| |
| |||||||
Log-Analyse und Auswertung: WEB.DE postfach empfängt komische Mails in minuten tacktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
15.03.2013, 19:45
| #1 |
| |  WEB.DE postfach empfängt komische Mails in minuten tackt Bekomme auf meine E-Mail adresse lauter komische Mails: Hallo noch mal. Die meldung unter anderen bekomme ich: Mail delivery failed: returning message to sender Danke |
|
17.03.2013, 10:38
| #2 |
| /// Helfer-Team  | WEB.DE postfach empfängt komische Mails in minuten tackt Der Ganze Mail-Quelltext waere interessanter! Downloade Dir bitte  Malwarebytes Anti-Malware
dann: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
|
17.03.2013, 16:45
| #3 |
| | WEB.DE postfach empfängt komische Mails in minuten tackt Hallo,
__________________danke für ihre schnelle antwort hier sind die logs: mbam: Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.17.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sergej :: SERGEJ-PC [Administrator] Schutz: Aktiviert 17.03.2013 16:27:25 mbam-log-2013-03-17 (16-27-25).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 206117 Laufzeit: 2 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.03.2013 16:31:43 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sergej\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 48,93% Memory free 7,98 Gb Paging File | 4,52 Gb Available in Paging File | 56,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 50,13 Gb Total Space | 12,17 Gb Free Space | 24,27% Space Free | Partition Type: NTFS Drive D: | 22,00 Gb Total Space | 19,40 Gb Free Space | 88,17% Space Free | Partition Type: NTFS Drive E: | 292,97 Gb Total Space | 134,06 Gb Free Space | 45,76% Space Free | Partition Type: NTFS Drive F: | 97,66 Gb Total Space | 61,31 Gb Free Space | 62,78% Space Free | Partition Type: NTFS Drive G: | 51,42 Gb Total Space | 45,09 Gb Free Space | 87,69% Space Free | Partition Type: NTFS Drive H: | 101,06 Gb Total Space | 44,46 Gb Free Space | 44,00% Space Free | Partition Type: NTFS Drive I: | 80,40 Gb Total Space | 63,09 Gb Free Space | 78,47% Space Free | Partition Type: NTFS Drive L: | 29,30 Gb Total Space | 5,55 Gb Free Space | 18,93% Space Free | Partition Type: NTFS Drive M: | 102,93 Gb Total Space | 80,66 Gb Free Space | 78,37% Space Free | Partition Type: NTFS Drive N: | 103,65 Gb Total Space | 10,65 Gb Free Space | 10,28% Space Free | Partition Type: NTFS Computer Name: SERGEJ-PC | User Name: Sergej | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sergej\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - d:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Users\Sergej\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe () PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO) PRC - D:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () PRC - F:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll () MOD - D:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (TomTomHOMEService) -- d:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (StumbleUponUpdater) -- C:\Users\Sergej\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe () SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO) SRV - (AdobeActiveFileMonitor9.0) -- F:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2478458581-631666224-3900340172-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.odnoklassniki.ru/ IE - HKU\S-1-5-21-2478458581-631666224-3900340172-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2478458581-631666224-3900340172-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2478458581-631666224-3900340172-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 83 B4 CF 07 4D CC 01 [binary data] IE - HKU\S-1-5-21-2478458581-631666224-3900340172-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2478458581-631666224-3900340172-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2478458581-631666224-3900340172-1001\..\SearchScopes\{190BDC39-2666-429A-BCA3-28330C52CD41}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-2478458581-631666224-3900340172-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: f:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sergej\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.17 09:54:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.11 17:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sergej\AppData\Roaming\mozilla\Extensions [2012.05.11 17:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sergej\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.03.17 09:54:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\Sergej\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found. O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [KeePass 2 PreLoad] d:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2478458581-631666224-3900340172-1001..\Run: [] File not found O4 - HKU\S-1-5-21-2478458581-631666224-3900340172-1001..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKU\S-1-5-21-2478458581-631666224-3900340172-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82122076-68DC-44AC-81EB-020BF217375B}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.17 16:26:38 | 000,000,000 | ---D | C] -- C:\Users\Sergej\AppData\Roaming\Malwarebytes [2013.03.17 16:26:25 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.17 16:26:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.17 16:25:35 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sergej\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.17 16:25:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sergej\Desktop\OTL.exe [2013.03.17 09:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.03.17 09:54:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.03.17 09:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.16 08:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.03.16 08:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.03.16 08:25:40 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.03.16 08:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.03.15 19:17:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.15 09:37:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.15 09:37:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.15 09:37:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.15 09:37:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.15 09:37:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.15 09:37:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.15 09:37:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.15 09:37:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.15 09:37:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.15 09:37:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.15 09:37:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.15 09:37:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.15 09:37:01 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.15 09:37:01 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.15 09:37:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.09 20:44:27 | 000,000,000 | ---D | C] -- C:\Users\Sergej\Desktop\Neuer Ordner (3) [2013.03.05 11:24:50 | 000,000,000 | ---D | C] -- C:\Users\Sergej\Documents\Nokia Suite [2013.03.01 18:55:55 | 000,000,000 | ---D | C] -- C:\Users\Sergej\AppData\Roaming\dpdhl.versandhelfer [2013.03.01 18:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Versandhelfer [2013.02.26 15:41:18 | 000,000,000 | ---D | C] -- C:\Users\Sergej\AppData\Local\Programs [2013.02.23 13:04:46 | 000,000,000 | ---D | C] -- C:\Users\Sergej\Desktop\Neuer Ordner (2) [2013.02.16 12:19:20 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll ========== Files - Modified Within 30 Days ========== [2013.03.17 16:26:27 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.17 16:25:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sergej\Desktop\OTL.exe [2013.03.17 16:24:48 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sergej\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.17 16:15:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.17 15:51:37 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.17 15:51:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.17 09:54:42 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.17 09:53:25 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.17 09:53:25 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.17 09:44:57 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys [2013.03.16 22:33:27 | 000,004,750 | ---- | M] () -- C:\Users\Sergej\Documents\NeueDatenbank.kdbx [2013.03.16 08:25:44 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.03.09 22:11:37 | 001,621,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.09 22:11:37 | 000,699,448 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.09 22:11:37 | 000,654,766 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.09 22:11:37 | 000,149,342 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.09 22:11:37 | 000,122,296 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.07 07:44:10 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.07 07:44:10 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.01 18:55:47 | 000,000,697 | ---- | M] () -- C:\Users\Public\Desktop\Versandhelfer.lnk [2013.02.26 15:41:46 | 000,000,801 | ---- | M] () -- C:\Users\Sergej\Desktop\KeePass 2.lnk ========== Files Created - No Company Name ========== [2013.03.17 16:26:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.17 09:54:42 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.17 09:54:42 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.16 08:25:44 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.03.16 08:25:44 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.03.01 18:55:47 | 000,000,697 | ---- | C] () -- C:\Users\Public\Desktop\Versandhelfer.lnk [2012.11.10 13:20:25 | 000,003,584 | ---- | C] () -- C:\Users\Sergej\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.10 13:16:11 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.03.11 19:12:10 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.12.29 09:56:46 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ4809N.DAT [2011.12.13 08:23:02 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{12D1BF88-5F53-45C4-9810-23E6E6AF3BDD} [2011.12.11 09:57:48 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{4FE283CB-B263-4B48-99DB-5E78FAA3A053} [2011.12.05 09:42:57 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{9334FC10-EBAE-48B4-A30B-2185318066CC} [2011.11.16 13:25:32 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{6C70CCF5-FDF6-4160-B3F9-3A0EF5797E21} [2011.11.02 09:37:17 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{6AC58822-EBD3-4AFF-808A-6217EB78650D} [2011.11.01 14:55:42 | 000,007,606 | ---- | C] () -- C:\Users\Sergej\AppData\Local\Resmon.ResmonCfg [2011.10.29 10:42:55 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{8B042D4E-D254-4C97-8FAB-3E0D154FC27D} [2011.10.27 12:55:19 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{FEE033B8-F995-49F8-B61A-46E74334781F} [2011.10.14 09:04:54 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{079EDA4D-CA7A-47B3-B4CA-CC8AB0F5B5A8} [2011.10.10 08:27:31 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{CFDFCF94-D40F-4CED-B6AE-9EC830560354} [2011.10.08 08:40:12 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{6051F641-EBF6-495B-BDBC-C715FD7F8CF0} [2011.10.07 10:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{97DBFA23-3CCA-4414-9C09-65085F859157} [2011.10.03 13:28:54 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{B1699955-7639-49DF-9E88-8BDEE90F1370} [2011.09.28 