![]() |
Plagegeister aller Art und deren Bekämpfung: Viele "Mail delivery failed: returning message to sender" und komische Emails im Postfach!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #1 |
| ![]() Viele "Mail delivery failed: returning message to sender" und komische Emails im Postfach! Moin Moin! Ich habe seit gestern überdurchschnittlich viele "Mail delivery failed: returning message to sender" Mails im GMX Account. (Alle mails die ich über GMX Bekomme werden bei mir an meinen GMAIL account weitergeleitet) Hier mal der Inhalt solch einer MAIL: Code:
ATTFilter This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address failed: "meine.emailadresse@googlemail.com": (hier habe ich meine Adresse zensiert) SMTP error from remote server after transfer of mail text: host: gmail-smtp-in.l.google.com 5.7.1 [ 11] Our system has detected that this message is 5.7.1 not RFC 2822 compliant. To reduce the amount of spam sent to Gmail, 5.7.1 this message has been blocked. Please review 5.7.1 RFC 2822 specifications for more information. o7si11663521eep.288 - gsmtp --- The header of the original message is following. --- Return-Path: tsom@users.physics.harvard.edu Received: from amba.lu ([]) by mx-ha.gmx.net (mxgmx012) with ESMTP (Nemesis) id 0LduHD-1W1HKt3ODr-00j4Rx for <meine.emailadresse@gmx.de>; Sun, 27 Oct 2013 15:09:17 +0100 kip ykbf zyd ztp From: "jds wkei" <tsom@users.physics.harvard.edu> Reply-To: "jds wkei" <tsom@users.physics.harvard.edu> To: peter.strang@gmx.de Subject: slzr uwi Content-Transfer-Encoding: 7Bit Content-Type: text/plain; Envelope-To: <meine.emailadresse@gmx.de> (hier habe ich meine Adresse zensiert) X-GMX-Antispam: 6 (nemesis text pattern profiler); Detail=V3; X-GMX-Antivirus: 0 (no virus found) X-UI-Filterresults: junk:10;V01:K0:vZtr6oCCMFc=:Tpjyz5J0Ml6q4HiXboaWvbxMGJy+ kNfzqr4hgNRKStK3K0YuW3RlIfUqoryoyEMyNEtgHr6kA/kawsxlJFbn9ow5B7UEU9tWvVGuK upHlKSrlRfiTqpQ6mPOPEYVM0Lzh6zZ2w7ZfxEQcS2N2aU6bW17QAxAnuf+7WpnLqegcRRY6k sLEptV6az0M+dx57OEygqXT+RdwQzwfQk34QJ7K0uDeNa6po7vimFK7BpUngvU8U6PWiUTUXm YMXayMxyPElkC25fA/F9tg9j2tuTY55C8J26olo2R8fiMX/Tb/SzafRY4Wk4C0jEEjkBCO1+I nVQ5bTmS4ZJpbPNy+wdvJtDNfSOCJP8O8E49cTYZw7DeEBFrl+HglWIgbgTv4Z4SJxHlyFoP6 AxEbi6g6rEDgPUcugEY3YfQyY8/xfNcfjb9VWyWL79jAvYdnNdmG6air7RJnZEewbZ0ssN2F7 ZxHMBJKBJ+JorGESg2luGD8K0C8ituRFNUTO1L39rWpMlz/wKaOc5v8eNXQRq7ep7q8oRkxEv ZCqHEdxdZ2bWS7o/dkzmhNTSlBWtltDbXGbSwb1Eiib+aWwv0p9U17gqS7kXJGqOfAUQANmHq 3nY9/mmrlSsTesnuQWx4eoFzME84NFrQJfI4/tHCMjdtJ3FU3bx/cBzxl2AnDoBH6XDw+P2uw RdoQ8ihvcjPQnMKdknxY5Hi+6RWH9A7m7rhEXsxnhDw8TKoaDzNExF9QH+kkqqFD0Ky896P1Q DhVp923PZQnzi3DeDLWknIBnAzgddTm2rUH7GloOAfxiLS7uYp8x24EKUL1R87l+RWVJXAHcB Wfn1Xf0tfFgwOSHTq/a9Uww1x1ny9UyRsNcLt3cm+gDMu3CR4XG9/nepHRZ2DKxaKDaXSl+33 0u3H7cbXmoonf6xMAOptIbdKt1sJhOWHTFG6BGbxY71GDpFI3uzSnWu/Voo94ZSltJqPyWC7N 65EHkSCdxg+WmJ1Mgm0XPjm66dT6XOX5oDyPZm/8mp1ZhI0nRsCD/PxrRSV4t7TnS3X9LBzmA FZ95VMV7kh78SgInXAV1+dQMfZ71HWBBkZS0EDYZX8yxfreT6tUO1pQ1/oqbHjexdlRY8XM1G 4YdufmZhU+FCxnWzzX0RjJJmICPbHq4vGUDnZdHpi2/dcsrSl1geAbBdf0KNDc9fqUDIYsTxc VHad43QbAc0OCAxDZ6k3aJk1z4aSu95Lk1SzGmOMuvLWJ26LEbEdLwxopoHraYOPLtl0p2Poy 4KoWgTGFNv7I+grH/B1ZK8+0DHgTbDffC16jHcY0B2hUUfcOY+ykbD8YL0t6CKRUJNHpsFhXf PQROJXWJvZZEeoD0wGcvPlxXRk2Icdalzn5Z90zklho7BdXSV36vHTRuLXOBWT1CcdyPS3X6F TBsiDg3tMfQoXWLUJJfv7OeYUQJFB5yz53Kzl4dLFZ4MuF3QxRaja6UhSZMait3xxt53hsFRa WN0EeXZbOLBQxaFGSjb9A6oifwPA9C2bGJQmUhOeBaVcXeNnij+3ITiwZUHlqy6TnDuEZBTmh 8MxZCwYIutz4DQyRodGECGnvl4SGucNeQklzAS1 X-UI-Loop:V01:Bx5tzkw+nO0=:okr8GYA90PT2f+PYKcj9ppwkNMxV2/UnnO2esuCDOcs= Seit etwa 2 Wochen bekomme ich auch noch komische mails mit komischem Betreff und komischem inhalt ziemlich oft. Hier mal ein Screenshot dieser mails: KLICKEN UM ZU VERGRÖßERN: ![]() ![]() Was ist denn da passiert. Scheint mir irgendwie so als ob da jemand an mein GMX Account gekommen ist. Ich logge mich sehr selten in mein GMX Account ein. Diese Delivery Failed messages bekomme ich halt auch wenn mein momentan genutztes Laptop nicht läuft! Könnte ich einen Keylogger oder einen Trojaner auf meinem System installiert haben? Ich hätte normalerweise den laptop platt gemacht und Windows neu installiert. Nur auf diesem Laptop darf ich das im Moment nicht da ich mir den von meinem Bruder ausgeliehen habe weil meine beiden Laptops im Moment in Reparatur sind! Ich habe mal die geforderten Schritte durchgeführt. Hier mal die geforderten Informationen: FRST.txt FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2013 01 Ran by candy (administrator) on CHOCOLATE on 27-10-2013 18:10:11 Running from C:\Users\candy\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe () c:\wordpress\xampp\mysql\bin\mysqld.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (AVAST Software) C:\Program Files\AVAST\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\candy\Desktop\N-Cry.3.4.2\adb.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1 HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1 HKCU\...\Run: [Steam] - D:\Games\Steam\steam.exe [1813928 2013-10-09] (Valve Corporation) MountPoints2: F - F:\AutoRun.exe MountPoints2: {330f216f-7036-11e1-b6f6-e02a82395819} - G:\AutoRun.exe MountPoints2: {d217b981-ed33-11e0-bbe2-64315079e321} - F:\AutoRun.exe MountPoints2: {d217b999-ed33-11e0-bbe2-64315079e321} - F:\AutoRun.exe HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-03-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM-x32\...