|
e- mails von eigenem local host hallo, in letzter zeit bekomme ich von meinem eigenen local host ( 127.0.0.1, die ip habe ich unter hxxp://ipnr.rehbein.net/ anhand der jeweiligen mail- adressen nachgesehen ) unter ständig neuen e- mail- adressen seltsame mails zugeschickt. ist da wer auf meinem rechner und falls ja, hast du eine idee, was man da machen kann- system neu aufsetzen? den rechner habe ich erst vor kurzem neu gekauft. - vielen dank im voraus für die hilfe! - anbei der logfile von otl: OTL logfile created on: 18.11.2012 22:56:39 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\babsi02\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,73 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 61,10% Memory free 7,46 Gb Paging File | 5,79 Gb Available in Paging File | 77,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447,66 Gb Total Space | 396,27 Gb Free Space | 88,52% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: BABSI02-PC | User Name: babsi02 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.17 00:03:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\babsi02\Downloads\OTL.exe PRC - [2012.10.27 23:04:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.10.01 02:15:58 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE PRC - [2012.09.29 18:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.06.11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe PRC - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.07.01 03:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe PRC - [2011.07.01 03:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2011.07.01 03:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2011.07.01 03:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2011.06.06 20:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe PRC - [2011.05.25 00:36:26 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe PRC - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2011.03.29 23:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2010.09.30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007.06.21 15:12:03 | 000,054,576 | ---- | M] (AOL, LLC.) -- C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe PRC - [2007.05.24 09:15:27 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files (x86)\AOL 9.0 VR\waol.exe PRC - [2007.04.02 13:33:32 | 000,063,120 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe PRC - [2006.10.23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe PRC - [2006.09.26 01:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files (x86)\Common Files\aol\1350253404\ee\aolsoftware.exe ========== Modules (No Company Name) ========== MOD - [2012.10.27 23:04:10 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2007.05.24 09:01:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\AOL 9.0 VR\Components\Tier2Svc.dll MOD - [2007.05.24 09:01:17 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\AOL 9.0 VR\Components\DataSvcs.dll MOD - [2007.05.24 02:49:40 | 000,131,072 | ---- | M] () -- c:\program files (x86)\common files\aol\1350253404\ee\services\proxyprovider\ver1_0_0_1\proxyprovider.dll MOD - [2004.01.09 21:02:48 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\AOL 9.0 VR\zlib.dll MOD - [2002.04.22 22:08:37 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\AOL 9.0 VR\xmltok.dll MOD - [2002.04.22 22:08:27 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\AOL 9.0 VR\xmlparse.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.05.24 16:03:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.12.17 00:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV - [2012.10.27 23:04:10 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.08 22:31:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.01 02:15:58 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc) SRV - [2012.10.01 02:15:52 | 000,230,920 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8) SRV - [2012.09.29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.13 00:53:06 | 000,229,392 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate) SRV - [2012.06.11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc) SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.08.02 11:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2011.07.01 03:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2011.06.06 20:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService) SRV - [2011.05.25 00:36:26 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe -- (NIS) SRV - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Live Updater Service) SRV - [2011.04.19 17:05:50 | 000,176,128 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe -- (becldr3Service) SRV - [2011.03.29 23:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.03.29 05:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.09.30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.09.23 20:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006.10.23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.12 11:22:00 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.07.14 06:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.07.14 06:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.06.08 17:36:14 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.06.02 04:37:32 | 002,750,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.05.24 17:26:58 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.05.24 15:25:44 