| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BSI-Mailcheck positiv, wie den Rechner testen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.01.2014, 14:32
| #1 |
 |  BSI-Mailcheck positiv, wie den Rechner testen? Hi@all, eine Freundin ist beim BSI-Mailcheck "durchgefallen", Sie ändert natürlich alle Kennwörter und "passt" hoffentlich bei Ungereimtheiten zukünftig auf. Ich habe bereits ne DesinfeC't über das System gejagt, Ergebnis hatte ich nicht gespeichert (sorry), war aber unauffällig. Kann ich unter Windows etwas testen/einrichten, etc. um das Ergebnis zu stützen. Neuinstallation ist möglich, aber wenn es sich vermeiden läßt, dann spare ich mir das gerne.. Danke für Tipps. Carsten PS: Ich lasse gleich noch einmal die DesinfeC't starten (ich schreibe auch gerade darüber), da ich noch einen Datenrettungsversuch parallel bearbeiten will.. |
|
26.01.2014, 17:01
| #2 |
| /// the machine /// TB-Ausbilder    | BSI-Mailcheck positiv, wie den Rechner testen? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
26.01.2014, 19:39
| #3 |
| | BSI-Mailcheck positiv, wie den Rechner testen? Hallo Schrauber,
__________________zunächst vielen Dank für deine Hilfe, es folgen die Log´s FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-01-2014 03
Ran by nana (administrator) on NANA-PC on 26-01-2014 19:32:03
Running from E:\XXX\FSRT
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Hilfe Assistent\Hilfe_Assistent.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sony Computer Entertainment Inc.) C:\Program Files\Sony\Content Manager Assistant\CMA.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Sony Computer Entertainment Inc.) C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe
(T-Systems Enterprise Services GmbH) C:\Program Files\HotSpot Manager\HotSpotMgr.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(T-Systems Enterprise Services GmbH) C:\Program Files\Common Files\T-Com\HotspotMgr\HotSpotFSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Hilfe Assistent] - C:\Program Files\Hilfe Assistent\Hilfe_Assistent.exe [17299264 2013-05-24] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKCU\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
MountPoints2: {4b2540c0-fc83-11e2-8672-001377645320} - E:\CMADownloader.exe
Startup: C:\Users\nana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSpot Manager.lnk
ShortcutTarget: HotSpot Manager.lnk -> C:\Program Files\HotSpot Manager\HotSpotMgr.exe (T-Systems Enterprise Services GmbH)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9956AE5E6704CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKCU - {08D8F5F2-A780-4659-BB52-E5DD969990D6} URL = {searchTerms} - Avira Search Free powered by Ask.com
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\nana\AppData\Roaming\Mozilla\Firefox\Profiles\7phujihs.default
FF user.js: detected! => C:\Users\nana\AppData\Roaming\Mozilla\Firefox\Profiles\7phujihs.default\user.js
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\nana\AppData\Roaming\Mozilla\Firefox\Profiles\7phujihs.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\nana\AppData\Roaming\Mozilla\Firefox\Profiles\7phujihs.default\Extensions\toolbar@ask.com [2013-01-24]
FF Extension: Hilfe Assistent - C:\Users\nana\AppData\Roaming\Mozilla\Firefox\Profiles\7phujihs.default\Extensions\{3ECB0610-B265-46A4-9BA8-CC4B1B256FAC} [2013-08-03]
FF Extension: Adblock Plus - C:\Users\nana\AppData\Roaming\Mozilla\Firefox\Profiles\7phujihs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-24]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-20] (Avira Operations GmbH & Co. KG)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-26 19:31 - 2014-01-26 19:31 - 00000000 ____D C:\FRST
2014-01-16 21:26 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 21:26 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 21:26 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 21:26 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 21:26 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 21:26 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 21:26 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 21:26 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 21:26 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-28 23:09 - 2013-12-28 23:09 - 00013828 _____ C:\Users\nana\Desktop\Lala.txt