\Run: [Bonus.SSR.FR11] - C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [1363984 2013-05-25] (ABBYY Production LLC) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () Startup: C:\Users\candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={5E55CC33-1034-4EFB-AD79-AE732A5BA953}&mid=746f2097ced147d0bad1b578169d0ad2-7ec8c074a4e4b47362d8a9189205c84fe85b54c9&lang=en&ds=ga011&pr=sa&d=2012-07-28 18:43:41&v={searchTerms} SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={5E55CC33-1034-4EFB-AD79-AE732A5BA953}&mid=746f2097ced147d0bad1b578169d0ad2-7ec8c074a4e4b47362d8a9189205c84fe85b54c9&lang=en&ds=ga011&pr=sa&d=2012-07-28 18:43:41&v={searchTerms} BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: activation.cloud.techsmith.com Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: C:\Users\candy\AppData\Roaming\Mozilla\Firefox\Profiles\3jk716n9.default FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File CHR Plugin: (Screen Capture Plugin) - C:\Users\candy\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0\plugins/screen_capture.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) CHR Extension: (Google Docs) - C:\Users\candy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\candy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\candy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\candy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\ CHR Extension: (Chrome In-App Payments service) - C:\Users\candy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\ CHR Extension: (Gmail) - C:\Users\candy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) S4 Apache2.2; c:\wordpress\xampp\apache\bin\httpd.exe [18432 2011-09-10] (Apache Software Foundation) R2 avast! Antivirus; C:\Program Files\AVAST\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company) R2 mysql; c:\wordpress\xampp\mysql\bin\mysqld.exe [8158720 2011-09-09] () S2 NPVR Recording Service; "C:\Program Files (x86)\NPVR\NRecord.exe" [x] ==================== Drivers (Whitelisted) ==================== S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R4 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [28504 2012-03-07] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () S3 AVerAF15DMBTH64; C:\Windows\System32\Drivers\AVerAF15DMBTH64.sys [593024 2010-11-25] (AVerMedia TECHNOLOGIES, Inc.) S3 cmb38464; C:\Windows\System32\DRIVERS\cmb38464.sys [38944 2012-11-21] (Amanero SRL) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-03-08] (DT Soft Ltd) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-07-01] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-07-01] () S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [30720 2005-04-13] (The OpenVPN Project) R3 USBIPEnum; C:\Windows\System32\DRIVERS\USBIPEnum.sys [52296 2011-02-22] (Windows (R) Win 7 DDK provider) S2 AODDriver4.01; \??\C:\Program Files (x86)\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x] S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-27 18:06 - 2013-10-27 18:06 - 00000000 _____ C:\Users\candy\defogger_reenable 2013-10-27 18:05 - 2013-10-27 18:05 - 00004731 _____ C:\Users\candy\Desktop\Neues Textdokument.txt 2013-10-27 17:53 - 2013-10-27 17:55 - 00021883 _____ C:\Users\candy\Desktop\Addition.txt 2013-10-27 17:38 - 2013-10-27 18:07 - 00000000 ____D C:\Users\candy\Desktop\troj 2013-10-27 17:33 - 2013-10-27 17:33 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\candy\Desktop\mbam-setup- 2013-10-27 17:32 - 2013-10-27 17:33 - 01060070 _____ C:\Users\candy\Desktop\adwcleaner.exe 2013-10-27 17:30 - 2013-10-27 17:30 - 00000000 ____D C:\FRST 2013-10-27 17:24 - 2013-10-27 17:24 - 01956160 _____ (Farbar) C:\Users\candy\Desktop\FRST64.exe 2013-10-27 16:12 - 2013-10-27 16:21 - 00000000 ____D C:\Users\candy\Desktop\N-Cry.3.4.2 2013-10-27 16:06 - 2013-10-27 16:06 - 08581933 _____ C:\Users\candy\Desktop\N-Cry.3.4.2.zip 2013-10-27 12:11 - 2013-10-27 12:11 - 00000000 ____D C:\Users\candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft 2013-10-27 12:05 - 2013-10-27 12:06 - 00000000 ____D C:\Users\candy\Desktop\Minecraft 1.7.2 by TeamExtremeMc.com 2013-10-26 20:48 - 2013-10-26 20:48 - 00000000 ____D C:\Users\candy\AppData\Roaming\LibreOffice 2013-10-26 20:21 - 2013-10-26 20:21 - 00002589 _____ C:\Users\Public\Desktop\LibreOffice 4.1.lnk 2013-10-26 20:12 - 2013-10-26 20:20 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4 2013-10-26 18:17 - 2013-10-27 09:56 - 00000000 ____D C:\Users\candy\Desktop\Uni 2013-10-26 12:46 - 2013-10-26 12:47 - 18841658 _____ C:\Users\candy\Desktop\R7000-V1.0.2.111_1.0.17.chk 2013-10-25 22:30 - 2013-10-25 22:30 - 00000000 ____D C:\ProgramData\ATI 2013-10-25 22:30 - 2013-10-25 22:30 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2013-10-25 22:30 - 2013-10-25 22:30 - 00000000 ____D C:\Program Files (x86)\AMD APP 2013-10-25 21:46 - 2013-10-27 12:32 - 00000000 ____D C:\Users\candy\AppData\Roaming\.minecraft 2013-10-25 21:46 - 2013-10-27 12:11 - 00002129 _____ C:\Users\candy\Desktop\Minecraft.lnk 2013-10-25 21:31 - 2013-09-23 11:11 - 66729528 _____ (TeamExtreme ) C:\Users\candy\Desktop\Minecraft 1.6.4.exe 2013-10-23 00:43 - 2013-10-23 00:43 - 00001130 _____ C:\Users\Public\Desktop\TeamViewer 8 Host.lnk 2013-10-23 00:42 - 2013-10-23 00:42 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2013-10-22 14:24 - 2013-10-22 14:24 - 00000000 ____D C:\Users\candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2013-10-22 14:24 - 2013-10-22 14:24 - 00000000 ____D C:\Program Files (x86)\IrfanView 2013-10-20 07:52 - 2013-10-21 11:19 - 00000000 ____D C:\Users\candy\AppData\Roaming\mIRC 2013-10-20 07:52 - 2013-10-20 07:52 - 00000919 _____ C:\Users\Public\Desktop\mIRC.lnk 2013-10-20 07:52 - 2013-10-20 07:52 - 00000000 ____D C:\Program Files (x86)\mIRC 2013-10-16 