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.05.23 22:46:36 | 000,165,512 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1300000.080\ccSetx64.sys -- (ccSet_NIS) DRV:64bit: - [2011.05.21 00:29:50 | 000,721,528 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1300000.080\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011.05.21 00:29:50 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1300000.080\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2011.05.16 21:03:28 | 001,083,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1300000.080\SymEFA64.sys -- (SymEFA) DRV:64bit: - [2011.05.16 21:03:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1300000.080\SymDS64.sys -- (SymDS) DRV:64bit: - [2011.05.16 21:00:32 | 000,189,560 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1300000.080\Ironx64.sys -- (SymIRON) DRV:64bit: - [2011.05.09 18:42:52 | 000,396,408 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1300000.080\symnets.sys -- (SymNetS) DRV:64bit: - [2011.04.05 12:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011.03.30 07:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.01.11 08:01:32 | 001,495,680 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010.12.15 16:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.27 08:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.06.17 10:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006.11.29 23:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw) DRV - [2012.11.18 10:04:10 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20121117.005\ex64.sys -- (NAVEX15) DRV - [2012.11.18 10:04:10 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20121117.005\eng64.sys -- (NAVENG) DRV - [2012.10.24 00:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20121106.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012.09.22 07:17:04 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.09.22 03:38:43 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.09.20 18:23:56 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20121116.001\IDSviA64.sys -- (IDSVia64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKCU\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms} IE - HKCU\..\SearchScopes\{E41D0224-03F7-445B-8C14-316F34676F69}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=26E8BC7B-1006-478E-B4DB-ADD021412930&apn_sauid=9CEF8E10-30FD-4255-A533-E162EA227F93 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\ [2012.11.18 19:50:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2012.09.21 20:08:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 23:04:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 23:04:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.21 20:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\babsi02\AppData\Roaming\mozilla\Extensions [2012.10.24 01:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\babsi02\AppData\Roaming\mozilla\Firefox\Profiles\fd1qn6jy.default\extensions [2012.09.30 00:02:10 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\babsi02\AppData\Roaming\mozilla\Firefox\Profiles\fd1qn6jy.default\extensions\bbrs_002@blabbers.com [2012.10.03 00:44:44 | 000,002,299 | ---- | M] () -- C:\Users\babsi02\AppData\Roaming\mozilla\firefox\profiles\fd1qn6jy.default\searchplugins\askcom.xml [2012.10.27 23:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.27 23:04:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.29 21:50:19 | 000,002,359 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\babsi02\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\6.0.2_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: Norton Identity Protection = C:\Users\babsi02\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\6.0.2_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1350253404\ee\AOLSoftware.exe (America Online, Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL 9.0 VR\AOL.EXE (AOL, LLC.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - c:\program files (x86)\aol\aol toolbar 4.0\resources\de-DE\local\search.html () O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files (x86)\aol\aol toolbar 4.0\resources\de-DE\local\search.html () O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BFD91AE-39DE-4379-85AB-8520FABBA265}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.17 00:43:14 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.17 00:43:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.17 00:33:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.17 00:33:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.17 00:33:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.17 00:33:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.17 00:33:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.17 00:33:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.17 00:33:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.17 00:33:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.17 00:33:29 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.17 00:33:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.17 00:33:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.17 00:33:29 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.17 00:33:26 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.17 00:33:26 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.17 00:33:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.17 00:29:55 