2013-12-28 20:45 - 2014-01-05 21:02 - 00000000 ____D C:\Users\nana\AppData\Roaming\Apple Computer
2013-12-28 20:45 - 2013-12-28 20:45 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-28 20:45 - 2013-12-28 20:45 - 00000000 ____D C:\Users\nana\AppData\Local\Apple Computer
2013-12-28 20:45 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\Program Files\iTunes
2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\Program Files\iPod
2013-12-28 20:43 - 2013-12-28 20:43 - 00000000 ____D C:\Users\nana\AppData\Local\Apple
2013-12-28 20:43 - 2013-12-28 20:43 - 00000000 ____D C:\Program Files\Apple Software Update
2013-12-28 20:42 - 2013-12-28 20:42 - 00000000 ____D C:\Program Files\Bonjour
2013-12-28 20:41 - 2013-12-28 20:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-28 20:41 - 2013-12-28 20:42 - 00000000 ____D C:\ProgramData\Apple
2013-12-28 20:39 - 2013-12-28 20:40 - 98633040 _____ (Apple Inc.) C:\Users\nana\Downloads\iTunesSetup.exe
2013-12-28 20:14 - 2013-12-28 20:32 - 00000000 ____D C:\Users\nana\Desktop\elas
==================== One Month Modified Files and Folders =======
2014-01-26 19:32 - 2013-01-24 00:38 - 01985735 _____ C:\Windows\WindowsUpdate.log
2014-01-26 19:31 - 2014-01-26 19:31 - 00000000 ____D C:\FRST
2014-01-26 19:31 - 2013-01-24 22:38 - 00037390 _____ C:\Windows\setupact.log
2014-01-26 19:28 - 2013-11-30 18:19 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-26 19:27 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-26 13:45 - 2009-07-14 05:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 13:45 - 2009-07-14 05:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 13:43 - 2013-01-24 00:48 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-24 20:33 - 2013-01-24 23:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-18 18:37 - 2009-07-14 05:33 - 00268272 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 22:05 - 2013-07-22 14:55 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 22:03 - 2013-01-24 02:21 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 22:00 - 2013-01-27 18:42 - 00000000 ____D C:\Users\nana\Desktop\foto
2014-01-13 11:34 - 2013-02-11 13:05 - 00000000 ____D C:\Users\nana\AppData\Local\Microsoft Games
2014-01-05 21:02 - 2013-12-28 20:45 - 00000000 ____D C:\Users\nana\AppData\Roaming\Apple Computer
2013-12-28 23:09 - 2013-12-28 23:09 - 00013828 _____ C:\Users\nana\Desktop\Lala.txt
2013-12-28 20:45 - 2013-12-28 20:45 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-28 20:45 - 2013-12-28 20:45 - 00000000 ____D C:\Users\nana\AppData\Local\Apple Computer
2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\Program Files\iTunes
2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\Program Files\iPod
2013-12-28 20:44 - 2013-12-28 20:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-28 20:43 - 2013-12-28 20:43 - 00000000 ____D C:\Users\nana\AppData\Local\Apple
2013-12-28 20:43 - 2013-12-28 20:43 - 00000000 ____D C:\Program Files\Apple Software Update
2013-12-28 20:42 - 2013-12-28 20:42 - 00000000 ____D C:\Program Files\Bonjour
2013-12-28 20:42 - 2013-12-28 20:41 - 00000000 ____D C:\ProgramData\Apple
2013-12-28 20:40 - 2013-12-28 20:39 - 98633040 _____ (Apple Inc.) C:\Users\nana\Downloads\iTunesSetup.exe
2013-12-28 20:32 - 2013-12-28 20:14 - 00000000 ____D C:\Users\nana\Desktop\elas
Some content of TEMP:
====================
C:\Users\nana\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-22 21:49
==================== End Of Log ============================
hier die Additional.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-01-2014 03
Ran by nana at 2014-01-26 19:32:59
Running from E:\XXX\FSRT
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Abenteuer von Luxor (Version: 1.1.0.0 - MumboJumbo)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638 - Adobe Systems, Inc.)