20:58 - 2013-10-16 20:58 - 00000593 _____ C:\Users\Public\Desktop\Cygwin64 Terminal.lnk 2013-10-16 18:34 - 2013-10-16 20:58 - 00000000 ____D C:\cygwin64 2013-10-15 20:48 - 2013-10-15 20:48 - 00001258 _____ C:\Users\mile\Desktop\DiskInternals Research.lnk 2013-10-15 20:48 - 2013-10-15 20:48 - 00000000 ____D C:\Users\candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals 2013-10-15 20:47 - 2013-10-15 20:47 - 00000000 ____D C:\Program Files (x86)\DiskInternals 2013-10-12 09:27 - 2013-10-12 09:27 - 00000000 ____D C:\Users\candy\AppData\Roaming\XBMC 2013-10-12 09:22 - 2010-05-26 10:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2013-10-12 09:22 - 2010-05-26 10:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2013-10-12 09:18 - 2013-10-12 09:18 - 00000000 ____D C:\Users\candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC 2013-10-12 09:17 - 2013-10-12 09:18 - 00000000 ____D C:\Program Files (x86)\XBMC 2013-10-12 02:56 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-12 02:56 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-12 02:56 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-12 02:56 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-12 02:56 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-12 02:56 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-12 02:56 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-12 02:56 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-12 02:56 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-12 02:56 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-12 02:56 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-12 02:56 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-12 02:56 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-12 02:56 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-12 02:56 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-12 02:56 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-12 02:56 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-12 02:56 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-12 02:56 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-12 02:56 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-12 02:56 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-12 02:56 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-12 02:56 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-12 02:56 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-12 02:56 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-12 02:56 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-12 02:56 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-12 02:56 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-12 02:55 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-12 02:55 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-12 02:55 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-12 02:12 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-12 02:12 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-12 02:12 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-12 02:12 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-12 02:12 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-12 02:12 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-10-12 02:12 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-11 05:22 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-11 05:22 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2013-10-11 05:22 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-11 05:22 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-11 05:21 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-11 05:21 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-11 05:21 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-11 05:21 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-11 05:21 - 2013-08-29 02:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys 2013-10-11 05:21 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-11 05:21 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2013-10-11 05:21 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-11 05:21 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-11 05:21 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-11 05:21 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-11 05:21 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-11 05:21 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-11 05:21 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-11 05:21 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-11 05:21 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-11 05:21 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-11 05:21 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-11 05:21 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-11 05:21 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-11 05:21 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-11 05:21 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-11 05:21 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-11 05:21 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-11 05:21 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-11 05:19 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-11 05:19 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-11 05:19 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-11 05:19 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-10-11 05:19 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-11 05:19 