08:30:09 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{B2B36168-60A0-4EBD-ACC3-C69D3AAE8ABE} [2011.09.23 15:43:23 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{AA92B697-4F08-401F-9893-258362CA1BF1} [2011.09.14 08:20:31 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{CAF8E63F-7266-4D70-84B3-98C27E0305ED} [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.09 07:18:08 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{694DFD8C-1CDD-4E1F-8DFF-3E5473192FE9} [2011.09.05 07:06:21 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{0BCE0335-102E-4A20-9917-4B3788A5E43C} [2011.09.01 14:06:08 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{57B12BAA-928A-47C5-B674-530DC4D0D486} [2011.08.23 08:01:23 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{822F21E8-C01A-4110-8FF1-17267CC3F298} [2011.08.21 19:47:55 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{D27DED4A-CA6C-4C86-ACA1-4CE938A7BC60} [2011.06.27 09:55:25 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2011.06.27 09:55:01 | 001,598,118 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.27 08:32:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.06.27 08:23:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.06.27 08:23:43 | 000,023,034 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:58DD92AC < End of report > OTL2:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.03.2013 16:31:43 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sergej\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 48,93% Memory free
7,98 Gb Paging File | 4,52 Gb Available in Paging File | 56,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50,13 Gb Total Space | 12,17 Gb Free Space | 24,27% Space Free | Partition Type: NTFS
Drive D: | 22,00 Gb Total Space | 19,40 Gb Free Space | 88,17% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 134,06 Gb Free Space | 45,76% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 61,31 Gb Free Space | 62,78% Space Free | Partition Type: NTFS
Drive G: | 51,42 Gb Total Space | 45,09 Gb Free Space | 87,69% Space Free | Partition Type: NTFS
Drive H: | 101,06 Gb Total Space | 44,46 Gb Free Space | 44,00% Space Free | Partition Type: NTFS
Drive I: | 80,40 Gb Total Space | 63,09 Gb Free Space | 78,47% Space Free | Partition Type: NTFS
Drive L: | 29,30 Gb Total Space | 5,55 Gb Free Space | 18,93% Space Free | Partition Type: NTFS
Drive M: | 102,93 Gb Total Space | 80,66 Gb Free Space | 78,37% Space Free | Partition Type: NTFS
Drive N: | 103,65 Gb Total Space | 10,65 Gb Free Space | 10,28% Space Free | Partition Type: NTFS
Computer Name: SERGEJ-PC | User Name: Sergej | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2478458581-631666224-3900340172-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C904B7-8FEE-48BD-9AFD-F09A1C587839}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{1F8E3301-7BF8-4BDF-8F1B-1E15775C38D0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{322FF288-C866-429D-91B3-0428096C8481}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F4CAF37-F22C-4EB8-80BA-BF7002F93915}" = rport=137 | protocol=17 | dir=out | app=system |
"{5033492E-8981-4939-91DC-BCC5F5380049}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{55C42373-9B5D-4573-B026-D7EE90CA3DB4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6133E04C-8684-444D-9FE2-A84B094CF787}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7932ED69-A70F-4C3F-B8F0-5B62E5683103}" = rport=10243 | protocol=6 | dir=out | app=system |
"{80165F98-AE2C-4D0B-AF4B-F4E4D4BC9F27}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8346070F-1C3B-4AEA-B8DC-8E078A6BBC5F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{835D276F-DC5F-43D2-B3BA-90DBE682AF1F}" = rport=138 | protocol=17 | dir=out | app=system |
"{8E303108-F8CE-452C-9534-F6E4EE1AFFA1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96BC77B2-A36A-46E8-89A3-CCAF753E0DC8}" = lport=445 | protocol=6 | dir=in | app=system |
"{ABF8D9CB-8D23-43DE-BF28-2F68A6BB934F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B2C38F6F-7AB8-4A25-8F26-4C1412E68FF5}" = lport=137 | protocol=17 | dir=in | app=system |
"{B407299B-EEE3-4D0D-BB22-0E3E04831568}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B927D660-C4D1-4DC4-B90B-792C17D8392F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB8E667F-C117-48DF-862C-688D12A29324}" = rport=445 | protocol=6 | dir=out | app=system |
"{DB5A1E80-BB12-4763-BBF7-52477282B638}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD59ABAA-D18A-4392-B257-6B5CB45ABDD2}" = lport=138 | protocol=17 | dir=in | app=system |
"{F570CBC4-0520-4469-B724-2EEBC93C5D02}" = rport=139 | protocol=6 | dir=out | app=system |
"{FABD6026-0243-4663-B571-E00AD1FC9BAF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FAC7AAB3-B61D-49A1-8FE4-F65AE5A482F3}" = lport=139 | protocol=6 | dir=in | app=system |
"{FE944BE6-05A2-462F-8A04-EE0FD592F5AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1253D79E-1463-46CE-9E77-A30206979479}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{13A63249-0878-4904-BB96-EC31E1673334}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1DE0939F-AF04-48E1-A9B7-FC0C735233CB}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{20CFC1D4-9021-486D-B224-CB442720F89B}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{2399D092-DCFB-49DB-B88A-13B4E6749E9F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A2461F8-59B4-4202-A874-9ADAC131B956}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{3B25B6F4-B0AD-4720-9DBE-38173851AA1B}" = protocol=6 | dir=out | app=system |
