Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: WEB.DE postfach empfängt komische Mails in minuten tackt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.03.2013, 18:45   #1
DPYR
 
WEB.DE postfach empfängt komische Mails in minuten tackt - Standard

WEB.DE postfach empfängt komische Mails in minuten tackt



Bekomme auf meine E-Mail adresse lauter komische Mails:

Hallo noch mal.

Die meldung unter anderen bekomme ich:
Mail delivery failed: returning message to sender
Danke

Alt 17.03.2013, 09:38   #2
t'john
/// Helfer-Team
 
WEB.DE postfach empfängt komische Mails in minuten tackt - Standard

WEB.DE postfach empfängt komische Mails in minuten tackt





Der Ganze Mail-Quelltext waere interessanter!


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




dann:


Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 17.03.2013, 15:45   #3
DPYR
 
WEB.DE postfach empfängt komische Mails in minuten tackt - Standard

WEB.DE postfach empfängt komische Mails in minuten tackt



Hallo,
danke für ihre schnelle antwort hier sind die logs:

mbam:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.17.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sergej :: SERGEJ-PC [Administrator]

Schutz: Aktiviert

17.03.2013 16:27:25
mbam-log-2013-03-17 (16-27-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 206117
Laufzeit: 2 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.03.2013 16:31:43 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sergej\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 48,93% Memory free
7,98 Gb Paging File | 4,52 Gb Available in Paging File | 56,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50,13 Gb Total Space | 12,17 Gb Free Space | 24,27% Space Free | Partition Type: NTFS
Drive D: | 22,00 Gb Total Space | 19,40 Gb Free Space | 88,17% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 134,06 Gb Free Space | 45,76% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 61,31 Gb Free Space | 62,78% Space Free | Partition Type: NTFS
Drive G: | 51,42 Gb Total Space | 45,09 Gb Free Space | 87,69% Space Free | Partition Type: NTFS
Drive H: | 101,06 Gb Total Space | 44,46 Gb Free Space | 44,00% Space Free | Partition Type: NTFS
Drive I: | 80,40 Gb Total Space | 63,09 Gb Free Space | 78,47% Space Free | Partition Type: NTFS
Drive L: | 29,30 Gb Total Space | 5,55 Gb Free Space | 18,93% Space Free | Partition Type: NTFS
Drive M: | 102,93 Gb Total Space | 80,66 Gb Free Space | 78,37% Space Free | Partition Type: NTFS
Drive N: | 103,65 Gb Total Space | 10,65 Gb Free Space | 10,28% Space Free | Partition Type: NTFS
 