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-11 05:19 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-11 05:19 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-11 05:19 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-11 05:19 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-11 05:19 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-11 05:19 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-11 05:19 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-11 05:19 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-11 05:19 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-11 05:18 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-11 05:18 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-11 05:18 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-11 05:18 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 18:33 - 2013-10-09 18:34 - 00884437 _____ C:\Users\candy\Downloads\4C44.tmp 2013-10-06 11:22 - 2013-10-06 11:22 - 00001034 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-10-03 21:52 - 2013-10-03 21:53 - 00000000 ____D C:\ProgramData\Oracle 2013-10-03 21:51 - 2013-10-03 21:50 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-10-03 21:51 - 2013-10-03 21:50 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-10-03 21:51 - 2013-10-03 21:50 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-10-03 21:51 - 2013-10-03 21:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-03 19:34 - 2013-10-03 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-03 13:23 - 2013-10-03 13:37 - 00000000 ____D C:\Users\candy\Desktop\Arduino 2013-09-30 08:08 - 2013-09-30 08:08 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll 2013-09-30 08:08 - 2013-09-30 08:08 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll 2013-09-28 16:35 - 2013-09-28 16:35 - 00000000 ____D C:\ProgramData\Logitech 2013-09-28 16:34 - 2013-09-28 16:34 - 00000000 ____D C:\Users\Public\Documents\Logishrd 2013-09-28 16:30 - 2013-09-28 16:30 - 00000000 ____D C:\Users\candy\AppData\Roaming\Leadertech 2013-09-28 16:23 - 2013-10-17 13:47 - 00001928 _____ C:\Windows\LkmdfCoInst.log 2013-09-28 16:23 - 2013-10-17 13:36 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2013-09-28 16:19 - 2013-09-28 16:26 - 00007328 _____ C:\Windows\LDPINST.LOG 2013-09-28 16:17 - 2013-09-28 16:34 - 00000000 ____D C:\ProgramData\Logishrd 2013-09-28 16:17 - 2013-09-28 16:17 - 00000000 ____D C:\Program Files\Logitech 2013-09-28 16:16 - 2013-09-28 16:26 - 00000000 ____D C:\Program Files\Common Files\LogiShrd 2013-09-28 16:14 - 2013-09-28 16:32 - 00000000 ____D C:\Users\candy\AppData\Roaming\Logitech 2013-09-28 16:14 - 2013-09-28 16:16 - 00000000 ____D C:\Users\candy\AppData\Roaming\Logishrd ==================== One Month Modified Files and Folders ======= 2013-10-27 18:08 - 2011-11-07 18:50 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F43A8D18-BC33-4B43-B110-C99C36CE59C0} 2013-10-27 18:07 - 2013-10-27 17:38 - 00000000 ____D C:\Users\candy\Desktop\troj 2013-10-27 18:06 - 2013-10-27 18:06 - 00000000 _____ C:\Users\candy\defogger_reenable 2013-10-27 18:06 - 2011-01-27 14:57 - 00000000 ____D C:\Users\candy 2013-10-27 18:05 - 2013-10-27 18:05 - 00004731 _____ C:\Users\candy\Desktop\Neues Textdokument.txt 2013-10-27 17:58 - 2013-01-31 12:16 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-27 17:55 - 2013-10-27 17:53 - 00021883 _____ C:\Users\candy\Desktop\Addition.txt 2013-10-27 17:50 - 2013-05-12 16:16 - 00000000 ____D C:\Users\mile 2013-10-27 17:33 - 2013-10-27 17:33 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\candy\Desktop\mbam-setup- 2013-10-27 17:33 - 2013-10-27 17:32 - 01060070 _____ C:\Users\candy\Desktop\adwcleaner.exe 2013-10-27 17:33 - 2013-06-29 11:09 - 00000000 ____D C:\Users\candy\AppData\Roaming\BOM 2013-10-27 17:30 - 2013-10-27 17:30 - 00000000 ____D C:\FRST 2013-10-27 17:24 - 2013-10-27 17:24 - 01956160 _____ (Farbar) C:\Users\candy\Desktop\FRST64.exe 2013-10-27 16:21 - 2013-10-27 16:12 - 00000000 ____D C:\Users\candy\Desktop\N-Cry.3.4.2 2013-10-27 16:06 - 2013-10-27 16:06 - 08581933 _____ C:\Users\candy\Desktop\N-Cry.3.4.2.zip 2013-10-27 15:58 - 2012-07-28 11:50 - 01258382 _____ C:\Windows\WindowsUpdate.log 2013-10-27 12:32 - 2013-10-25 21:46 - 00000000 ____D C:\Users\candy\AppData\Roaming\.minecraft 2013-10-27 12:11 - 2013-10-27 12:11 - 00000000 ____D C:\Users\candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft 2013-10-27 12:11 - 2013-10-25 21:46 - 00002129 _____ C:\Users\candy\Desktop\Minecraft.lnk 2013-10-27 12:06 - 2013-10-27 12:05 - 00000000 ____D C:\Users\candy\Desktop\Minecraft 1.7.2 2013-10-27 11:43 - 2011-03-06 20:51 - 00000000 ____D C:\Users\candy\AppData\Roaming\Skype 2013-10-27 10:55 - 2013-06-29 10:35 - 00000000 ____D C:\Users\candy\AppData\Roaming\HandBrake 2013-10-27 10:50 - 2013-06-16 16:36 - 00000000 ____D C:\Users\candy\AppData\Local\JDownloader v2.0 2013-10-27 09:56 - 2013-10-26 18:17 - 00000000 ____D C:\Users\candy\Desktop\Uni 2013-10-27 08:28 - 2009-07-14 18:58 - 00713006 _____ C:\Windows\system32\perfh007.dat 2013-10-27 08:28 - 2009-07-14 18:58 - 00156158 _____ C:\Windows\system32\perfc007.dat 2013-10-27 08:28 - 2009-07-14 06:13 - 01658090 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-26 22:36 - 2011-01-27 15:41 - 00076592 _____ C:\Users\candy\AppData\Local\GDIPFONTCACHEV1.DAT 2013-10-26 20:48 - 2013-10-26 20:48 - 00000000 ____D C:\Users\candy\AppData\Roaming\LibreOffice 2013-10-26 20:21 - 2013-10-26 20:21 - 00002589 _____ C:\Users\Public\Desktop\LibreOffice 4.1.lnk 2013-10-26 20:20 - 2013-10-26 20:12 