"{441F0C33-34D1-4E03-A4A7-8029C04FE6F0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{442879AB-6B38-496F-82D5-4C28D0A20F3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{49E21A44-3B6A-49D8-84D1-80CA0CDA8271}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{4D6369DA-B777-41C0-A83C-C6105E7335F9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{54CDD56A-2541-4127-AEC6-41FC287FABD7}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{5C44939B-E55F-4657-862E-DA75B7E30C55}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{74C8D67F-CB0A-40D3-AD07-1B9736CC5F99}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{771DCE93-04CB-4C82-94D7-D116AE6235D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7721093C-AE68-43D8-838C-83FC850B59E7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7809DE46-AD37-4F61-BFFC-5E2B2A64ABEA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7B8A8A16-B553-40D8-9C35-45A52965DDC0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7C6BE15B-8A29-4C2B-96DB-BB94D0FBD7FA}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{7F6DB9E5-C173-4976-826B-D0267C3A7C5A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F5B95B8-6D02-44FD-9FF7-63F3AA4384AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91F7CB38-A261-48CC-BB87-0C7F0CDEA22C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1C50D16-2820-4B1F-A1C4-40091440C845}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{AFBF2E2D-DE75-407C-AF3A-FFFCFBE3D571}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C3480665-98F8-4633-880B-713C89412107}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C4610A7B-AB6D-40B2-A3D7-ECD7EEDA34AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CDD7EF4D-990B-4885-BA4E-1D4EF52AB69C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D15ECF95-F8A4-462A-880F-6EBBA0B3991C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809" = CanoScan LiDE 210 Scanner Driver
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00F68F89-FC69-CA21-EC2C-0BF8BAC84CE8}" = Versandhelfer
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8973631B-D3CE-4F74-8A72-F734D928B940}" = DVRManager
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{986A654F-F1E4-11DD-9FCA-005056C00008}" = Paragon Partition Manager™ 11 Personal
"{986EABFC-92F6-CECD-9E5A-B13CAC40BB1D}" = WPTx64
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{a3717ca4-b44e-422d-8268-ee4dabb332fd}" = Windows Software Development Kit
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5D42D71-4036-5F88-5085-657C9DF9F1DD}" = WPT Redistributables
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C0CA68BF-2963-4139-8207-1E83038F86F8}" = Nero BurningROM 12
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D4F102C5-EEA1-CAE1-8E67-1A7FCE27F673}" = Windows Software Development Kit EULA
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}" = Kits Configuration Installer
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon iP3600 series Benutzerregistrierung" = Canon iP3600 series Benutzerregistrierung
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CL-Eye Driver" = CL-Eye Driver
"dpdhl.versandhelfer" = Versandhelfer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"ESN Sonar-0.70.4" = ESN Sonar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.21
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Nokia Suite" = Nokia Suite
"PS3 Media Server" = PS3 Media Server
"TomTom HOME" = TomTom HOME 2.8.3.2499
"WinDjView" = WinDjView 1.0.3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2478458581-631666224-3900340172-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.10.2012 03:14:55 | Computer Name = Sergej-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 30.10.2012 03:14:55 | Computer Name = Sergej-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 03.11.2012 08:04:11 | Computer Name = Sergej-PC | Source = Application Hang | ID = 1002
Description = Programm StellarPhoenixPhotoRecovery.exe, Version 0.0.0.0 kann nicht
mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: ab8 Startzeit: 01cdb9b7a0ba8345 Endzeit: 16 Anwendungspfad:
D:\Program Files (x86)\Stellar Phoenix Photo Recovery\StellarPhoenixPhotoRecovery.exe
Berichts-ID:
68ea80e0-25ae-11e2-9acd-00158315a310
Error - 03.11.2012 08:14:41 | Computer Name = Sergej-PC | Source = Application Hang | ID = 1002
Description = Programm StellarPhoenixPhotoRecovery.exe, Version 0.0.0.0 kann nicht
mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1338 Startzeit: 01cdb9bb59cd0c63 Endzeit: 16 Anwendungspfad:
D:\Program Files (x86)\Stellar Phoenix Photo Recovery\StellarPhoenixPhotoRecovery.exe
Berichts-ID:
f63f28e0-25af-11e2-9acd-00158315a310
Error - 03.11.2012 08:40:50 | Computer Name = Sergej-PC | Source = Application Hang | ID = 1002
Description = Programm Filerecovery.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1338 Startzeit:
01cdb9bce6d3b372 Endzeit: 0 Anwendungspfad: D:\Program Files (x86)\Convar\PC Inspector
File Recovery\Filerecovery.exe Berichts-ID: a952b4cb-25b3-11e2-9acd-00158315a310
Error - 09.11.2012 10:14:52 | Computer Name = Sergej-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 82c Startzeit:
01cdbe83f9214ef3 Endzeit: 16 Anwendungspfad: D:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
bff3f3ee-2a77-11e2-937a-00158315a310
Error - 10.11.2012 15:54:16 | Computer Name = Sergej-PC | Source = VSS | ID = 13
Description =
Error - 10.11.2012 15:54:16 | Computer Name = Sergej-PC | Source = VSS | ID = 8193
Description =
Error - 23.11.2012 15:30:38 | Computer Name = Sergej-PC | Source = VSS | ID = 13
Description =
Error - 23.11.2012 15:30:38 | Computer Name = Sergej-PC | Source = VSS | ID = 8193
Description =
[ Spybot - Search and Destroy Events ]
Error - 16.03.2013 04:02:56 | Computer Name = Sergej-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 25.02.2013 10:02:18 | Computer Name = Sergej-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?02.?2013 um 22:31:56 unerwartet heruntergefahren.