Computer Name: SERGEJ-PC | User Name: Sergej | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sergej\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - d:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Users\Sergej\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe ()
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO)
PRC - D:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - F:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll ()
MOD - D:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TomTomHOMEService) -- d:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (StumbleUponUpdater) -- C:\Users\Sergej\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe ()
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO)
SRV - (AdobeActiveFileMonitor9.0) -- F:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2478458581-631666224-3900340172-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.odnoklassniki.ru/
IE - HKU\S-1-5-21-2478458581-631666224-3900340172-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2478458581-631666224-3900340172-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2478458581-631666224-3900340172-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 83 B4 CF 07 4D CC 01  [binary data]
IE - HKU\S-1-5-21-2478458581-631666224-3900340172-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2478458581-631666224-3900340172-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2478458581-631666224-3900340172-1001\..\SearchScopes\{190BDC39-2666-429A-BCA3-28330C52CD41}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2478458581-631666224-3900340172-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: f:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sergej\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.17 09:54:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.05.11 17:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sergej\AppData\Roaming\mozilla\Extensions
[2012.05.11 17:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sergej\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.03.17 09:54:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\Sergej\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] d:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2478458581-631666224-3900340172-1001..\Run: []  File not found
O4 - HKU\S-1-5-21-2478458581-631666224-3900340172-1001..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-21-2478458581-631666224-3900340172-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82122076-68DC-44AC-81EB-020BF217375B}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.17 16:26:38 | 000,000,000 | ---D | C] -- C:\Users\Sergej\AppData\Roaming\Malwarebytes
[2013.03.17 16:26:25 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.17 16:26:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.17 16:25:35 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Sergej\Desktop\mbam-setup-1.70.0.1100.exe
[2013.03.17 16:25:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sergej\Desktop\OTL.exe
[2013.03.17 09:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.03.17 09:54:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.03.17 09:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.16 08:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.16 08:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.03.16 08:25:40 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.03.16 08:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.03.15 19:17:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.15 09:37:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.15 09:37:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.15 09:37:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.15 09:37:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.15 09:37:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.15 09:37:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.15 09:37:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.15 09:37:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.15 09:37:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.15 09:37:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.15 09:37:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.15 09:37:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.15 09:37:01 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.15 09:37:01 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.15 09:37:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.09 20:44:27 | 000,000,000 | ---D | C] -- C:\Users\Sergej\Desktop\Neuer Ordner (3)
[2013.03.05 11:24:50 | 000,000,000 | ---D | C] -- C:\Users\Sergej\Documents\Nokia Suite
[2013.03.01 18:55:55 | 000,000,000 | ---D | C] -- C:\Users\Sergej\AppData\Roaming\dpdhl.versandhelfer
[2013.03.01 18:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Versandhelfer
[2013.02.26 15:41:18 | 000,000,000 | ---D | C] -- C:\Users\Sergej\AppData\Local\Programs
[2013.02.23 13:04:46 | 000,000,000 | ---D | C] -- C:\Users\Sergej\Desktop\Neuer Ordner (2)
[2013.02.16 12:19:20 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.17 16:26:27 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.17 16:25:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sergej\Desktop\OTL.exe
[2013.03.17 16:24:48 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Sergej\Desktop\mbam-setup-1.70.0.1100.exe
[2013.03.17 16:15:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.17 15:51:37 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.17 15:51:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.17 09:54:42 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.17 09:53:25 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.17 09:53:25 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.17 09:44:57 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.16 22:33:27 | 000,004,750 | ---- | M] () -- C:\Users\Sergej\Documents\NeueDatenbank.kdbx
[2013.03.16 08:25:44 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.03.09 22:11:37 | 001,621,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.09 22:11:37 | 000,699,448 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.09 22:11:37 | 000,654,766 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.09 22:11:37 | 000,149,342 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.09 22:11:37 | 000,122,296 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.07 07:44:10 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.07 07:44:10 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.01 18:55:47 | 000,000,697 | ---- | M] () -- C:\Users\Public\Desktop\Versandhelfer.lnk
[2013.02.26 15:41:46 | 000,000,801 | ---- | M] () -- C:\Users\Sergej\Desktop\KeePass 2.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.17 16:26:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.17 09:54:42 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.17 09:54:42 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.16 08:25:44 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.03.16 08:25:44 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.03.01 18:55:47 | 000,000,697 | ---- | C] () -- C:\Users\Public\Desktop\Versandhelfer.lnk
[2012.11.10 13:20:25 | 000,003,584 | ---- | C] () -- C:\Users\Sergej\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.10 13:16:11 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.03.11 19:12:10 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.12.29 09:56:46 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ4809N.DAT
[2011.12.13 08:23:02 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{12D1BF88-5F53-45C4-9810-23E6E6AF3BDD}
[2011.12.11 09:57:48 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{4FE283CB-B263-4B48-99DB-5E78FAA3A053}
[2011.12.05 09:42:57 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{9334FC10-EBAE-48B4-A30B-2185318066CC}
[2011.11.16 13:25:32 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{6C70CCF5-FDF6-4160-B3F9-3A0EF5797E21}
[2011.11.02 09:37:17 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{6AC58822-EBD3-4AFF-808A-6217EB78650D}
[2011.11.01 14:55:42 | 000,007,606 | ---- | C] () -- C:\Users\Sergej\AppData\Local\Resmon.ResmonCfg
[2011.10.29 10:42:55 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{8B042D4E-D254-4C97-8FAB-3E0D154FC27D}
[2011.10.27 12:55:19 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{FEE033B8-F995-49F8-B61A-46E74334781F}
[2011.10.14 09:04:54 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{079EDA4D-CA7A-47B3-B4CA-CC8AB0F5B5A8}
[2011.10.10 08:27:31 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{CFDFCF94-D40F-4CED-B6AE-9EC830560354}
[2011.10.08 08:40:12 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{6051F641-EBF6-495B-BDBC-C715FD7F8CF0}
[2011.10.07 10:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{97DBFA23-3CCA-4414-9C09-65085F859157}
[2011.10.03 13:28:54 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{B1699955-7639-49DF-9E88-8BDEE90F1370}
[2011.09.28 08:30:09 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{B2B36168-60A0-4EBD-ACC3-C69D3AAE8ABE}
[2011.09.23 15:43:23 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{AA92B697-4F08-401F-9893-258362CA1BF1}
[2011.09.14 08:20:31 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{CAF8E63F-7266-4D70-84B3-98C27E0305ED}
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.09 07:18:08 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{694DFD8C-1CDD-4E1F-8DFF-3E5473192FE9}
[2011.09.05 07:06:21 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{0BCE0335-102E-4A20-9917-4B3788A5E43C}
[2011.09.01 14:06:08 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{57B12BAA-928A-47C5-B674-530DC4D0D486}
[2011.08.23 08:01:23 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{822F21E8-C01A-4110-8FF1-17267CC3F298}
[2011.08.21 19:47:55 | 000,000,000 | ---- | C] () -- C:\Users\Sergej\AppData\Local\{D27DED4A-CA6C-4C86-ACA1-4CE938A7BC60}
[2011.06.27 09:55:25 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2011.06.27 09:55:01 | 001,598,118 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.27 08:32:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.27 08:23:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.06.27 08:23:43 | 000,023,034 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:58DD92AC

< End of report >
         
--- --- ---

OTL2:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.03.2013 16:31:43 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sergej\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 48,93% Memory free
7,98 Gb Paging File | 4,52 Gb Available in Paging File | 56,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50,13 Gb Total Space | 12,17 Gb Free Space | 24,27% Space Free | Partition Type: NTFS
Drive D: | 22,00 Gb Total Space | 19,40 Gb Free Space | 88,17% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 134,06 Gb Free Space | 45,76% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 61,31 Gb Free Space | 62,78% Space Free | Partition Type: NTFS
Drive G: | 51,42 Gb Total Space | 45,09 Gb Free Space | 87,69% Space Free | Partition Type: NTFS
Drive H: | 101,06 Gb Total Space | 44,46 Gb Free Space | 44,00% Space Free | Partition Type: NTFS
Drive I: | 80,40 Gb Total Space | 63,09 Gb Free Space | 78,47% Space Free | Partition Type: NTFS
Drive L: | 29,30 Gb Total Space | 5,55 Gb Free Space | 18,93% Space Free | Partition Type: NTFS
Drive M: | 102,93 Gb Total Space | 80,66 Gb Free Space | 78,37% Space Free | Partition Type: NTFS
Drive N: | 103,65 Gb Total Space | 10,65 Gb Free Space | 10,28% Space Free | Partition Type: NTFS
 