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4 2013-10-26 17:58 - 2013-01-31 12:16 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-26 12:47 - 2013-10-26 12:46 - 18841658 _____ C:\Users\candy\Desktop\R7000-V1.0.2.111_1.0.17.chk 2013-10-25 22:30 - 2013-10-25 22:30 - 00000000 ____D C:\ProgramData\ATI 2013-10-25 22:30 - 2013-10-25 22:30 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2013-10-25 22:30 - 2013-10-25 22:30 - 00000000 ____D C:\Program Files (x86)\AMD APP 2013-10-25 22:30 - 2011-01-27 20:02 - 00000000 ____D C:\ProgramData\AMD 2013-10-25 22:29 - 2009-07-14 05:45 - 00027632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-25 22:29 - 2009-07-14 05:45 - 00027632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-25 22:28 - 2013-07-01 20:05 - 00000000 ____D C:\Program Files\ATI Technologies 2013-10-25 22:22 - 2012-07-29 00:00 - 00043235 _____ C:\Windows\setupact.log 2013-10-25 21:19 - 2009-07-14 05:45 - 02216056 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-25 21:18 - 2013-01-31 15:22 - 00011408 _____ C:\Windows\PFRO.log 2013-10-25 21:18 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-23 00:43 - 2013-10-23 00:43 - 00001130 _____ C:\Users\Public\Desktop\TeamViewer 8 Host.lnk 2013-10-23 00:42 - 2013-10-23 00:42 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2013-10-22 14:24 - 2013-10-22 14:24 - 00000000 ____D C:\Users\candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2013-10-22 14:24 - 2013-10-22 14:24 - 00000000 ____D C:\Program Files (x86)\IrfanView 2013-10-21 11:19 - 2013-10-20 07:52 - 00000000 ____D C:\Users\candy\AppData\Roaming\mIRC 2013-10-20 16:47 - 2013-09-16 15:20 - 00000000 ____D C:\Users\candy\AppData\Local\CrashDumps 2013-10-20 15:34 - 2011-02-24 20:26 - 00000000 ____D C:\Users\candy\AppData\Roaming\vlc 2013-10-20 08:03 - 2011-03-01 13:43 - 00000000 ____D C:\Program Files (x86)\Bonjour 2013-10-20 07:52 - 2013-10-20 07:52 - 00000919 _____ C:\Users\Public\Desktop\mIRC.lnk 2013-10-20 07:52 - 2013-10-20 07:52 - 00000000 ____D C:\Program Files (x86)\mIRC 2013-10-20 07:51 - 2011-03-08 21:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-10-19 09:08 - 2013-02-01 01:15 - 00004164 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-10-17 13:47 - 2013-09-28 16:23 - 00001928 _____ C:\Windows\LkmdfCoInst.log 2013-10-17 13:36 - 2013-09-28 16:23 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2013-10-16 20:58 - 2013-10-16 20:58 - 00000593 _____ C:\Users\Public\Desktop\Cygwin64 Terminal.lnk 2013-10-16 20:58 - 2013-10-16 18:34 - 00000000 ____D C:\cygwin64 2013-10-16 20:00 - 2012-08-05 20:22 - 00782336 ___SH C:\Users\candy\Downloads\Thumbs.db 2013-10-16 19:37 - 2013-07-05 15:08 - 00000600 _____ C:\Users\candy\AppData\Local\PUTTY.RND 2013-10-16 08:03 - 2013-01-31 12:18 - 00002147 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-10-15 20:48 - 2013-10-15 20:48 - 00001258 _____ C:\Users\mile\Desktop\DiskInternals Research.lnk 2013-10-15 20:48 - 2013-10-15 20:48 - 00000000 ____D C:\Users\candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals 2013-10-15 20:47 - 2013-10-15 20:47 - 00000000 ____D C:\Program Files (x86)\DiskInternals 2013-10-12 17:53 - 2013-01-31 12:16 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-12 17:53 - 2013-01-31 12:16 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-10-12 09:27 - 2013-10-12 09:27 - 00000000 ____D C:\Users\candy\AppData\Roaming\XBMC 2013-10-12 09:18 - 2013-10-12 09:18 - 00000000 ____D C:\Users\candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC 2013-10-12 09:18 - 2013-10-12 09:17 - 00000000 ____D C:\Program Files (x86)\XBMC 2013-10-12 02:54 - 2011-02-01 02:04 - 01635984 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-10-12 02:42 - 2013-08-15 19:38 - 00000000 ____D C:\Windows\system32\MRT 2013-10-12 02:31 - 2011-02-01 01:25 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-10-11 04:49 - 2013-02-02 08:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-09 18:34 - 2013-10-09 18:33 - 00884437 _____ C:\Users\candy\Downloads\4C44.tmp 2013-10-09 18:32 - 2011-03-06 20:51 - 00000000 ____D C:\ProgramData\Skype 2013-10-09 18:30 - 2013-02-03 10:11 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-10-06 11:22 - 2013-10-06 11:22 - 00001034 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-10-03 21:53 - 2013-10-03 21:52 - 00000000 ____D C:\ProgramData\Oracle 2013-10-03 21:50 - 2013-10-03 21:51 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-10-03 21:50 - 2013-10-03 21:51 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-10-03 21:50 - 2013-10-03 21:51 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-10-03 21:50 - 2013-10-03 21:51 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-03 21:50 - 2013-02-18 19:04 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-10-03 21:50 - 2011-02-28 21:18 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-10-03 21:50 - 2011-02-28 21:18 - 00000000 ____D C:\Program Files (x86)\Java 2013-10-03 19:35 - 2013-10-03 19:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-03 13:37 - 2013-10-03 13:23 - 00000000 ____D C:\Users\candy\Desktop\Arduino 2013-10-03 09:44 - 2011-03-01 16:13 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-10-03 09:25 - 2011-01-27 14:57 - 00000000 ___RD C:\Users\candy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-30 08:08 - 2013-09-30 08:08 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll 2013-09-30 08:08 - 2013-09-30 08:08 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll 2013-09-28 16:35 - 2013-09-28 16:35 - 00000000 ____D C:\ProgramData\Logitech 