Error - 03.03.2013 17:49:58 | Computer Name = Sergej-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 07.03.2013 02:35:07 | Computer Name = Sergej-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?03.?2013 um 23:46:22 unerwartet heruntergefahren.
Error - 07.03.2013 02:38:34 | Computer Name = Sergej-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 09.03.2013 17:08:41 | Computer Name = Sergej-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 09.03.2013 17:08:43 | Computer Name = Sergej-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 10.03.2013 09:20:30 | Computer Name = Sergej-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?03.?2013 um 22:52:36 unerwartet heruntergefahren.
Error - 14.03.2013 06:07:58 | Computer Name = Sergej-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 16.03.2013 03:19:56 | Computer Name = Sergej-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?03.?2013 um 23:26:05 unerwartet heruntergefahren.
Error - 17.03.2013 04:07:10 | Computer Name = Sergej-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?03.?2013 um 22:33:33 unerwartet heruntergefahren.
< End of report >
Ich habe aber schon mit Kaspersky und mit SpyBot gescannt und eine Datei Java irgendwass gefunden und noch Passwort bei Web.de geendert. Jetzt ist besser geworden. |
|
17.03.2013, 20:44
| #4 |
| /// Helfer-Team | WEB.DE postfach empfängt komische Mails in minuten tackt Vielleicht hattest du ein zu leichtes Passwort gesetzt. Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: Downloade Dir bitte  SecurityCheck und:
|
|
17.03.2013, 23:10
| #5 |
| | WEB.DE postfach empfängt komische Mails in minuten tackt Hallo, hier sind noch einmal die daten die ihr woltet. aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-03-17 22:49:20 ----------------------------- 22:49:20.944 OS Version: Windows x64 6.1.7601 Service Pack 1 22:49:20.945 Number of processors: 8 586 0x1E05 22:49:20.945 ComputerName: SERGEJ-PC UserName: Sergej 22:49:21.435 Initialize success 22:50:24.317 AVAST engine defs: 13031701 22:51:00.619 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 22:51:00.620 Disk 0 Vendor: WDC_WD10EARS-22Y5B1 80.00A80 Size: 953869MB BusType: 3 22:51:00.626 Disk 0 MBR read successfully 22:51:00.627 Disk 0 MBR scan 22:51:00.630 Disk 0 Windows 7 default MBR code 22:51:00.632 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 51337 MB offset 2048 22:51:00.647 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 22528 MB offset 105140224 22:51:00.666 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 106134 MB offset 151277568 22:51:00.669 Disk 0 Partition - 00 05 Extended 773869 MB offset 368640000 22:51:00.682 Disk 0 Partition - 00 05 Extended 100000 MB offset 368642047 22:51:00.705 Disk 0 scanning C:\Windows\system32\drivers 22:51:10.766 Service scanning 22:51:28.011 Modules scanning 22:51:28.022 Disk 0 trace - called modules: 22:51:28.045 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 22:51:28.052 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004dfe790] 22:51:28.059 3 CLASSPNP.SYS[fffff880020cb43f] -> nt!IofCallDriver -> [0xfffffa8004b16e40] 22:51:28.066 5 ACPI.sys[fffff88000e1b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b1f060] 22:51:28.752 AVAST engine scan C:\Windows 22:51:29.989 AVAST engine scan C:\Windows\system32 22:53:58.320 AVAST engine scan C:\Windows\system32\drivers 22:54:08.390 AVAST engine scan C:\Users\Sergej 22:56:12.363 AVAST engine scan C:\ProgramData 23:05:08.099 Scan finished successfully 