Computer Name: SERGEJ-PC | User Name: Sergej | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2478458581-631666224-3900340172-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C904B7-8FEE-48BD-9AFD-F09A1C587839}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{1F8E3301-7BF8-4BDF-8F1B-1E15775C38D0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{322FF288-C866-429D-91B3-0428096C8481}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3F4CAF37-F22C-4EB8-80BA-BF7002F93915}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5033492E-8981-4939-91DC-BCC5F5380049}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{55C42373-9B5D-4573-B026-D7EE90CA3DB4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6133E04C-8684-444D-9FE2-A84B094CF787}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7932ED69-A70F-4C3F-B8F0-5B62E5683103}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{80165F98-AE2C-4D0B-AF4B-F4E4D4BC9F27}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8346070F-1C3B-4AEA-B8DC-8E078A6BBC5F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{835D276F-DC5F-43D2-B3BA-90DBE682AF1F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8E303108-F8CE-452C-9534-F6E4EE1AFFA1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{96BC77B2-A36A-46E8-89A3-CCAF753E0DC8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{ABF8D9CB-8D23-43DE-BF28-2F68A6BB934F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B2C38F6F-7AB8-4A25-8F26-4C1412E68FF5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B407299B-EEE3-4D0D-BB22-0E3E04831568}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B927D660-C4D1-4DC4-B90B-792C17D8392F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BB8E667F-C117-48DF-862C-688D12A29324}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DB5A1E80-BB12-4763-BBF7-52477282B638}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DD59ABAA-D18A-4392-B257-6B5CB45ABDD2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F570CBC4-0520-4469-B724-2EEBC93C5D02}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FABD6026-0243-4663-B571-E00AD1FC9BAF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FAC7AAB3-B61D-49A1-8FE4-F65AE5A482F3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FE944BE6-05A2-462F-8A04-EE0FD592F5AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1253D79E-1463-46CE-9E77-A30206979479}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{13A63249-0878-4904-BB96-EC31E1673334}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1DE0939F-AF04-48E1-A9B7-FC0C735233CB}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{20CFC1D4-9021-486D-B224-CB442720F89B}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{2399D092-DCFB-49DB-B88A-13B4E6749E9F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2A2461F8-59B4-4202-A874-9ADAC131B956}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{3B25B6F4-B0AD-4720-9DBE-38173851AA1B}" = protocol=6 | dir=out | app=system | 
"{441F0C33-34D1-4E03-A4A7-8029C04FE6F0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{442879AB-6B38-496F-82D5-4C28D0A20F3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{49E21A44-3B6A-49D8-84D1-80CA0CDA8271}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{4D6369DA-B777-41C0-A83C-C6105E7335F9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{54CDD56A-2541-4127-AEC6-41FC287FABD7}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{5C44939B-E55F-4657-862E-DA75B7E30C55}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{74C8D67F-CB0A-40D3-AD07-1B9736CC5F99}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{771DCE93-04CB-4C82-94D7-D116AE6235D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7721093C-AE68-43D8-838C-83FC850B59E7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7809DE46-AD37-4F61-BFFC-5E2B2A64ABEA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7B8A8A16-B553-40D8-9C35-45A52965DDC0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7C6BE15B-8A29-4C2B-96DB-BB94D0FBD7FA}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{7F6DB9E5-C173-4976-826B-D0267C3A7C5A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F5B95B8-6D02-44FD-9FF7-63F3AA4384AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{91F7CB38-A261-48CC-BB87-0C7F0CDEA22C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A1C50D16-2820-4B1F-A1C4-40091440C845}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{AFBF2E2D-DE75-407C-AF3A-FFFCFBE3D571}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C3480665-98F8-4633-880B-713C89412107}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C4610A7B-AB6D-40B2-A3D7-ECD7EEDA34AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CDD7EF4D-990B-4885-BA4E-1D4EF52AB69C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D15ECF95-F8A4-462A-880F-6EBBA0B3991C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809" = CanoScan LiDE 210 Scanner Driver
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00F68F89-FC69-CA21-EC2C-0BF8BAC84CE8}" = Versandhelfer
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8973631B-D3CE-4F74-8A72-F734D928B940}" = DVRManager
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{986A654F-F1E4-11DD-9FCA-005056C00008}" = Paragon Partition Manager™ 11 Personal
"{986EABFC-92F6-CECD-9E5A-B13CAC40BB1D}" = WPTx64
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{a3717ca4-b44e-422d-8268-ee4dabb332fd}" = Windows Software Development Kit
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5D42D71-4036-5F88-5085-657C9DF9F1DD}" = WPT Redistributables
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C0CA68BF-2963-4139-8207-1E83038F86F8}" = Nero BurningROM 12
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D4F102C5-EEA1-CAE1-8E67-1A7FCE27F673}" = Windows Software Development Kit EULA
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}" = Kits Configuration Installer
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon iP3600 series Benutzerregistrierung" = Canon iP3600 series Benutzerregistrierung
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CL-Eye Driver" = CL-Eye Driver
"dpdhl.versandhelfer" = Versandhelfer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"ESN Sonar-0.70.4" = ESN Sonar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.21
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Nokia Suite" = Nokia Suite
"PS3 Media Server" = PS3 Media Server
"TomTom HOME" = TomTom HOME 2.8.3.2499
"WinDjView" = WinDjView 1.0.3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2478458581-631666224-3900340172-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.10.2012 03:14:55 | Computer Name = Sergej-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 30.10.2012 03:14:55 | Computer Name = Sergej-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 03.11.2012 08:04:11 | Computer Name = Sergej-PC | Source = Application Hang | ID = 1002
Description = Programm StellarPhoenixPhotoRecovery.exe, Version 0.0.0.0 kann nicht
 mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: ab8    Startzeit: 01cdb9b7a0ba8345    Endzeit: 16    Anwendungspfad: 
D:\Program Files (x86)\Stellar Phoenix Photo Recovery\StellarPhoenixPhotoRecovery.exe