2013-09-28 16:34 - 2013-09-28 16:34 - 00000000 ____D C:\Users\Public\Documents\Logishrd 2013-09-28 16:34 - 2013-09-28 16:17 - 00000000 ____D C:\ProgramData\Logishrd 2013-09-28 16:32 - 2013-09-28 16:14 - 00000000 ____D C:\Users\candy\AppData\Roaming\Logitech 2013-09-28 16:30 - 2013-09-28 16:30 - 00000000 ____D C:\Users\candy\AppData\Roaming\Leadertech 2013-09-28 16:26 - 2013-09-28 16:19 - 00007328 _____ C:\Windows\LDPINST.LOG 2013-09-28 16:26 - 2013-09-28 16:16 - 00000000 ____D C:\Program Files\Common Files\LogiShrd 2013-09-28 16:17 - 2013-09-28 16:17 - 00000000 ____D C:\Program Files\Logitech 2013-09-28 16:16 - 2013-09-28 16:14 - 00000000 ____D C:\Users\candy\AppData\Roaming\Logishrd Some content of TEMP: ==================== C:\Users\candy\AppData\Local\Temp\13-4_mobility_win7_win8_64_dd_ccc_whql.exe C:\Users\candy\AppData\Local\Temp\AskSLib.dll C:\Users\candy\AppData\Local\Temp\avguidx.dll C:\Users\candy\AppData\Local\Temp\CommonInstaller.exe C:\Users\candy\AppData\Local\Temp\cygiconv-2.dll C:\Users\candy\AppData\Local\Temp\cygintl-8.dll C:\Users\candy\AppData\Local\Temp\cygwin1.dll C:\Users\candy\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\candy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\candy\AppData\Local\Temp\LMkRstPt.exe C:\Users\candy\AppData\Local\Temp\MachineIdCreator.exe C:\Users\candy\AppData\Local\Temp\md5sum.exe C:\Users\candy\AppData\Local\Temp\mirc732.exe C:\Users\candy\AppData\Local\Temp\oi_{147E6E83-1B95-4802-BA9A-8F2EA8B9D4F3}.exe C:\Users\candy\AppData\Local\Temp\proxy_vole82871546064823047.dll C:\Users\candy\AppData\Local\Temp\SkypeSetup.exe C:\Users\candy\AppData\Local\Temp\ToolbarInstaller.exe C:\Users\candy\AppData\Local\Temp\_isB31C.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-20 23:59 ==================== End Of Log ============================ --- --- --- --- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2013 01 Ran by candy at 2013-10-27 17:53:47 Running from C:\Users\candy\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C} AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== µTorrent (HKCU Version: 7-Zip 9.20 (x64 edition) (Version: ABBYY FineReader 11 (x32 Version: 11.11.169) Adobe Anchor Service CS3 (x32 Version: 1.0) Adobe Asset Services CS3 (x32 Version: 3) Adobe Bridge CS3 (x32 Version: 2) Adobe Bridge Start Meeting (x32 Version: 1.0) Adobe Camera Raw 4.0 (x32 Version: 4.0) Adobe CMaps (x32 Version: 1.0) Adobe Color - Photoshop Specific (x32 Version: 1.0) Adobe Color Common Settings (x32 Version: 1.0) Adobe Color EU Recommended Settings (x32 Version: 1.0) Adobe Color JA Extra Settings (x32 Version: 1.0) Adobe Color NA Extra Settings (x32 Version: 1.0) Adobe Default Language CS3 (x32 Version: 1.0) Adobe Device Central CS3 (x32 Version: 1.0) Adobe Dreamweaver CS3 (x32 Version: 9) Adobe Dreamweaver CS3 (x32 Version: 9.0) Adobe ExtendScript Toolkit 2 (x32 Version: 2.0) Adobe Extension Manager CS3 (x32 Version: 1.8) Adobe Fonts All (x32 Version: 1.0) Adobe Help Viewer CS3 (x32 Version: 1) Adobe Linguistics CS3 (x32 Version: 3.0.0) Adobe PDF Library Files (x32 Version: 8.0) Adobe Photoshop CS3 (x32 Version: 10) Adobe Photoshop CS3 (x32 Version: 10.0) Adobe Reader X (10.0.1) - Deutsch (x32 Version: 10.0.1) Adobe Setup (x32 Version: 1.0) Adobe Stock Photos CS3 (x32 Version: 1.5) Adobe Type Support (x32 Version: 1.0) Adobe Update Manager CS3 (x32 Version: 5.1.0) Adobe Version Cue CS3 Client (x32 Version: 3) Adobe WinSoft Linguistics Plugin (x32 Version: 1.0) Adobe XMP Panels CS3 (x32 Version: 1.0) AMD Accelerated Video Transcoding (Version: AMD APP SDK Runtime (Version: 10.0.937.2) AMD Catalyst Install Manager (Version: 8.0.911.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Fuel (Version: 2013.0429.2313.39747) AMD Media Foundation Decoders (Version: 1.0.80430.0002) AMD VISION Engine Control Center (x32 Version: 2013.0429.2313.39747) avast! Free Antivirus (x32 Version: 8.0.1497.0) Biet-O-Matic v2.14.12 (x32 Version: 2.14.12) Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6) Brother MFL-Pro Suite MFC-J5910DW (x32 Version: Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747) Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225) Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747) CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747) CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747) CCC Help Czech (x32 Version: 2013.0429.2312.39747) CCC Help Danish (x32 Version: 2013.0429.2312.39747) CCC Help Dutch (x32 Version: 2013.0429.2312.39747) CCC Help English (x32 Version: 2013.0429.2312.39747) CCC Help Finnish (x32 Version: 2013.0429.2312.39747) CCC Help French (x32 Version: 2013.0429.2312.39747) CCC Help German (x32 Version: 2013.0429.2312.39747) CCC Help Greek (x32 Version: 2013.0429.2312.39747) CCC Help Hungarian (x32 Version: 2013.0429.2312.39747) CCC Help Italian (x32 Version: 2013.0429.2312.39747) CCC Help Japanese (x32 Version: 2013.0429.2312.39747) CCC Help Korean (x32 Version: 2013.0429.2312.39747) CCC Help Norwegian (x32 Version: 2013.0429.2312.39747) CCC Help Polish (x32 Version: 2013.0429.2312.39747) CCC Help Portuguese (x32 Version: 2013.0429.2312.39747) CCC Help Russian (x32 Version: 2013.0429.2312.39747) CCC Help Spanish (x32 Version: 2013.0429.2312.39747) CCC Help Swedish (x32 Version: 2013.0429.2312.39747) CCC Help Thai (x32 Version: 2013.0429.2312.39747) CCC Help Turkish (x32 Version: 2013.0429.2312.39747) ccc-utility64 (Version: 2013.0429.2313.39747) CCleaner (Version: 3.20) Cisco EAP-FAST Module (x32 Version: 2.2.14) Cisco LEAP Module (x32 