23:05:55.373 Disk 0 MBR has been saved successfully to "C:\Users\Sergej\Desktop\MBR.dat" 23:05:55.378 The log file has been saved successfully to "C:\Users\Sergej\Desktop\aswMBR.txt" Results of screen317's Security Check version 0.99.59 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Security Suite CBE 11 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.70.0.1100 Adobe Flash Player 11.6.602.180 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox (19.0.2) ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! Kaspersky Lab Kaspersky Security Suite CBE 11 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Danke. |
|
18.03.2013, 00:29
| #6 |
| /// Helfer-Team | WEB.DE postfach empfängt komische Mails in minuten tackt Aktualisiere:
Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________ --> WEB.DE postfach empfängt komische Mails in minuten tackt |
|
18.03.2013, 09:33
| #7 |
| | WEB.DE postfach empfängt komische Mails in minuten tackt Hi, PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 19.0 ist aktuell Flash (11,6,602,180) ist aktuell. Java ist nicht Installiert oder nicht aktiviert. Adobe Reader 11,0,2,0 ist aktuell. Die Mails kommen immer noch aber nicht mehr so häufig. Danke |
|
18.03.2013, 20:36
| #8 | |
| /// Helfer-Team | WEB.DE postfach empfängt komische Mails in minuten tacktZitat:
|
|
19.03.2013, 07:37
| #9 | |
| | WEB.DE postfach empfängt komische Mails in minuten tackt Hallo, welcher quelltext? hab ich was nicht mitbekommen? bitte beschreiben. danke. Meinst du das hier? This message was created automatically by mail delivery software. A message that you sent has not yet been delivered to one or more of its recipients after more than 24 hours on the queue on mail2.intrapower.com.au. The message identifier is: 1UGYrf-0005bF-BC The subject of the message is: YOUR ATM CARD IS READY. The date of the message is: Fri, 15 Mar 2013 10:51:31 -0700 The address to which the message has not yet been delivered is: jelahm@ram.net.au Delay reason: mailbox is full No action is required on your part. Delivery attempts will continue for some time, and this warning may be repeated at intervals if the message remains undelivered. Eventually the mail delivery software will give up, and when that happens, the message will be returned to you. Zitat:
This report relates to a message you sent with the following header fields: Message-id: <201303151735.r2FHZ53H023947@juntaedelane.com> Date: Fri, 15 Mar 2013 10:35:49 -0700 From: Jane Iwuka <sergej.kiefer@web.de> To: undisclosed-recipients: ; Subject: YOUR ATM CARD IS READY. Your message is being returned; it has been enqueued and undeliverable for 1 day to the following recipients: Recipient address: jklodhi@hotmail.com Original address: gkmotors@emirates.net.ae Reason: unable to deliver this message after 1 day Delivery attempt history for your mail: Sun, 17 Mar 2013 02:01:29 +0400 (GST) Temporary error returned by SMTP partner. smtp;421 RP-001 (COL0-MC1-F3) Unfortunately, some messages from 195.229.241.85 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to hxxp://mail.live.com/mail/troubleshooting.aspx#error Sun, 17 Mar 2013 01:21:50 +0400 (GST) Temporary error returned by SMTP partner. smtp;421 RP-001 (COL0-MC3-F43) Unfortunately, some messages from 195.229.241.85 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to hxxp://mail.live.com/mail/troubleshooting.aspx#erro Sat, 16 Mar 2013 19:25:03 +0400 (GST) Temporary error returned by SMTP partner. smtp;421 RP-001 (COL0-MC4-F5) Unfortunately, some