Berichts-ID:
 68ea80e0-25ae-11e2-9acd-00158315a310  
 
Error - 03.11.2012 08:14:41 | Computer Name = Sergej-PC | Source = Application Hang | ID = 1002
Description = Programm StellarPhoenixPhotoRecovery.exe, Version 0.0.0.0 kann nicht
 mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1338    Startzeit: 01cdb9bb59cd0c63    Endzeit: 16    Anwendungspfad:
 D:\Program Files (x86)\Stellar Phoenix Photo Recovery\StellarPhoenixPhotoRecovery.exe

Berichts-ID:
 f63f28e0-25af-11e2-9acd-00158315a310  
 
Error - 03.11.2012 08:40:50 | Computer Name = Sergej-PC | Source = Application Hang | ID = 1002
Description = Programm Filerecovery.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1338    Startzeit:
 01cdb9bce6d3b372    Endzeit: 0    Anwendungspfad: D:\Program Files (x86)\Convar\PC Inspector
 File Recovery\Filerecovery.exe    Berichts-ID: a952b4cb-25b3-11e2-9acd-00158315a310

 
Error - 09.11.2012 10:14:52 | Computer Name = Sergej-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 82c    Startzeit: 
01cdbe83f9214ef3    Endzeit: 16    Anwendungspfad: D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 bff3f3ee-2a77-11e2-937a-00158315a310  
 
Error - 10.11.2012 15:54:16 | Computer Name = Sergej-PC | Source = VSS | ID = 13
Description = 
 
Error - 10.11.2012 15:54:16 | Computer Name = Sergej-PC | Source = VSS | ID = 8193
Description = 
 
Error - 23.11.2012 15:30:38 | Computer Name = Sergej-PC | Source = VSS | ID = 13
Description = 
 
Error - 23.11.2012 15:30:38 | Computer Name = Sergej-PC | Source = VSS | ID = 8193
Description = 
 
[ Spybot - Search and Destroy Events ]
Error - 16.03.2013 04:02:56 | Computer Name = Sergej-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 25.02.2013 10:02:18 | Computer Name = Sergej-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?02.?2013 um 22:31:56 unerwartet heruntergefahren.
 
Error - 03.03.2013 17:49:58 | Computer Name = Sergej-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 07.03.2013 02:35:07 | Computer Name = Sergej-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?03.?2013 um 23:46:22 unerwartet heruntergefahren.
 
Error - 07.03.2013 02:38:34 | Computer Name = Sergej-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 09.03.2013 17:08:41 | Computer Name = Sergej-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 09.03.2013 17:08:43 | Computer Name = Sergej-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 10.03.2013 09:20:30 | Computer Name = Sergej-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?03.?2013 um 22:52:36 unerwartet heruntergefahren.
 
Error - 14.03.2013 06:07:58 | Computer Name = Sergej-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 16.03.2013 03:19:56 | Computer Name = Sergej-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?03.?2013 um 23:26:05 unerwartet heruntergefahren.
 
Error - 17.03.2013 04:07:10 | Computer Name = Sergej-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?03.?2013 um 22:33:33 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---


Ich habe aber schon mit Kaspersky und mit SpyBot gescannt und eine Datei Java irgendwass gefunden und noch Passwort bei Web.de geendert. Jetzt ist besser geworden.
__________________

Alt 17.03.2013, 19:44   #4
t'john
/// Helfer-Team
 
WEB.DE postfach empfängt komische Mails in minuten tackt - Standard

WEB.DE postfach empfängt komische Mails in minuten tackt



Vielleicht hattest du ein zu leichtes Passwort gesetzt.


Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).





danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Mfg, t'john
Das TB unterstützen

Alt 17.03.2013, 22:10   #5
DPYR
 
WEB.DE postfach empfängt komische Mails in minuten tackt - Standard

WEB.DE postfach empfängt komische Mails in minuten tackt



Hallo,
hier sind noch einmal die daten die ihr woltet.


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-17 22:49:20
-----------------------------
22:49:20.944 OS Version: Windows x64 6.1.7601 Service Pack 1
22:49:20.945 Number of processors: 8 586 0x1E05
22:49:20.945 ComputerName: SERGEJ-PC UserName: Sergej
22:49:21.435 Initialize success
22:50:24.317 AVAST engine defs: 13031701
22:51:00.619 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:51:00.620 Disk 0 Vendor: WDC_WD10EARS-22Y5B1 80.00A80 Size: 953869MB BusType: 3
22:51:00.626 Disk 0 MBR read successfully
22:51:00.627 Disk 0 MBR scan
22:51:00.630 Disk 0 Windows 7 default MBR code
22:51:00.632 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 51337 MB offset 2048
22:51:00.647 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 22528 MB offset 105140224
22:51:00.666 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 106134 MB offset 151277568
22:51:00.669 Disk 0 Partition - 00 05 Extended 773869 MB offset 368640000
22:51:00.682 Disk 0 Partition - 00 05 Extended 100000 MB offset 368642047
22:51:00.705 Disk 0 scanning C:\Windows\system32\drivers
22:51:10.766 Service scanning
22:51:28.011 Modules scanning
22:51:28.022 Disk 0 trace - called modules:
22:51:28.045 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:51:28.052 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004dfe790]
22:51:28.059 3 CLASSPNP.SYS[fffff880020cb43f] -> nt!IofCallDriver -> [0xfffffa8004b16e40]
22:51:28.066 5 ACPI.sys[fffff88000e1b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b1f060]
22:51:28.752 AVAST engine scan C:\Windows
22:51:29.989 AVAST engine scan C:\Windows\system32
22:53:58.320 AVAST engine scan C:\Windows\system32\drivers
22:54:08.390 AVAST engine scan C:\Users\Sergej
22:56:12.363 AVAST engine scan C:\ProgramData
23:05:08.099 Scan finished successfully
23:05:55.373 Disk 0 MBR has been saved successfully to "C:\Users\Sergej\Desktop\MBR.dat"
23:05:55.378 The log file has been saved successfully to "C:\Users\Sergej\Desktop\aswMBR.txt"


Results of screen317's Security Check version 0.99.59
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Security Suite CBE 11
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware Version 1.70.0.1100
Adobe Flash Player 11.6.602.180
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (19.0.2)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Kaspersky Lab Kaspersky Security Suite CBE 11 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


Danke.