Version: 1.0.19) Cisco PEAP Module (x32 Version: 1.1.6) DAEMON Tools Lite (x32 Version: eReg (x32 Version: FileZilla Client 3.5.3 (HKCU Version: 3.5.3) FileZilla Client (x32 Version: GIMP 2.6.11 (x32 Version: 2.6.11) Google Chrome (x32 Version: 30.0.1599.101) Google Update Helper (x32 Version: HandBrake (x32 Version: HashCheck Shell Extension (x86-32) (x32 Version: HashCheck Shell Extension (x86-64) (Version: HP HotKey Support (Version: HP USB Disk Storage Format Tool (x32) ImgBurn (x32 Version: IrfanView (remove only) (x32 Version: 4.36) Java 7 Update 40 (x32 Version: 7.0.400) Java Auto Updater (x32 Version: Java(TM) 6 Update 24 (x32 Version: 6.0.240) Java(TM) 7 Update 1 (64-bit) (Version: 7.0.10) Java(TM) SE Development Kit 7 Update 1 (64-bit) (Version: JDownloader 2 (Version: 2) JDownloader 2 (Version: 2.0) LibreOffice (x32 Version: Logitech SetPoint 6.61 (Version: 6.61.15) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322) Microsoft .NET Framework 1.1 (x32) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319) Minecraft1.6.4 (x32) Minecraft1.7.2 (x32) MiniTool Partition Wizard Home Edition 8.0 (x32) mIRC (x32 Version: 7.32) Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1) Mozilla Maintenance Service (x32 Version: 23.0.1) MSVCRT Redists (Version: 1.0) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MyFonts Order M2804930 (x32 Version: 1.0) NAS Starter Utility (x32) NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1) Notepad++ (x32 Version: 6.3) PDF Settings (x32 Version: 1.0) PDF-Viewer (Version: SDFormatter (x32 Version: 4.0.0) Skype™ 6.7 (x32 Version: 6.7.102) Steam (x32 Version: Team Fortress 2 (x32) TeamViewer 8 Host (x32 Version: 8.0.22298) TI Connect 1.6 (x32 Version: 1.6) TI Connect™ (x32 Version: TI NoteFolio Creator (x32 Version: TI StudyCards Creator (x32 Version: Universal Adb Driver (x32 Version: 1.0.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3) Vegas Pro 9.0 (64-bit) (Version: 9.0.1146) Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 (x32 Version: 9.0.30729.01) VLC media player 2.0.8 (x32 Version: 2.0.8) WinDirStat 1.1.2 (HKCU) Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 (Version: 06/11/2009 Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 (Version: 09/02/2009 Windows-Treiberpaket - Amanero Technologies (cmb38464) MEDIA (11/21/2012 1.0.56) (Version: 11/21/2012 1.0.56) XAMPP 1.7.7 (x32) XBMC (HKCU) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 03:34 - 2013-02-05 14:22 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts activation.cloud.techsmith.com ==================== Scheduled Tasks (whitelisted) ============= Task: {2BA9EF52-7CC9-42CA-B2F2-31259699266C} - System32\Tasks\{414E20F3-C589-4FE2-A722-ED4EBED80165} => Chrome.exe hxxp://ui.skype.com/ui/0/;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2 Task: {444CA150-8737-430E-80FF-99922E2911C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd) Task: {ABE2B556-8E8C-4445-A98A-08B8E18D19EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-31] (Google Inc.) Task: {D4E5A77D-54BC-4224-B913-BA28E344876D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software) Task: {E1F94E3A-1809-4C08-8621-29A1BB2DD9B1} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {EF839303-EDED-4659-B1E3-86A392D28D5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-31] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2013-04-29 22:25 - 2013-04-29 22:25 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2013-06-18 14:49 - 2013-06-18 14:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2013-04-29 22:08 - 2013-04-29 22:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2013-10-27 16:38 - 2013-10-27 13:57 - 02105856 _____ () C:\Program Files\AVAST\Avast\defs\13102700\algo.dll 2012-11-29 22:59 - 2012-11-29 22:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2013-10-16 08:02 - 2013-10-09 01:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll 2013-10-16 08:02 - 2013-10-09 01:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll 2013-10-16 08:02 - 2013-10-09 01:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll 2013-10-16 08:02 - 2013-10-09 01:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll 2013-10-16 08:02 - 2013-10-09 01:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll 2013-10-16 08:02 - 2013-10-09 01:02 - 13584336 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Bluetooth-Gerät (PAN) Description: Bluetooth-Gerät (PAN) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: BthPan Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Microsoft-Adapter für Miniports virtueller WiFis Description: Microsoft-Adapter für Miniports virtueller WiFis Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: AODDriver4.01 Description: AODDriver4.01 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AODDriver4.01 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/27/2013 03:27:32 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9296583 Error: (10/27/2013 03:27:32 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9296583 Error: (10/27/2013 03:27:32 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/27/2013 03:27:31 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9295538 Error: (10/27/2013 03:27:31 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9295538 Error: (10/27/2013 03:27:31 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/27/2013 03:27:30 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9294492 Error: (10/27/2013 03:27:30 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9294492 