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.17 00:29:54 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.17 00:29:54 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.17 00:29:54 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.16 09:10:58 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.16 09:10:58 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.16 09:10:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.16 09:10:49 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.16 09:10:49 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.16 09:10:31 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.16 09:10:31 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.16 09:10:30 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.16 09:10:30 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.16 09:10:30 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.16 09:10:30 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.01 08:47:25 | 000,000,000 | ---D | C] -- C:\Users\babsi02\Documents\einladung_leben_und_tod [2012.10.27 23:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.22 17:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPCFixer [2012.10.22 17:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCFixer [1 C:\Users\babsi02\Desktop\*.tmp files -> C:\Users\babsi02\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.18 23:00:06 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\Packard Bell Registration - Reminder Recall task.job [2012.11.18 22:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.18 22:28:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.18 19:58:01 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.18 19:58:01 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.18 19:54:37 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.18 19:54:37 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.18 19:54:37 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.18 19:54:37 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.18 19:54:37 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.18 19:50:00 | 3003,305,984 | -HS- | M] () -- C:\hiberfil.sys [2012.11.17 11:17:59 | 000,274,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.14 23:28:00 | 000,046,368 | ---- | M] () -- C:\Users\babsi02\Desktop\telefonnummern.rtf [2012.11.14 22:36:01 | 000,023,600 | ---- | M] () -- C:\Users\babsi02\Documents\2012-3-3259313.pdf [2012.11.14 02:31:30 | 000,047,635 | ---- | M] () -- C:\Users\babsi02\Desktop\Klausurrelevante_Inhalte_WS12_13.pdf [2012.11.14 02:29:50 | 000,015,060 | ---- | M] () -- C:\Users\babsi02\Desktop\Zeitplan_WS_2012_13.pdf [2012.11.13 15:54:10 | 000,115,331 | ---- | M] () -- C:\Users\babsi02\Documents\934-12HandelsregisterGmbH.pdf [2012.11.06 02:28:32 | 000,007,819 | ---- | M] () -- C:\Users\babsi02\Documents\daseinsverlust_I.odt [2012.11.01 08:47:25 | 001,058,104 | ---- | M] () -- C:\Users\babsi02\Documents\einladung_leben_und_tod.zip [2012.11.01 08:44:55 | 000,145,782 | ---- | M] () -- C:\Users\babsi02\Desktop\Monatsplan_Bereich_BWB_November_NEU_2012_.pdf [2012.10.22 17:43:11 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.10.22 17:23:18 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\SmartPCFixer.lnk [1 C:\Users\babsi02\Desktop\*.tmp files -> C:\Users\babsi02\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.17 00:43:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.17 00:29:54 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.14 23:27:59 | 000,046,368 | ---- | C] () -- C:\Users\babsi02\Desktop\telefonnummern.rtf [2012.11.14 22:36:00 | 000,023,600 | ---- | C] () -- C:\Users\babsi02\Documents\2012-3-3259313.pdf [2012.11.14 02:31:29 | 000,047,635 | ---- | C] () -- C:\Users\babsi02\Desktop\Klausurrelevante_Inhalte_WS12_13.pdf [2012.11.14 02:29:49 | 000,015,060 | ---- | C] () -- C:\Users\babsi02\Desktop\Zeitplan_WS_2012_13.pdf [2012.11.13 15:54:08 | 000,115,331 | ---- | C] () -- C:\Users\babsi02\Documents\934-12HandelsregisterGmbH.pdf [2012.11.01 08:47:11 | 001,058,104 | ---- | C] () -- C:\Users\babsi02\Documents\einladung_leben_und_tod.zip [2012.11.01 08:44:52 | 000,145,782 | ---- | C] () -- C:\Users\babsi02\Desktop\Monatsplan_Bereich_BWB_November_NEU_2012_.pdf [2012.10.22 17:23:18 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\SmartPCFixer.lnk [2012.10.14 23:23:09 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2012.10.04 08:20:12 | 000,208,258 | ---- | C] () -- C:\Windows\hpwins14.dat.temp [2012.10.04 04:08:18 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat.temp [2012.10.04 03:51:53 | 000,208,258 | ---- | C] () -- C:\Windows\hpwins14.dat [2012.10.04 03:51:53 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat [2012.10.02 14:52:23 | 034,019,610 | ---- | C] () -- C:\Users\babsi02\WeTransfer-lVwe65Tc.zip [2012.09.22 20:39:37 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.25 15:45:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.10.12 10:34:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > - und eines quickscans von malwarebytes: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.18.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 babsi02 :: BABSI02-PC [Administrator] 18.11.2012 22:57:42 mbam-log-2012-11-18 (22-57-42).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 204249 Laufzeit: 5 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
Hallo und :hallo: Zitat:
Zitat:
Was hat bitte spam mit dem Kaufdatum des Rechners zu tun? :pfeiff: |