Alt 17.03.2013, 23:29   #6
t'john
/// Helfer-Team
 
WEB.DE postfach empfängt komische Mails in minuten tackt - Standard

WEB.DE postfach empfängt komische Mails in minuten tackt



Aktualisiere:

Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools)




Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
--> WEB.DE postfach empfängt komische Mails in minuten tackt

Alt 18.03.2013, 08:33   #7
DPYR
 
WEB.DE postfach empfängt komische Mails in minuten tackt - Standard

WEB.DE postfach empfängt komische Mails in minuten tackt



Hi,

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 19.0 ist aktuell

Flash (11,6,602,180) ist aktuell.

Java ist nicht Installiert oder nicht aktiviert.

Adobe Reader 11,0,2,0 ist aktuell.

Die Mails kommen immer noch aber nicht mehr so häufig.
Danke

Alt 18.03.2013, 19:36   #8
t'john
/// Helfer-Team
 
WEB.DE postfach empfängt komische Mails in minuten tackt - Standard

WEB.DE postfach empfängt komische Mails in minuten tackt



Zitat:
Der Ganze Mail-Quelltext waere interessanter!
solange du den quelltext nicht postet koennen wir dazu auch nichts sagen...
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.03.2013, 06:37   #9
DPYR
 
WEB.DE postfach empfängt komische Mails in minuten tackt - Standard

WEB.DE postfach empfängt komische Mails in minuten tackt



Hallo,
welcher quelltext? hab ich was nicht mitbekommen?
bitte beschreiben.
danke.

Meinst du das hier?

This message was created automatically by mail delivery software.
A message that you sent has not yet been delivered to one or more of its
recipients after more than 24 hours on the queue on mail2.intrapower.com.au.

The message identifier is: 1UGYrf-0005bF-BC
The subject of the message is: YOUR ATM CARD IS READY.
The date of the message is: Fri, 15 Mar 2013 10:51:31 -0700

The address to which the message has not yet been delivered is:

jelahm@ram.net.au
Delay reason: mailbox is full

No action is required on your part. Delivery attempts will continue for
some time, and this warning may be repeated at intervals if the message
remains undelivered. Eventually the mail delivery software will give up,
and when that happens, the message will be returned to you.

Zitat:
Zitat von DPYR Beitrag anzeigen
Hallo,
welcher quelltext? hab ich was nicht mitbekommen?
bitte beschreiben.
danke.

Meinst du das hier?

This message was created automatically by mail delivery software.
A message that you sent has not yet been delivered to one or more of its
recipients after more than 24 hours on the queue on mail2.intrapower.com.au.

The message identifier is: 1UGYrf-0005bF-BC
The subject of the message is: YOUR ATM CARD IS READY.
The date of the message is: Fri, 15 Mar 2013 10:51:31 -0700

The address to which the message has not yet been delivered is:

jelahm@ram.net.au
Delay reason: mailbox is full

No action is required on your part. Delivery attempts will continue for
some time, and this warning may be repeated at intervals if the message
remains undelivered. Eventually the mail delivery software will give up,
and when that happens, the message will be returned to you.
UND noch eins

This report relates to a message you sent with the following header fields:

Message-id: <201303151735.r2FHZ53H023947@juntaedelane.com>
Date: Fri, 15 Mar 2013 10:35:49 -0700
From: Jane Iwuka <sergej.kiefer@web.de>
To: undisclosed-recipients: ;
Subject: YOUR ATM CARD IS READY.

Your message is being returned; it has been enqueued and undeliverable for
1 day to the following recipients:

Recipient address: jklodhi@hotmail.com
Original address: gkmotors@emirates.net.ae
Reason: unable to deliver this message after 1 day


Delivery attempt history for your mail:

Sun, 17 Mar 2013 02:01:29 +0400 (GST)
Temporary error returned by SMTP partner.
smtp;421 RP-001 (COL0-MC1-F3) Unfortunately, some messages from 195.229.241.85 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to hxxp://mail.live.com/mail/troubleshooting.aspx#error

Sun, 17 Mar 2013 01:21:50 +0400 (GST)
Temporary error returned by SMTP partner.
smtp;421 RP-001 (COL0-MC3-F43) Unfortunately, some messages from 195.229.241.85 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to hxxp://mail.live.com/mail/troubleshooting.aspx#erro

Sat, 16 Mar 2013 19:25:03 +0400 (GST)
Temporary error returned by SMTP partner.
smtp;421 RP-001 (COL0-MC4-F5) Unfortunately, some messages from 195.229.241.85 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to hxxp://mail.live.com/mail/troubleshooting.aspx#error

Sat, 16 Mar 2013 11:14:37 +0400 (GST)
Temporary error returned by SMTP partner.
smtp;421 PR(dt1) (COL0-MC2-F9) Unfortunately, some messages from 195.229.241.85 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to hxxp://mail.live.com/mail/troubleshooting.aspx#erro