Error: (10/27/2013 03:27:30 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/27/2013 03:27:29 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9293478 System errors: ============= Error: (10/27/2013 04:05:11 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (10/27/2013 03:28:18 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst hpHotkeyMonitor erreicht. Error: (10/27/2013 03:26:51 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TeamViewer8 erreicht. Error: (10/27/2013 11:58:21 AM) (Source: Tcpip) (User: ) Description: Das System hat einen Adressenkonflikt der IP-Adresse mit dem Computer mit der Netzwerkhardwareadresse 68-94-23-CA-54-01 ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. Error: (10/27/2013 08:33:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073712 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2863058) Error: (10/27/2013 08:25:07 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst hpHotkeyMonitor erreicht. Error: (10/27/2013 02:00:14 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TeamViewer8 erreicht. Error: (10/26/2013 09:23:10 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (10/26/2013 05:18:10 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst hpHotkeyMonitor erreicht. Error: (10/26/2013 00:07:16 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MpsSvc erreicht. Microsoft Office Sessions: ========================= Error: (10/27/2013 03:27:32 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9296583 Error: (10/27/2013 03:27:32 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9296583 Error: (10/27/2013 03:27:32 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/27/2013 03:27:31 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9295538 Error: (10/27/2013 03:27:31 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9295538 Error: (10/27/2013 03:27:31 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/27/2013 03:27:30 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9294492 Error: (10/27/2013 03:27:30 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9294492 Error: (10/27/2013 03:27:30 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/27/2013 03:27:29 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9293478 CodeIntegrity Errors: =================================== Date: 2011-06-12 00:14:06.064 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tap0801.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-06-12 00:14:06.033 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tap0801.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 92% Total physical RAM: 1788.56 MB Available physical RAM: 133.4 MB Total Pagefile: 4059.23 MB Available Pagefile: 751.66 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Win7) (Fixed) (Total:46.57 GB) (Free:5.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Data) (Fixed) (Total:203.09 GB) (Free:10.17 GB) NTFS Drive f: () (Removable) (Total:3.67 GB) (Free:1.74 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: D2C16FE5) Partition 1: (Active) - (Size=47 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=2 GB) - (Type=82) Partition 3: (Not Active) - (Size=47 GB) - (Type=83) Partition 4: (Not Active) - (Size=203 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================ ALS ZIP ANGEHÄNGT Danke schonmal im Voraus und nette Grüße! Ron Geändert von bigron (27.10.2013 um 19:10 Uhr) Grund: Gmer.log als ZIP archiv angehängt |
![]() | #2 |
| ![]() Viele "Mail delivery failed: returning message to sender" und komische Emails im Postfach! Soo. Bekomme auch nach Änderung des GMX und Gmail passworts auf einem PC mit CrunchBang Linux immer noch die "Mail delivery failed: returning message to sender" Emails vom GMX Server auf mein Gmail Account wo es halt weitergeleitet wird.
__________________Man Man Man. Was ist da blos nur los. Letzten Freitag war ich bei einem Kumpel und wir haben im LAN paar Spiele gespielt. Könnte es einfach so über das Netzwerk mein Laptop kompromittiert haben? Nette Grüße! Ron |
![]() | #3 |
| ![]() Viele "Mail delivery failed: returning message to sender" und komische Emails im Postfach! Ich habe die Frage schon in einem anderen Thread beantwortet, aber ich mache es gern noch ein zweites Mal: Das ist eine ganz gewöhnliche Spam-Attacke an vorname.nachname@gmx.de-Adressen. Die Mailer-Daemon-Mails kommen durch die Weiterleitung von gmx an gmail zustande, da die Mails nicht RFC 2822 compliant sind und deshalb von gmail abgewiesen werden. Dadurch wird die Mailer-Daemon-Mail an Deinen gmx-Account geschickt, die dann wiederum an gmail weitergeleitet wird. Die Sache ist also nervig, aber harmlos.
__________________ |
![]() | #4 |
| ![]() Viele "Mail delivery failed: returning message to sender" und komische Emails im Postfach! Moin Moin! Vielen lieben Dank für die Aufklärung. Ich dachte schon da wäre mein GMX Account gekapert bzw. dafür genutzt um Spam zu verteilen. Ich lasse trotzdem nochmal den ESET Scanner durchlaufen, jedoch sieht es so aus als ob da keine Datei infiziert sei. Danke nochmals! Nette Grüße Ron |
![]() |
Themen zu Viele "Mail delivery failed: returning message to sender" und komische Emails im Postfach! |
4d36e972-e325-11ce-bfc1-08002be10318, adobe, bonjour, branding, browser, cid, computer, cs3, defender, failed, farbar, farbar recovery scan tool, ftp, gmer.log, gmx.de, helper, home, installation, komische mails, mail delivery, mozilla, nemesis, photoshop, plug-in, registry, rundll, scan, security, server, services.exe, spam, svchost.exe, system, tracker, trojaner, windows |