei IAStorIcon.Program.Application_ApplicationExit(System.Object, System.EventArgs)
   bei System.Windows.Forms.Application.RaiseExit()
   bei System.Windows.Forms.Application+ThreadContext.Dispose(Boolean)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application.Run()
   bei IAStorIcon.Program.Main()

Error: (10/09/2013 04:44:58 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (10/08/2013 07:01:13 PM) (Source: Application Hang) (User: )
Description: Programm LolClient.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f0

Startzeit: 01cec4382f3c2360

Endzeit: 16

Anwendungspfad: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.51\deploy\LolClient.exe

Berichts-ID: 399263cf-303b-11e3-beb4-d43d7e2e4585

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/08/2013 05:16:54 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (10/07/2013 04:33:01 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161


System errors:
=============
Error: (10/13/2013 07:48:26 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht.

Error: (10/08/2013 07:24:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (10/08/2013 07:24:06 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎08.‎10.‎2013 um 19:06:40 unerwartet heruntergefahren.

Error: (10/08/2013 05:06:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (10/08/2013 05:06:40 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎07.‎10.‎2013 um 18:19:29 unerwartet heruntergefahren.

Error: (10/07/2013 04:33:22 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Spooler erreicht.

Error: (10/07/2013 04:32:52 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Spooler erreicht.

Error: (10/07/2013 04:32:22 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Spooler erreicht.

Error: (09/28/2013 01:08:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (09/28/2013 01:08:41 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎27.‎09.‎2013 um 21:13:25 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (10/13/2013 07:48:22 AM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d

Error: (10/12/2013 09:40:11 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (10/12/2013 07:19:09 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (10/10/2013 09:38:23 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (10/10/2013 01:51:13 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (10/09/2013 08:08:03 PM) (Source: .NET Runtime)(User: )
Description: Anwendung: IAStorIcon.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.InvalidOperationException
Stapel:

Server stack trace: 
   bei System.ServiceModel.Channels.ServiceChannel.PrepareCall(ProxyOperationRuntime operation, Boolean oneway, ProxyRpc& rpc)
   bei System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
   bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
   bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
   bei IAStorDataMgrSvcInterfaces.IPublisher.Unsubscribe()
   bei IAStorIcon.StorageIcon.Stop()
   bei IAStorIcon.Program.Application_ApplicationExit(System.Object, System.EventArgs)
   bei System.Windows.Forms.Application.RaiseExit()
   bei System.Windows.Forms.Application+ThreadContext.Dispose(Boolean)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
   bei System.Windows.Forms.Application.Run()
   bei IAStorIcon.Program.Main()

Error: (10/09/2013 04:44:58 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (10/08/2013 07:01:13 PM) (Source: Application Hang)(User: )
Description: LolClient.exe0.0.0.0f001cec4382f3c236016C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.51\deploy\LolClient.exe399263cf-303b-11e3-beb4-d43d7e2e4585

Error: (10/08/2013 05:16:54 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (10/07/2013 04:33:01 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161


==================== Memory info =========================== 

Percentage of memory in use: 48%
Total physical RAM: 4038.01 MB
Available physical RAM: 2074.31 MB
Total Pagefile: 7878.01 MB
Available Pagefile: 5234.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1801.3 GB) (Free:1495.13 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:44.38 GB) NTFS
Drive h: (FIFA 11) (CDROM) (Total:6.31 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT Partition Type
==================== End Of Log ============================

Passwort ist geändert, danke für die schnelle Antwort!

schrauber · 14.10.2013, 07:49

Rechner ist sauber, sehr wahrscheinlich wurde nur dein Email-Konto gekapert. Noch Probleme seit Passwort-Wechsel?

starX · 14.10.2013, 18:24

Nein, ich hab keine Probleme mehr. Ich dachte auch dass einfach das Konto gehackt wurde (mein altes Passwort war erbärmlich schlecht... der Name von meiner Katze) aber man kann ja nie wissen.
Danke jedenfalls für die Hilfe!

schrauber · 15.10.2013, 09:08

Gern Geschehen

14.10.2013, 07:49	#4
schrauber /// the machine /// TB-Ausbilder	Web.de: Spam-Mails von meiner Adresse versendet Rechner ist sauber, sehr wahrscheinlich wurde nur dein Email-Konto gekapert. Noch Probleme seit Passwort-Wechsel? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

15.10.2013, 09:08	#6
schrauber /// the machine /// TB-Ausbilder	Web.de: Spam-Mails von meiner Adresse versendet Gern Geschehen __________________ --> Web.de: Spam-Mails von meiner Adresse versendet

Web.de: Spam-Mails von meiner Adresse versendet

Plagegeister aller Art und deren Bekämpfung: Web.de: Spam-Mails von meiner Adresse versendet