Sat, 16 Mar 2013 09:38:01 +0400 (GST)
Temporary error returned by SMTP partner.
smtp;421 RP-001 (COL0-MC4-F11) Unfortunately, some messages from 195.229.241.85 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to hxxp://mail.live.com/mail/troubleshooting.aspx#erro

Fri, 15 Mar 2013 21:37:47 +0400 (GST)
Temporary error returned by SMTP partner.
smtp;421 RP-001 (BAY0-MC1-F43) Unfortunately, some messages from 195.229.241.85 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to hxxp://mail.live.com/mail/troubleshooting.aspx#erro

Alt 19.03.2013, 19:43   #10
t'john
/// Helfer-Team
 
WEB.DE postfach empfängt komische Mails in minuten tackt - Standard

WEB.DE postfach empfängt komische Mails in minuten tackt



diese Angaben brauchen wir: FAQs: E-Mail-Header lesen und verstehen
__________________
Mfg, t'john
Das TB unterstützen

Alt 20.03.2013, 11:43   #11
DPYR
 
WEB.DE postfach empfängt komische Mails in minuten tackt - Standard

WEB.DE postfach empfängt komische Mails in minuten tackt



wie soll ich die posten? einfach rein kopieren ist zu gros.

Alt 20.03.2013, 18:34   #12
t'john
/// Helfer-Team
 
WEB.DE postfach empfängt komische Mails in minuten tackt - Standard

WEB.DE postfach empfängt komische Mails in minuten tackt



es sind nur paar Zeilen

bei web.de in der Mail rechts oben auf das kleine "i" klicken und die weiteren Informationen rauskopieren.
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.03.2013, 06:43   #13
DPYR
 
WEB.DE postfach empfängt komische Mails in minuten tackt - Standard

WEB.DE postfach empfängt komische Mails in minuten tackt



Hallo, ich hoffe das hier richtig.


Adresse: https://navigator.web.de/navigator/show?sid=96c442f1a44fab483140707af8ba8b910d7fc4f77a528b86214aa1f285067d7334a31b35bc6e2b5f4f9f6a5ba10f46e6#mail

Typ: text/html

Anzeigemodus: Standardkonformer Modus

Kodierung: UTF-8

Größe: 8,72 KB (8.934 Byte)

Verweisende URL: https://navigator.web.de/login?jsenabled=true&ott=522e55c6-a9d3-4fd3-84f4-f95209a14588

Modifiziert: Donnerstag, 21. März 2013 07:28:39

text/html; charset=UTF-8
de
IE=edge

Alt 21.03.2013, 17:55   #14
t'john
/// Helfer-Team
 
WEB.DE postfach empfängt komische Mails in minuten tackt - Standard

WEB.DE postfach empfängt komische Mails in minuten tackt



die Infos sehen so aus:

Zitat:
Return-Path: <heinz-gustav@post.rwth-aachen.example>
| Received: from mx3.gmx.example (qmailr@mx3.gmx.example [195.63.104.129])
| by ancalagon.rhein-neckar.de (8.8.5/8.8.5) with SMTP id SAA25291
| for <karl-heinz@ancalagon.rhein-neckar.de>; Thu, 16 Sep 1998 17:36:20
| +0200 (MET DST)
| Received: (qmail 1935 invoked by alias); 16 Sep 1998 15:36:06 -0000
| Delivered-To: GMX delivery to karl-heinz@gmx.example
| Received: (qmail 27698 invoked by uid 0); 16 Sep 1998 15:36:02 -0000
| Received: from pbox.rz.rwth-aachen.example (137.226.144.252)
| by mx3.gmx.example with SMTP; 16 Sep 1998 15:36:02 -0000
| Received: from post.rwth-aachen.example (slip-vertech.dialup.RWTH-Aachen.EXAMPLE
| [134.130.73.8]) by pbox.rz.rwth-aachen.example (8.9.1/8.9.0) with ESMTP
| id RAA28830 for <karl-heinz@gmx.example>; Wed, 16 Sep 1998 17:35:59
| +0200
| Message-ID: <35FFDA4F.2BC2A064@post.rwth-aachen.example>
| Date: Wed, 16 Sep 1998 17:33:35 +0200
| From: Heinz-Gustav Hinz <heinz-gustav@post.rwth-aachen.example>
| Organization: RWTH Aachen
| X-Mailer: Mozilla 4.05 [de] (Win95; I)
| To: Karl-Heinz Schmitt <karl-heinz@gmx.example>
| MIME-Version: 1.0
| Content-Type: text/plain; charset=iso-8859-1
| Content-Transfer-Encoding: quoted-printable
| Subject: Re: Hallo Nachbar!
| References: <529471993@ancalagon.rhein-neckar.de>
| Reply-To: hinz@provider.example
| X-Resent-By: Global Message Exchange <forwarder@gmx.example>
| X-Resent-For: karl-heinz@gmx.example
| X-Resent-To: karl-heinz@ancalagon.rhein-neckar.de
__________________
Mfg, t'john
Das TB unterstützen

Alt 22.03.2013, 06:46   #15
DPYR
 
WEB.DE postfach empfängt komische Mails in minuten tackt - Standard

WEB.DE postfach empfängt komische Mails in minuten tackt



Hallo, jetzt bin ich aufgewacht ich habe wo anders gesucht sorry.

