Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   BSI-Mailcheck positiv, wie den Rechner testen? (https://www.trojaner-board.de/148688-bsi-mailcheck-positiv-rechner-testen.html)

cardisch 26.01.2014 14:32

BSI-Mailcheck positiv, wie den Rechner testen?
 
Hi@all,

eine Freundin ist beim BSI-Mailcheck "durchgefallen",
Sie ändert natürlich alle Kennwörter und "passt" hoffentlich bei Ungereimtheiten zukünftig auf.
Ich habe bereits ne DesinfeC't über das System gejagt, Ergebnis hatte ich nicht gespeichert (sorry), war aber unauffällig.
Kann ich unter Windows etwas testen/einrichten, etc. um das Ergebnis zu stützen.
Neuinstallation ist möglich, aber wenn es sich vermeiden läßt, dann spare ich mir das gerne..

Danke für Tipps.

Carsten
PS: Ich lasse gleich noch einmal die DesinfeC't starten (ich schreibe auch gerade darüber), da ich noch einen Datenrettungsversuch parallel bearbeiten will..

schrauber 26.01.2014 17:01

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


cardisch 26.01.2014 19:39

Hallo Schrauber,

zunächst vielen Dank für deine Hilfe, es folgen die Log´s

FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-01-2014 03
Ran by nana (administrator) on NANA-PC on 26-01-2014 19:32:03
Running from E:\XXX\FSRT
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
 The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums
 ==================== Processes (Whitelisted) ===================
 (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Hilfe Assistent\Hilfe_Assistent.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sony Computer Entertainment Inc.) C:\Program Files\Sony\Content Manager Assistant\CMA.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Sony Computer Entertainment Inc.) C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe
(T-Systems Enterprise Services GmbH) C:\Program Files\HotSpot Manager\HotSpotMgr.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(T-Systems Enterprise Services GmbH) C:\Program Files\Common Files\T-Com\HotspotMgr\HotSpotFSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
 
==================== Registry (Whitelisted) ==================
 HKLM\...\Run: [] - [x]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Hilfe Assistent] - C:\Program Files\Hilfe Assistent\Hilfe_Assistent.exe [17299264 2013-05-24] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKCU\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
MountPoints2: {4b2540c0-fc83-11e2-8672-001377645320} - E:\CMADownloader.exe
Startup: C:\Users\nana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSpot Manager.lnk
ShortcutTarget: HotSpot Manager.lnk -> C:\Program Files\HotSpot Manager\HotSpotMgr.exe (T-Systems Enterprise Services GmbH)
 ==================== Internet (Whitelisted) ====================
 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9956AE5E6704CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKCU - {08D8F5F2-A780-4659-BB52-E5DD969990D6} URL = {searchTerms} - Avira Search Free powered by Ask.com
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 FireFox:
========
FF ProfilePath: C:\Users\nana\AppData\Roaming\Mozilla\Firefox\Profiles\7phujihs.default
FF user.js: detected! => C:\Users\nana\AppData\Roaming\Mozilla\Firefox\Profiles\7phujihs.default\user.js
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\nana\AppData\Roaming\Mozilla\Firefox\Profiles\7phujihs.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\nana\AppData\Roaming\Mozilla\Firefox\Profiles\7phujihs.default\Extensions\toolbar@ask.com [2013-01-24]
FF Extension: Hilfe Assistent - C:\Users\nana\AppData\Roaming\Mozilla\Firefox\Profiles\7phujihs.default\Extensions\{3ECB0610-B265-46A4-9BA8-CC4B1B256FAC} [2013-08-03]
FF Extension: Adblock Plus - C:\Users\nana\AppData\Roaming\Mozilla\Firefox\Profiles\7phujihs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-24]
 ========================== Services (Whitelisted) =================
 R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-20] (Avira Operations GmbH & Co. KG)
 ==================== Drivers (Whitelisted) ====================
 R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 ==================== NetSvcs (Whitelisted) ===================
 