AION Free-to-Play Version 1.0 (Version: 1.0 - Gameforge)
AMD APP SDK Runtime (Version: 10.0.1124.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Angry Birds (Version: 1.5.3 - Rovio)
Angry Birds Space (Version: 1.0.0 - Rovio)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (Version: 1.15.13.0 - Ask.com) <==== ATTENTION
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.3.33021 - Ask.com)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Core Implementation (Version: 2007.0621.1715.28924 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0621.1715.28924 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0621.1715.28924 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0621.1715.28924 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2007.0621.1715.28924 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0621.1715.28924 - ATI) Hidden
CCC Help German (Version: 2007.0621.1714.28924 - ATI) Hidden
ccc-core-static (Version: 2007.0621.1715.28924 - Ihr Firmenname) Hidden
ccc-utility (Version: 2007.0621.1715.28924 - ATI) Hidden
Criminal Minds (Version: 1.0.0.0 - INTENIUM GmbH)
Der Fluch der Werwölfe (Version: 1.0.0.0 - INTENIUM GmbH)
DEUTSCHLAND SPIELT GAME CENTER (Version: 1.0.0.46 - INTENIUM GmbH)
DivX Codec (Version: 6.9.1 - DivX, Inc.)
DivX Converter (Version: 7.1.0 - DivX, Inc.)
DivX Player (Version: 7.2.0 - DivX, Inc.)
EVEREST Home Edition v2.20 (Version: 2.20 - Lavalys Inc)
Gameforge Live 1.0 "Legend" (Version: 1.0.1717 - Gameforge)
Hilfe Assistent (Version: 1.0.0.90 - Deutsche Telekom AG)
HotSpot Manager (Version: 3.10 - )
Inhaltsmanager-Assistent für PlayStation(R) (Version: 2.10.6402.20 - Sony Computer Entertainment Inc.)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
Skins (Version: 2007.0621.1715.28924 - ATI) Hidden
Skype™ 5.0 (Version: 5.0.152 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TuneUp Utilities 2011 (Version: 10.0.2011.48 - TuneUp Software)
TuneUp Utilities 2011 (Version: 10.0.2011.48 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.2011.48 - TuneUp Software) Hidden
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Verbotene Geheimnisse: Alien Town (Version: 1.0.0.0 - INTENIUM GmbH)
WinRAR (Version: - )
==================== Restore Points =========================
16-01-2014 21:03:02 Windows Update
22-01-2014 16:43:22 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {2F40934B-FDA8-4251-A53E-AC5BC9A2A966} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-12-20] ()
Task: {4388EC46-912F-4226-9D6E-7ACAED60F1DB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B1EB630D-D976-4A0B-846F-AE992AB7E282} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-14] (Adobe Systems Incorporated)
Task: {C908444C-6320-4CE6-8E6C-6E16A6FC94A0} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2010-10-26] (TuneUp Software)
Task: {E6536911-7853-4382-8C34-12034F68699D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-09-05] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-01-24 01:59 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/28/2013 10:27:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584
Error: (12/28/2013 10:27:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584
Error: (12/28/2013 10:27:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/06/2013 09:53:55 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005
Error: (12/03/2013 00:38:57 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 6ac
Startzeit: 01cef01af78246ef
Endzeit: 15787
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: 65534eed-5c0f-11e3-b65c-001377645320
Error: (11/08/2013 07:47:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16720, Zeitstempel: 0x523cf127
Name des fehlerhaften Moduls: WININET.dll, Version: 10.0.9200.16720, Zeitstempel: 0x523cf21f
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000069a5
ID des fehlerhaften Prozesses: 0xcb0
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (11/08/2013 07:47:25 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16720, Zeitstempel: 0x523cf127
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0000cd12
ID des fehlerhaften Prozesses: 0x130
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (11/08/2013 07:47:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16720, Zeitstempel: 0x523cf127
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0000cd12
ID des fehlerhaften Prozesses: 0xcdc
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (11/08/2013 07:47:03 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16720, Zeitstempel: 0x523cf127
Name des fehlerhaften Moduls: WININET.dll, Version: 10.0.9200.16720, Zeitstempel: 0x523cf21f
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000069a5
ID des fehlerhaften Prozesses: 0xee4
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (11/03/2013 11:32:56 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 24.0.0.5001, Zeitstempel: 0x522fd29f
Name des fehlerhaften Moduls: xul.dll, Version: 24.0.0.5001, Zeitstempel: 0x522fd1a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001b72a8
ID des fehlerhaften Prozesses: 0x94
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
System errors:
=============
Error: (01/26/2014 01:45:37 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (01/24/2014 09:04:55 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (01/24/2014 09:00:00 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (01/24/2014 08:54:05 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004
Error: (01/24/2014 08:54:05 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004
Error: (01/23/2014 11:12:31 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (01/22/2014 10:16:02 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (01/22/2014 09:56:55 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR5.