1. Mail
Return-Path:
Received: from mail2.intrapower.com.au ([61.8.96.216]) by mx-ha.web.de (mxweb101) with ESMTP (Nemesis) id 0MIcpI-1UJUqf0Le4-002Dly for <sergej.kiefer@web.de>; Sun, 17 Mar 2013 19:03:21 +0100
Received: from atmail by mail2.intrapower.com.au with local (Exim 4.60) id 1UHHvS-0004Tr-BJ for sergej.kiefer@web.de; Mon, 18 Mar 2013 04:03:18 +1000
Auto-Submitted: auto-replied
From: Mail Delivery System <Mailer-Daemon@mail2.intrapower.com.au>
To: sergej.kiefer@web.de
Subject: Warning: message 1UGYrf-0005bF-BC delayed 48 hours
Message-Id: <E1UHHvS-0004Tr-BJ@mail2.intrapower.com.au>
Date: Mon, 18 Mar 2013 04:03:18 +1000
Envelope-To: <sergej.kiefer@web.de>
X-UI-Filterresults: ;V01:K0:N2X5oyNk:HyLsWIN/J6Sdp3D0hWaf3SkOS/n64FLhyPC K2GMsJ1LPr/XJ6UTm4dgps23N6VzezpiYEt5jDgKn7tJ3Xri/s4texCTKMsJG7Ry08RvIGk 9ahbMWoHX5vyi7JfCwYfriM6gCi5GnzksgJs+3BhXt7WtU50/yKa1fpDg8tWIMev2DdtbR+ 0DdrxuM8dkNdW8IEhTGDDIIogT0GDoD8GPkYjkrkN0vCGzd4w7MBB4ee+1yV7F7A3yFZtgD xFWBIqQVvYY8t10kh++DyZ4Wiuu5skQ1GTmxZnU+qrWpCTrJ5n+Wl4eshu+NpeyGtqQGfDR NZyEx5XucduPZB8VeBUyb6QhenyLRdpJ2sPoD+8636J0bSkiKicKV2XhrRwmet0TvCy4xUH p5tSR4GczX5AgiV+w6bKmUjQ/97bpAax/HFe4SVE3ku+wGggIApIb4l04N7ZH/ar/vIV/PL Cxz8pJXqxlCfBxF9l/97z9pEdBnXCfOiXAQT1LQvlRobNNKwfCm3tBRreh6CAf36EoPniGi pgdqbxogsP0Mvtqf+lYf3acvHjzwuxIfc22bcsL0rYS5qsJelK3i7Lv0S3Mtt2LKDBJU9Bx dsIp4QF34xKA+qlBVeKOU/x3Caz7CjmhyxLDkSjYLSOwVD1lpdPdbOlBu0QU8h7F1ZU3tqe JUqjXUqnMoXHWBTL/c4ztM0VlvQiqgIO0jsJ5w2VktrjxUKx/ox9kHEDTTLzuxyrxBaVtRZ uv6KdIVQeDwHtxPpATrGCgu7eEiF4ubAKL/vMviGvNhYzYvp6PgCn7wdnYX50cDNYNcFes7 sWBk1ItWBk7LjFEa0H3EF3svv5yi66zJBo7/lmXxxWc6vRCYUh0RP70igfSJuoxq0aSGDeP d6HjtqFSP7mTSGGZHWxQG97wXSDyquCCYZjybfzYAw++KPB12dOsCLRMGfmRkenF6K+bFPn D24XcB3Ocag7Ug3wynvqo7BwxdowLjCpt3XDVobwUOUndJFLJ7nm07vohsyJta5p+BdV/X+ Zjm+CZDjhVHdcYIdEDYfkWQfjhuS356elXylnVf3pvJvJPDrJR9VYqmT0eC5IsasvO0wimI 13tdM6fXONtBCcJjlV/QhZ/XPXfKy87B7TPFjgaTIj0NCXv/qLWLtc7pO72oYIlweuAJ5Zo JmaRuVyPstUuRE+OvTQjCSHkaBGgkWTtX6BTAfIB1IV+AohXBktyBo049U9KnBFDbyD1Tm0 Kwyj3JEAz6NemynNXKgAXbV8ATzd8KMxQL8EihJDncjAUuRT8LKWF9tooc/kCkiBB9va5Xq xyUox3iasE=
Content-Type: text/plain