==================== One Month Created Files and Folders ========
 2014-01-26 19:31 - 2014-01-26 19:31 - 00000000 ____D C:\FRST
2014-01-16 21:26 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 21:26 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 21:26 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 21:26 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 21:26 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 21:26 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 21:26 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 21:26 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 21:26 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-28 23:09 - 2013-12-28 23:09 - 00013828 _____ C:\Users\nana\Desktop\Lala.txt
2013-12-28 20:45 - 2014-01-05 21:02 - 00000000 ____D C:\Users\nana\AppData\Roaming\Apple Computer
2013-12-28 20:45 - 2013-12-28 20:45 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-28 20:45 - 2013-12-28 20:45 - 00000000 ____D C:\Users\nana\AppData\Local\Apple Computer
2013-12-28 20:45 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\Program Files\iTunes
2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\Program Files\iPod
2013-12-28 20:43 - 2013-12-28 20:43 - 00000000 ____D C:\Users\nana\AppData\Local\Apple
2013-12-28 20:43 - 2013-12-28 20:43 - 00000000 ____D C:\Program Files\Apple Software Update
2013-12-28 20:42 - 2013-12-28 20:42 - 00000000 ____D C:\Program Files\Bonjour
2013-12-28 20:41 - 2013-12-28 20:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-28 20:41 - 2013-12-28 20:42 - 00000000 ____D C:\ProgramData\Apple
2013-12-28 20:39 - 2013-12-28 20:40 - 98633040 _____ (Apple Inc.) C:\Users\nana\Downloads\iTunesSetup.exe
2013-12-28 20:14 - 2013-12-28 20:32 - 00000000 ____D C:\Users\nana\Desktop\elas
 ==================== One Month Modified Files and Folders =======
 2014-01-26 19:32 - 2013-01-24 00:38 - 01985735 _____ C:\Windows\WindowsUpdate.log
2014-01-26 19:31 - 2014-01-26 19:31 - 00000000 ____D C:\FRST
2014-01-26 19:31 - 2013-01-24 22:38 - 00037390 _____ C:\Windows\setupact.log
2014-01-26 19:28 - 2013-11-30 18:19 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-26 19:27 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-26 13:45 - 2009-07-14 05:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 13:45 - 2009-07-14 05:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 13:43 - 2013-01-24 00:48 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-24 20:33 - 2013-01-24 23:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-18 18:37 - 2009-07-14 05:33 - 00268272 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 22:05 - 2013-07-22 14:55 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 22:03 - 2013-01-24 02:21 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 22:00 - 2013-01-27 18:42 - 00000000 ____D C:\Users\nana\Desktop\foto
2014-01-13 11:34 - 2013-02-11 13:05 - 00000000 ____D C:\Users\nana\AppData\Local\Microsoft Games
2014-01-05 21:02 - 2013-12-28 20:45 - 00000000 ____D C:\Users\nana\AppData\Roaming\Apple Computer
2013-12-28 23:09 - 2013-12-28 23:09 - 00013828 _____ C:\Users\nana\Desktop\Lala.txt
2013-12-28 20:45 - 2013-12-28 20:45 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-28 20:45 - 2013-12-28 20:45 - 00000000 ____D C:\Users\nana\AppData\Local\Apple Computer
2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\Program Files\iTunes
2013-12-28 20:44 - 2013-12-28 20:44 - 00000000 ____D C:\Program Files\iPod
2013-12-28 20:44 - 2013-12-28 20:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-28 20:43 - 2013-12-28 20:43 - 00000000 ____D C:\Users\nana\AppData\Local\Apple
2013-12-28 20:43 - 2013-12-28 20:43 - 00000000 ____D C:\Program Files\Apple Software Update
2013-12-28 20:42 - 2013-12-28 20:42 - 00000000 ____D C:\Program Files\Bonjour
2013-12-28 20:42 - 2013-12-28 20:41 - 00000000 ____D C:\ProgramData\Apple
2013-12-28 20:40 - 2013-12-28 20:39 - 98633040 _____ (Apple Inc.) C:\Users\nana\Downloads\iTunesSetup.exe
2013-12-28 20:32 - 2013-12-28 20:14 - 00000000 ____D C:\Users\nana\Desktop\elas
 Some content of TEMP:
====================
C:\Users\nana\AppData\Local\Temp\avgnt.exe
 
==================== Bamital & volsnap Check =================
 C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
LastRegBack: 2014-01-22 21:49
 ==================== End Of Log ============================

--- --- ---


hier die Additional.txt
Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-01-2014 03
Ran by nana at 2014-01-26 19:32:59
Running from E:\XXX\FSRT
Boot Mode: Normal
==========================================================
 