Error: (01/22/2014 09:56:54 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR5.
Error: (01/22/2014 09:49:25 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR5.
Microsoft Office Sessions:
=========================
Error: (12/28/2013 10:27:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584
Error: (12/28/2013 10:27:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584
Error: (12/28/2013 10:27:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/06/2013 09:53:55 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Error: (12/03/2013 00:38:57 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.175676ac01cef01af78246ef15787C:\Windows\Explorer.EXE65534eed-5c0f-11e3-b65c-001377645320
Error: (11/08/2013 07:47:34 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.16720523cf127WININET.dll10.0.9200.16720523cf21fc00000fd000069a5cb001cedcb2fb2070f7C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\WININET.dll3a4c370d-48a6-11e3-8696-001377645320
Error: (11/08/2013 07:47:25 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.16720523cf127msvcrt.dll7.0.7601.177444eeaf722c00000fd0000cd1213001cedcb2f46a4a31C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\msvcrt.dll3517b189-48a6-11e3-8696-001377645320
Error: (11/08/2013 07:47:18 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.16720523cf127msvcrt.dll7.0.7601.177444eeaf722c00000fd0000cd12cdc01cedcb2f126c732C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\msvcrt.dll312fef97-48a6-11e3-8696-001377645320
Error: (11/08/2013 07:47:03 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.16720523cf127WININET.dll10.0.9200.16720523cf21fc00000fd000069a5ee401cedcb2e3238d78C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\WININET.dll280e684c-48a6-11e3-8696-001377645320
Error: (11/03/2013 11:32:56 PM) (Source: Application Error)(User: )
Description: firefox.exe24.0.0.5001522fd29fxul.dll24.0.0.5001522fd1a4c0000005001b72a89401ced8c234e2c004C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dlle1ade509-44d7-11e3-aec6-001377645320
==================== Memory info ===========================
Percentage of memory in use: 43%
Total physical RAM: 1790.17 MB
Available physical RAM: 1010.68 MB
Total Pagefile: 3580.34 MB
Available Pagefile: 2384.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.07 MB
==================== Drives ================================
Drive c: (NTFS) (Fixed) (Total:111.79 GB) (Free:7.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:7.46 GB) (Free:5.13 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: CCE881D1)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 092DD34D)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
==================== End Of Log ============================
Gruß Carsten |
|
27.01.2014, 15:45
| #4 |
| /// the machine /// TB-Ausbilder | BSI-Mailcheck positiv, wie den Rechner testen? Rechner ist sauber. Passwort ändern und gut is 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.01.2014, 17:29
| #5 |
| | BSI-Mailcheck positiv, wie den Rechner testen? Hallo Schrauber, vielen Dank für die Info, vielen Dank auch im Namen der Freundin, für die ich das hier mache ;-) Gruß Carsten |
|
28.01.2014, 12:29
| #6 |
| /// the machine /// TB-Ausbilder | BSI-Mailcheck positiv, wie den Rechner testen? Gern Geschehen
__________________ --> BSI-Mailcheck positiv, wie den Rechner testen? |
|
| Themen zu BSI-Mailcheck positiv, wie den Rechner testen? |
| arten, bearbeiten, bereits, desinfec't, ergebnis, freundin, gespeichert, hoffe, kennwörter, natürlich, parallel, rechner, starte, starten, system, teste, testen, vermeide, windows, windows e, wörter, ändert |
Linear-Darstellung