messages from 195.229.241.85 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to hxxp://mail.live.com/mail/troubleshooting.aspx#error Sat, 16 Mar 2013 11:14:37 +0400 (GST) Temporary error returned by SMTP partner. smtp;421 PR(dt1) (COL0-MC2-F9) Unfortunately, some messages from 195.229.241.85 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to hxxp://mail.live.com/mail/troubleshooting.aspx#erro Sat, 16 Mar 2013 09:38:01 +0400 (GST) Temporary error returned by SMTP partner. smtp;421 RP-001 (COL0-MC4-F11) Unfortunately, some messages from 195.229.241.85 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to hxxp://mail.live.com/mail/troubleshooting.aspx#erro Fri, 15 Mar 2013 21:37:47 +0400 (GST) Temporary error returned by SMTP partner. smtp;421 RP-001 (BAY0-MC1-F43) Unfortunately, some messages from 195.229.241.85 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to hxxp://mail.live.com/mail/troubleshooting.aspx#erro |
|
19.03.2013, 20:43
| #10 |
| /// Helfer-Team | WEB.DE postfach empfängt komische Mails in minuten tackt diese Angaben brauchen wir: FAQs: E-Mail-Header lesen und verstehen |
|
20.03.2013, 12:43
| #11 |
| | WEB.DE postfach empfängt komische Mails in minuten tackt wie soll ich die posten? einfach rein kopieren ist zu gros. |
|
20.03.2013, 19:34
| #12 |
| /// Helfer-Team | WEB.DE postfach empfängt komische Mails in minuten tackt es sind nur paar Zeilen bei web.de in der Mail rechts oben auf das kleine "i" klicken und die weiteren Informationen rauskopieren. |
|
21.03.2013, 07:43
| #13 |
| | WEB.DE postfach empfängt komische Mails in minuten tackt Hallo, ich hoffe das hier richtig. Adresse: https://navigator.web.de/navigator/show?sid=96c442f1a44fab483140707af8ba8b910d7fc4f77a528b86214aa1f285067d7334a31b35bc6e2b5f4f9f6a5ba10f46e6#mail Typ: text/html Anzeigemodus: Standardkonformer Modus Kodierung: UTF-8 Größe: 8,72 KB (8.934 Byte) Verweisende URL: https://navigator.web.de/login?jsenabled=true&ott=522e55c6-a9d3-4fd3-84f4-f95209a14588 Modifiziert: Donnerstag, 21. März 2013 07:28:39 text/html; charset=UTF-8 de IE=edge |
|
21.03.2013, 18:55
| #14 | |
| /// Helfer-Team | WEB.DE postfach empfängt komische Mails in minuten tackt die Infos sehen so aus: Zitat:
|
|
22.03.2013, 07:46
| #15 |
| | WEB.DE postfach empfängt komische Mails in minuten tackt Hallo, jetzt bin ich aufgewacht ich habe wo anders gesucht sorry. 1. Mail Return-Path: Received: from mail2.intrapower.com.au ([61.8.96.216]) by mx-ha.web.de (mxweb101) with ESMTP (Nemesis) id 0MIcpI-1UJUqf0Le4-002Dly for <sergej.kiefer@web.de>; Sun, 17 Mar 2013 19:03:21 +0100 Received: from atmail by mail2.intrapower.com.au with local (Exim 4.60) id 1UHHvS-0004Tr-BJ for sergej.kiefer@web.de; Mon, 18 Mar 2013 04:03:18 +1000 Auto-Submitted: auto-replied From: Mail Delivery System <Mailer-Daemon@mail2.intrapower.com.au> To: sergej.kiefer@web.de Subject: Warning: message 1UGYrf-0005bF-BC delayed 48 hours Message-Id: <E1UHHvS-0004Tr-BJ@mail2.intrapower.com.au> Date: Mon, 18 Mar 2013 04:03:18 +1000 Envelope-To: <sergej.kiefer@web.de> X-UI-Filterresults: ;V01:K0:N2X5oyNk:HyLsWIN/J6Sdp3D0hWaf3SkOS/n64FLhyPC K2GMsJ1LPr/XJ6UTm4dgps23N6VzezpiYEt5jDgKn7tJ3Xri/s4texCTKMsJG7Ry08RvIGk 9ahbMWoHX5vyi7JfCwYfriM6gCi5GnzksgJs+3BhXt7WtU50/yKa1fpDg8tWIMev2DdtbR+ 0DdrxuM8dkNdW8IEhTGDDIIogT0GDoD8GPkYjkrkN0vCGzd4w7MBB4ee+1yV7F7A3yFZtgD xFWBIqQVvYY8t10kh++DyZ4Wiuu5skQ1GTmxZnU+qrWpCTrJ5n+Wl4eshu+NpeyGtqQGfDR NZyEx5XucduPZB8VeBUyb6QhenyLRdpJ2sPoD+8636J0bSkiKicKV2XhrRwmet0TvCy4xUH p5tSR4GczX5AgiV+w6bKmUjQ/97bpAax/HFe4SVE3ku+wGggIApIb4l04N7ZH/ar/vIV/PL