==================== Security Center ========================
 AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 ==================== Installed Programs ======================
 Abenteuer von Luxor (Version: 1.1.0.0 - MumboJumbo)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638 - Adobe Systems, Inc.)
AION Free-to-Play Version 1.0 (Version: 1.0 - Gameforge)
AMD APP SDK Runtime (Version: 10.0.1124.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Angry Birds (Version: 1.5.3 - Rovio)
Angry Birds Space (Version: 1.0.0 - Rovio)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (Version: 1.15.13.0 - Ask.com) <==== ATTENTION
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.3.33021 - Ask.com)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Core Implementation (Version: 2007.0621.1715.28924 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0621.1715.28924 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0621.1715.28924 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0621.1715.28924 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2007.0621.1715.28924 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0621.1715.28924 - ATI) Hidden
CCC Help German (Version: 2007.0621.1714.28924 - ATI) Hidden
ccc-core-static (Version: 2007.0621.1715.28924 - Ihr Firmenname) Hidden
ccc-utility (Version: 2007.0621.1715.28924 - ATI) Hidden
Criminal Minds (Version: 1.0.0.0 - INTENIUM GmbH)
Der Fluch der Werwölfe (Version: 1.0.0.0 - INTENIUM GmbH)
DEUTSCHLAND SPIELT GAME CENTER (Version: 1.0.0.46 - INTENIUM GmbH)
DivX Codec (Version: 6.9.1 - DivX, Inc.)
DivX Converter (Version: 7.1.0 - DivX, Inc.)
DivX Player (Version: 7.2.0 - DivX, Inc.)
EVEREST Home Edition v2.20 (Version: 2.20 - Lavalys Inc)
Gameforge Live 1.0 "Legend" (Version: 1.0.1717 - Gameforge)
Hilfe Assistent (Version: 1.0.0.90 - Deutsche Telekom AG)
HotSpot Manager (Version: 3.10 - )
Inhaltsmanager-Assistent für PlayStation(R) (Version: 2.10.6402.20 - Sony Computer Entertainment Inc.)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
Skins (Version: 2007.0621.1715.28924 - ATI) Hidden
Skype™ 5.0 (Version: 5.0.152 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TuneUp Utilities 2011 (Version: 10.0.2011.48 - TuneUp Software)
TuneUp Utilities 2011 (Version: 10.0.2011.48 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.2011.48 - TuneUp Software) Hidden
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Verbotene Geheimnisse: Alien Town (Version: 1.0.0.0 - INTENIUM GmbH)
WinRAR (Version:  - )
 ==================== Restore Points  =========================
 16-01-2014 21:03:02 Windows Update
22-01-2014 16:43:22 Windows Update
 ==================== Hosts content: ==========================
 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 ==================== Scheduled Tasks (whitelisted) =============
 Task: {2F40934B-FDA8-4251-A53E-AC5BC9A2A966} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-12-20] ()
Task: {4388EC46-912F-4226-9D6E-7ACAED60F1DB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B1EB630D-D976-4A0B-846F-AE992AB7E282} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-14] (Adobe Systems Incorporated)
Task: {C908444C-6320-4CE6-8E6C-6E16A6FC94A0} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2010-10-26] (TuneUp Software)
Task: {E6536911-7853-4382-8C34-12034F68699D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-09-05] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 ==================== Loaded Modules (whitelisted) =============
 2013-01-24 01:59 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
 ==================== Alternate Data Streams (whitelisted) =========
 