hallo anbei der inhalt der kopfzeile einer solchen komischen mail: Return-Path: <malcolm.scott@sagittar.com> Received: from alpha.sitelutions.com (alpha.sitelutions.com [69.5.81.37]) by mtain-mp05.r1000.mx.aol.com (Internet Inbound) with ESMTP id 1C47A380000AB for <h***a@aol.com>; Thu, 15 Nov 2012 13:54:21 -0500 (EST) Received: from [89.36.141.20] (port=3920 helo=sagittar.com) by alpha.sitelutions.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <malcolm.scott@sagittar.com>) id 1TZ4Zw-0001yP-Lo for h***a@aol.com; Thu, 15 Nov 2012 13:54:20 -0500 Message-ID: <gE8R.oc0rs1y4373TEg24EEXo8AUcO5aeAi@41eKu7Ia1> Date: Thu, 15 Nov 2012 10:54:15 -0800 From: "Christine Meyer" <apmvufiru@ceamqceiayj.con> Reply-To: owukduaohqoe@raspberry.e2-92.net Subject: Re: To: h***a@aol.com MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_0037516_333836476.5132212642527" X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - alpha.sitelutions.com X-AntiAbuse: Original Domain - aol.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - sagittar.com X-Source: X-Source-Args: X-Source-Dir: x-aol-global-disposition: G x-aol-sid: 3039ac1dc14950a53a5d0208 X-AOL-IP: 69.5.81.37 X-AOL-SPF: domain : sagittar.com SPF : none ............. da als ip- adresse dieser sender immer mein eigener local host angegeben wurde, habe ich vermutetet, dass jemand anderer auf meinem rechner sein müsste, da ich mir die mails schließlich nicht selber sende. |
Du bist ja witzig :D In dem was du gepostet hast steht weder 127.0.0.1 noch localhost Kann es sein, dass du unter "localhost" etwas völlig anderes verstehst als es eigentlich definiert ist? Zitat:
[89.36.141.20] - IP Location: http://whois.domaintools.com/images/flags/ro.gif Romania Romania Cosbuc Rta Erendi Consult Srl Zitat:
Ich seh da so weder eine localhost Adresse (127.0.0.1) noch eine mögliche IP von dir oder hast du eine IP aus Amerika oder Rumänien? :rofl: (da ich Moderator seh ich deine jetzt aktuelle übrigens gerade und die steht da nicht drin :pfeiff: ) |
das ist mir auch aufgefallen, nachdem ich es gepostet hatte-dass in dem e- mail- head eine ganz andere ip steht. ich hatte die ip bei hxxp://daniel.rehbein.net/ nachgesehen und er hat mir als ip 127.0.0.1 ausgespuckt. für die mail- adresse wäre weder ein e- mail- server noch eine ip- adresse konfuguriert. zur ip 127.0.0.1 habe ich die information gefunden, dass das die funktionsadresse des local hosts ist. falls das falsch ist, kläre mich bitte auf. deswegen dachte ich, dass da jemand eingehackt hätte. |
Ist das deine Mail-Adresse? => h***a@aol.com sagittar.com kennst du bestimmt nicht oder? :wtf: |
sorry, aber was und ob eines davon meine private e- mail-adresse oder ob das eine der ( von dir vermuteten ) spam- adressen ist, möchte ich hier in dem forum nicht unbedingt angeben. warum ist das so wichtig? |
Damit ich das besser nachvollziehen kann. Deine E-Mailadresse können wir dann auch unkenntlich machen, auch bei den bisherigen Postings hier schon. |
wie ich bereits gesagt habe, möchte ich in diesem forum meine private mail- adresse nicht bekannt geben und es ist ungeheuerlich, dass du wiederholt danach fragst. ich hatte mehrfach an den verantwortlichen des forums geschrieben. ich möchte, dass der thread stillgelegt und alle e- mail- adressen unkenntlich gemacht werden und auch als mitglied gelöscht werden. ich habe das recht, über meine eprsönlcihen daten selbst zu bestimmen. kannst du dich bitte per pn an mich wenden, ich möchte diese diskussion nicht öffentlich führen. ansonsten muss ich rechtliche schritte einleiten. |
Zitat:
Zitat:
Wir löschen aus organisatorischen Gründen weder Themen noch einzelne Logfiles. Logfiles enthalten viele Informationen, die für uns wichtig sind. Wir brauchen die vollständigen Logfiles um euch effektiv helfen zu können. Sollte euer Nutzername eurem vollständigen Namen entsprechen, ist es nicht unsere Arbeit, diesen nachträglich zu editieren. |
löschen Sie bitte sofort die E- Mails in dem thread "e- mails von eigenem local host". Ich widerspreche hiermit nachträglich der Veröffentlichung derjenigen. Sie erhalten diese Mail in den nächsten Tagen ebenfalls postalisch von mir oder meinem Anwalt. Ich verweise auf Ihre Nutzungsbedingungen, wonach Sie sich verpflichten, personenbezogene Daten nicht weiterzugeben. Eine Veröffentllichung meiner personenbezogenen Daten, nachdem ich dieser widersprochen hatte- stellt einen Datenmissbrauch dar, der sogar strafrechtliche Konsequenzen nach sich ziehen kann. |
Zitat:
Wen willst du denn da wegen Datenmissbrauch anzeigen? ;) Wenn hier was unkenntlich gemacht wird, dann die E-Mail-Adresse aber wir löschen keine ganzen Stränge.... |
leute im forum verhöhnen, du scheinst es nötig zu haben und kannst einem nur leid tun... wenn du die email- adressen in dem head nicht sofort löschst, können wir das ganze gerne rechtlich klären, falls du es unbedingt darauf anlegen willst, eine strafe zu zahlen. ich habe sie versehentlich veröffentlicht und kann dem nachträglich widersprechen, wie bereits mehrfach erwähnt. du solltest dich besser mal mit dem datenschutzgesetz beschäftigen, wenn du schon admin bist. und auf weitere nachrichten antworte ich nun hier nicht mehr. meinen account kannst du bitte auch löschen, ich habe besseres zu tun, als mich mit so einem mist zu beschäftigen. |
Zitat:
Danke. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 14:01 Uhr. |
Copyright ©2000-2024, Trojaner-Board