Cxz8pJXqxlCfBxF9l/97z9pEdBnXCfOiXAQT1LQvlRobNNKwfCm3tBRreh6CAf36EoPniGi pgdqbxogsP0Mvtqf+lYf3acvHjzwuxIfc22bcsL0rYS5qsJelK3i7Lv0S3Mtt2LKDBJU9Bx dsIp4QF34xKA+qlBVeKOU/x3Caz7CjmhyxLDkSjYLSOwVD1lpdPdbOlBu0QU8h7F1ZU3tqe JUqjXUqnMoXHWBTL/c4ztM0VlvQiqgIO0jsJ5w2VktrjxUKx/ox9kHEDTTLzuxyrxBaVtRZ uv6KdIVQeDwHtxPpATrGCgu7eEiF4ubAKL/vMviGvNhYzYvp6PgCn7wdnYX50cDNYNcFes7 sWBk1ItWBk7LjFEa0H3EF3svv5yi66zJBo7/lmXxxWc6vRCYUh0RP70igfSJuoxq0aSGDeP d6HjtqFSP7mTSGGZHWxQG97wXSDyquCCYZjybfzYAw++KPB12dOsCLRMGfmRkenF6K+bFPn D24XcB3Ocag7Ug3wynvqo7BwxdowLjCpt3XDVobwUOUndJFLJ7nm07vohsyJta5p+BdV/X+ Zjm+CZDjhVHdcYIdEDYfkWQfjhuS356elXylnVf3pvJvJPDrJR9VYqmT0eC5IsasvO0wimI 13tdM6fXONtBCcJjlV/QhZ/XPXfKy87B7TPFjgaTIj0NCXv/qLWLtc7pO72oYIlweuAJ5Zo JmaRuVyPstUuRE+OvTQjCSHkaBGgkWTtX6BTAfIB1IV+AohXBktyBo049U9KnBFDbyD1Tm0 Kwyj3JEAz6NemynNXKgAXbV8ATzd8KMxQL8EihJDncjAUuRT8LKWF9tooc/kCkiBB9va5Xq xyUox3iasE= Content-Type: text/plain 2.Mail Return-Path: Received: from aomail1.emirates.net.ae ([195.229.241.85]) by mx-ha.web.de (mxweb103) with ESMTP (Nemesis) id 0MLwLA-1UMUf80oM0-008FaZ for <sergej.kiefer@web.de>; Sat, 16 Mar 2013 23:17:06 +0100 Received: from process-daemon.aomail1.emirates.net.ae by aomail1.emirates.net.ae (I&ES Mail Server 4.2) id <0MJR00J00XRAM700@aomail1.emirates.net.ae> for sergej.kiefer@web.de; Sun, 17 Mar 2013 02:17:05 +0400 (GST) Received: from aomail1.emirates.net.ae (I&ES Mail Server 4.2) id <0MJR009LHXWHH1P3@aomail1.emirates.net.ae>; Sun, 17 Mar 2013 02:17:05 +0400 (GST) MIME-version: 1.0 Content-Type: multipart/report; boundary="Boundary_(ID_Brx5ksn40NWbxN0zR0On6w)"; report-type=delivery-status Date: Sun, 17 Mar 2013 02:17:05 +0400 (GST) From: Internet Mail Delivery <postmaster@aomail1.emirates.net.ae> Subject: Delivery Notification: Delivery has timed out and failed To: sergej.kiefer@web.de Message-id: <0MJR009LJXWHH1P3@aomail1.emirates.net.ae> Envelope-To: <sergej.kiefer@web.de> X-UI-Filterresults: ;V01:K0:CM8YZK0c:idET1DKE582MXVnmdj/S5huhqWkz7vqVeil DDzp7Z/4xz6JcrugbvFGvFj9wVNMC5r010a2iCTdrWuBgbKpGLnpTxqFtKJOYbogW/XYbez NogfdrHBAr94ln9GIgHOJoWBfABquCRKPdL+dU9FBUJeDR6m8k4s4oQOGK2Q9cyUCNE8pou 8Lqapm0GbIwKV0jzPYEWFX5D499CAri1nKHmckZi006MXOJsn1Az7L6e/qpCzhPmHN/FXOX Vbg7kirMJCj/1KLIXmcx7yV5+6tpvBiZAOncQV4cgrmcOlDRrT9DJcInpUdW6feNAsWyf9a im/yZcnXHl+nvIk72qpnTgRMKWpZN1R1I+eum9XvFmLoXHTBCOK7NBg0zVPNtmUrnlOL/lM k6JffMqmIpGMeiInj9t9gef7dewQw9hVX07otxekBDFmqgAA056bXzLweGmQ3vuqJAuhCQg 9TihiZNRyVPaClFVMwrcIQIwjZV7sYHj5iSlS3hLFhoOmZZxnW5BkqxJjbhfeQUM65e6WQS RQqNqjleOuzIMY219i3g5tSU1JMT4qs/qdTw9CaNAFM6gjapLoX0nO9GzAwYbz9HU0tuuzd Vwo6Ig8/GhV9GdcLJxFd2w+plWjffL8NlPbhow2rjv9OZUHYVFAz5e7LzGJqIKOlytPpr9E O87ffEjimGJg7pGEgRxElYgGCL6/8EGnh3YryXV79UdoLNk81o2BV9fEActwQoVJ7fSNVLT bQq46+Aq+ywiFoErJ+WS2dc77xKw97A+hr3Q6sL+c2rd6PYSFJI7M401+rwtQugNioz9pCM s45y4veYXa/Yrn8su1fZSqMFOkDTQzEyJkJBzJfmVFul8Oo+BBBQCbSReL8q9VexTEkJ5/0 AnORLYqsvEsm/zlYoFRcyEgDQ6g2NlK946splNvIc6l59wFPJai/EELUpLTcDo3X72ZMelo b86zbuzySP+cIdGiiA4C+yDBx0tjuvY8h/uvSv4jnqevluShBxom/KHAFMcJ1zIVc3dR85z HzX7daS6gQCBWTGczNjEfFV9BVzvYlQ6P1myDVvpn8oGum6d7MFjKhxza44sjxAitfw7yq3 ox0nqx8niWS8XA5fF6b1pE/VdskGJ4AnHqrvleqbYOlnYwGQDyRyQwKg4GRnWXA7nr6YBnW yDX5r2u0ZcWTP6u586y2f5wQ= Danke. ich habe noch ein paar wenn ihr braucht. Geändert von DPYR (22.03.2013 um 08:32 Uhr) |
|
| Themen zu WEB.DE postfach empfängt komische Mails in minuten tackt |
| adresse, e-mail, empfängt, komische, komische mails, lauter, mail delivery, mails, minute, minuten, postfach, returning message to sender, web.de |
Linear-Darstellung