==================== Safe Mode (whitelisted) ===================
 
==================== Faulty Device Manager Devices =============
 
==================== Event log errors: =========================
 Application errors:
==================
Error: (12/28/2013 10:27:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584
 Error: (12/28/2013 10:27:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584
 Error: (12/28/2013 10:27:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 Error: (12/06/2013 09:53:55 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005
 Error: (12/03/2013 00:38:57 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 Prozess-ID: 6ac
 Startzeit: 01cef01af78246ef
 Endzeit: 15787
 Anwendungspfad: C:\Windows\Explorer.EXE
 Berichts-ID: 65534eed-5c0f-11e3-b65c-001377645320
 Error: (11/08/2013 07:47:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16720, Zeitstempel: 0x523cf127
Name des fehlerhaften Moduls: WININET.dll, Version: 10.0.9200.16720, Zeitstempel: 0x523cf21f
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000069a5
ID des fehlerhaften Prozesses: 0xcb0
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
 Error: (11/08/2013 07:47:25 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16720, Zeitstempel: 0x523cf127
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0000cd12
ID des fehlerhaften Prozesses: 0x130
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
 Error: (11/08/2013 07:47:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16720, Zeitstempel: 0x523cf127
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0000cd12
ID des fehlerhaften Prozesses: 0xcdc
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
 Error: (11/08/2013 07:47:03 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16720, Zeitstempel: 0x523cf127
Name des fehlerhaften Moduls: WININET.dll, Version: 10.0.9200.16720, Zeitstempel: 0x523cf21f
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000069a5
ID des fehlerhaften Prozesses: 0xee4
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
 Error: (11/03/2013 11:32:56 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 24.0.0.5001, Zeitstempel: 0x522fd29f
Name des fehlerhaften Moduls: xul.dll, Version: 24.0.0.5001, Zeitstempel: 0x522fd1a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001b72a8
ID des fehlerhaften Prozesses: 0x94
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
 
System errors:
=============
Error: (01/26/2014 01:45:37 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 Error: (01/24/2014 09:04:55 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 Error: (01/24/2014 09:00:00 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 Error: (01/24/2014 08:54:05 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004
 Error: (01/24/2014 08:54:05 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004
 Error: (01/23/2014 11:12:31 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 Error: (01/22/2014 10:16:02 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 Error: (01/22/2014 09:56:55 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR5.
 Error: (01/22/2014 09:56:54 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR5.
 Error: (01/22/2014 09:49:25 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR5.
 
Microsoft Office Sessions:
=========================
Error: (12/28/2013 10:27:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584
 Error: (12/28/2013 10:27:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584
 Error: (12/28/2013 10:27:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 Error: (12/06/2013 09:53:55 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 Error: (12/03/2013 00:38:57 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.175676ac01cef01af78246ef15787C:\Windows\Explorer.EXE65534eed-5c0f-11e3-b65c-001377645320
 Error: (11/08/2013 07:47:34 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.16720523cf127WININET.dll10.0.9200.16720523cf21fc00000fd000069a5cb001cedcb2fb2070f7C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\WININET.dll3a4c370d-48a6-11e3-8696-001377645320
 Error: (11/08/2013 07:47:25 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.16720523cf127msvcrt.dll7.0.7601.177444eeaf722c00000fd0000cd1213001cedcb2f46a4a31C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\msvcrt.dll3517b189-48a6-11e3-8696-001377645320
 Error: (11/08/2013 07:47:18 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.16720523cf127msvcrt.dll7.0.7601.177444eeaf722c00000fd0000cd12cdc01cedcb2f126c732C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\msvcrt.dll312fef97-48a6-11e3-8696-001377645320
 Error: (11/08/2013 07:47:03 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.16720523cf127WININET.dll10.0.9200.16720523cf21fc00000fd000069a5ee401cedcb2e3238d78C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\WININET.dll280e684c-48a6-11e3-8696-001377645320
 Error: (11/03/2013 11:32:56 PM) (Source: Application Error)(User: )
Description: firefox.exe24.0.0.5001522fd29fxul.dll24.0.0.5001522fd1a4c0000005001b72a89401ced8c234e2c004C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dlle1ade509-44d7-11e3-aec6-001377645320
 
==================== Memory info ===========================
 Percentage of memory in use: 43%
Total physical RAM: 1790.17 MB
Available physical RAM: 1010.68 MB
Total Pagefile: 3580.34 MB
Available Pagefile: 2384.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.07 MB
 ==================== Drives ================================
 Drive c: (NTFS) (Fixed) (Total:111.79 GB) (Free:7.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:7.46 GB) (Free:5.13 GB) FAT32
 ==================== MBR & Partition Table ==================
 ========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: CCE881D1)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)
 ========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 092DD34D)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
 ==================== End Of Log ============================

Gestartet hatte ich von einem USB-Stick, ich hoffe, dass das kein Problem ist.

Gruß

Carsten

schrauber 27.01.2014 15:45

Rechner ist sauber. Passwort ändern und gut is :)

cardisch 27.01.2014 17:29

Hallo Schrauber,

vielen Dank für die Info, vielen Dank auch im Namen der Freundin, für die ich das hier mache ;-)

Gruß

Carsten

schrauber 28.01.2014 12:29

Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131