2.Mail

Return-Path:
Received: from aomail1.emirates.net.ae ([195.229.241.85]) by mx-ha.web.de (mxweb103) with ESMTP (Nemesis) id 0MLwLA-1UMUf80oM0-008FaZ for <sergej.kiefer@web.de>; Sat, 16 Mar 2013 23:17:06 +0100
Received: from process-daemon.aomail1.emirates.net.ae by aomail1.emirates.net.ae (I&ES Mail Server 4.2) id <0MJR00J00XRAM700@aomail1.emirates.net.ae> for sergej.kiefer@web.de; Sun, 17 Mar 2013 02:17:05 +0400 (GST)
Received: from aomail1.emirates.net.ae (I&ES Mail Server 4.2) id <0MJR009LHXWHH1P3@aomail1.emirates.net.ae>; Sun, 17 Mar 2013 02:17:05 +0400 (GST)
MIME-version: 1.0
Content-Type: multipart/report; boundary="Boundary_(ID_Brx5ksn40NWbxN0zR0On6w)"; report-type=delivery-status
Date: Sun, 17 Mar 2013 02:17:05 +0400 (GST)
From: Internet Mail Delivery <postmaster@aomail1.emirates.net.ae>
Subject: Delivery Notification: Delivery has timed out and failed
To: sergej.kiefer@web.de
Message-id: <0MJR009LJXWHH1P3@aomail1.emirates.net.ae>
Envelope-To: <sergej.kiefer@web.de>
X-UI-Filterresults: ;V01:K0:CM8YZK0c:idET1DKE582MXVnmdj/S5huhqWkz7vqVeil DDzp7Z/4xz6JcrugbvFGvFj9wVNMC5r010a2iCTdrWuBgbKpGLnpTxqFtKJOYbogW/XYbez NogfdrHBAr94ln9GIgHOJoWBfABquCRKPdL+dU9FBUJeDR6m8k4s4oQOGK2Q9cyUCNE8pou 8Lqapm0GbIwKV0jzPYEWFX5D499CAri1nKHmckZi006MXOJsn1Az7L6e/qpCzhPmHN/FXOX Vbg7kirMJCj/1KLIXmcx7yV5+6tpvBiZAOncQV4cgrmcOlDRrT9DJcInpUdW6feNAsWyf9a im/yZcnXHl+nvIk72qpnTgRMKWpZN1R1I+eum9XvFmLoXHTBCOK7NBg0zVPNtmUrnlOL/lM k6JffMqmIpGMeiInj9t9gef7dewQw9hVX07otxekBDFmqgAA056bXzLweGmQ3vuqJAuhCQg 9TihiZNRyVPaClFVMwrcIQIwjZV7sYHj5iSlS3hLFhoOmZZxnW5BkqxJjbhfeQUM65e6WQS RQqNqjleOuzIMY219i3g5tSU1JMT4qs/qdTw9CaNAFM6gjapLoX0nO9GzAwYbz9HU0tuuzd Vwo6Ig8/GhV9GdcLJxFd2w+plWjffL8NlPbhow2rjv9OZUHYVFAz5e7LzGJqIKOlytPpr9E O87ffEjimGJg7pGEgRxElYgGCL6/8EGnh3YryXV79UdoLNk81o2BV9fEActwQoVJ7fSNVLT bQq46+Aq+ywiFoErJ+WS2dc77xKw97A+hr3Q6sL+c2rd6PYSFJI7M401+rwtQugNioz9pCM s45y4veYXa/Yrn8su1fZSqMFOkDTQzEyJkJBzJfmVFul8Oo+BBBQCbSReL8q9VexTEkJ5/0 AnORLYqsvEsm/zlYoFRcyEgDQ6g2NlK946splNvIc6l59wFPJai/EELUpLTcDo3X72ZMelo b86zbuzySP+cIdGiiA4C+yDBx0tjuvY8h/uvSv4jnqevluShBxom/KHAFMcJ1zIVc3dR85z HzX7daS6gQCBWTGczNjEfFV9BVzvYlQ6P1myDVvpn8oGum6d7MFjKhxza44sjxAitfw7yq3 ox0nqx8niWS8XA5fF6b1pE/VdskGJ4AnHqrvleqbYOlnYwGQDyRyQwKg4GRnWXA7nr6YBnW yDX5r2u0ZcWTP6u586y2f5wQ=

Danke. ich habe noch ein paar wenn ihr braucht.

Geändert von DPYR (22.03.2013 um 07:32 Uhr)

Antwort

Themen zu WEB.DE postfach empfängt komische Mails in minuten tackt
adresse, e-mail, empfängt, komische, komische mails, lauter, mail delivery, mails, minute, minuten, postfach, returning message to sender, web.de



Ähnliche Themen: WEB.DE postfach empfängt komische Mails in minuten tackt


  1. Windows 7 lädt ca. 6 Minuten, Desktop dann 2 weitere Minuten, Combofix zeigte Infektion
    Log-Analyse und Auswertung - 30.08.2015 (25)
  2. Windows 7 lädt ca. 6 Minuten, Desktop dann 2 weitere Minuten, Combofix zeigte Infektion
    Alles rund um Windows - 09.08.2015 (4)
  3. Internet lahm....Und komische Mails die mir zugesendet werden - CHECK möglich?
    Plagegeister aller Art und deren Bekämpfung - 14.04.2015 (15)
  4. Outlook empfängt keine Mails mehr
    Log-Analyse und Auswertung - 23.03.2014 (3)
  5. Merkwürdige mails in meinem Postfach
    Überwachung, Datenschutz und Spam - 17.03.2014 (11)
  6. Komische mails
    Plagegeister aller Art und deren Bekämpfung - 09.03.2014 (7)
  7. FritzBox WLAN-Stick empfängt kein Signal
    Netzwerk und Hardware - 06.02.2014 (8)
  8. Viele "Mail delivery failed: returning message to sender" und komische Emails im Postfach!
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (3)
  9. Mail-Account gehackt? Hab komische Mails verschickt...
    Log-Analyse und Auswertung - 15.04.2013 (9)
  10. Bitte LOG auswerten, es werden immer komische MAils versandt
    Log-Analyse und Auswertung - 08.04.2012 (1)
  11. PC empfängt bzw. sendet permanent Daten
    Plagegeister aller Art und deren Bekämpfung - 02.11.2010 (7)
  12. Freunde bekommen ständig komische mails von mir,...
    Log-Analyse und Auswertung - 30.09.2010 (11)
  13. DSL Modem sendet oder empfängt STÄNDIG Daten!
    Log-Analyse und Auswertung - 31.10.2007 (15)
  14. pc braucht 10 minuten zum hochfahren,programme brauchen minuten zum starten,hängt si.
    Plagegeister aller Art und deren Bekämpfung - 16.08.2007 (22)
  15. PC sendet und empfängt die ganze Zeit Packete !?
    Überwachung, Datenschutz und Spam - 21.06.2007 (4)
  16. PC sendet und empfängt die ganze Zeit Packete !?
    Log-Analyse und Auswertung - 20.06.2007 (1)
  17. Komische Mails mit Beschimpfungen od. Hinweis "Du hast einen Trojaner drauf"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2004 (4)

Zum Thema WEB.DE postfach empfängt komische Mails in minuten tackt - Bekomme auf meine E-Mail adresse lauter komische Mails: Hallo noch mal. Die meldung unter anderen bekomme ich: Mail delivery failed: returning message to sender Danke - WEB.DE postfach empfängt komische Mails in minuten tackt...
Archiv
Du betrachtest: WEB.DE postfach empfängt komische Mails in minuten tackt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.