| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: E-Mail Account wurde gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.11.2012, 22:26
| #1 |
 |  E-Mail Account wurde gesperrt Hallo, ich hatte im Oktober einen Virus den ich mit eurer Hilfe behoben habe. Nebenbei wurde ich damals schon von t-... aufgefordert meinen PC zu überprüfen, da von meinem E-Mail Account Spams verschickt werden. Also hab ich damals PC bereinigt, Passwörter gewechselt und jetzt hat mir t-... meinen Account gesperrt. Ich hab aber keine Ahnung was los ist, ob es ein neuer Virus ist, oder ob das noch "Altlasten" sind. Ich poste hier mal die Logs die ich gemacht hab. bei GMER ist allerdings mein PC ausgestiegen und hat mir einen bluescreen gezeigt, leider zu kurz das ich was lesen konnte. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:16 on 04/11/2012 (Bernd)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 04.11.2012 19:17:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bernd\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 50,32% Memory free 6,23 Gb Paging File | 4,71 Gb Available in Paging File | 75,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,78 Gb Total Space | 137,92 Gb Free Space | 61,91% Space Free | Partition Type: NTFS Drive D: | 232,83 Gb Total Space | 88,12 Gb Free Space | 37,85% Space Free | Partition Type: NTFS Drive E: | 10,00 Gb Total Space | 9,92 Gb Free Space | 99,21% Space Free | Partition Type: NTFS Drive F: | 630,98 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive L: | 931,51 Gb Total Space | 541,50 Gb Free Space | 58,13% Space Free | Partition Type: NTFS Computer Name: LANGBAUER-PC | User Name: Bernd | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.04 19:17:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bernd\Downloads\OTL.exe PRC - [2012.10.09 11:49:18 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\Bernd\AppData\Local\Apps\2.0\CY52MG7G.2LX\31JMOZKE.H8C\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe PRC - [2012.10.08 21:10:32 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe PRC - [2012.09.14 08:11:53 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.08.01 11:02:21 | 000,468,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe PRC - [2012.08.01 11:02:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.18 10:04:52 | 000,434,168 | ---- | M] (TomTom) -- C:\Programme\MyTomTom 3\MyTomTomSA.exe PRC - [2012.05.14 14:48:54 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.14 14:48:54 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.14 14:48:53 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2012.05.14 14:48:53 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.05.14 14:48:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.14 14:48:53 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.03.08 17:55:56 | 007,027,664 | ---- | M] (ETU Software GmbH) -- C:\Programme\HSETU\ApplicationService\ApplicationService.exe PRC - [2011.06.29 14:16:30 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.02.20 13:58:44 | 000,053,248 | ---- | M] (Logitech Inc.) -- C:\Programme\SetPoint\LBTWiz.exe PRC - [2007.02.20 13:57:32 | 000,110,592 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTSERV.EXE PRC - [2007.02.20 13:29:00 | 000,679,936 | ---- | M] (Logitech Inc.) -- C:\Programme\SetPoint\SetPoint.exe PRC - [2007.01.11 19:15:00 | 000,101,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\khalshared\KHALMNPR.exe ========== Modules (No Company Name) ========== MOD - [2012.10.09 11:48:49 | 000,368,640 | ---- | M] () -- C:\Users\Bernd\AppData\Local\Apps\2.0\CY52MG7G.2LX\31JMOZKE.H8C\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.dll MOD - [2012.10.08 21:10:31 | 009,814,968 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll MOD - [2012.09.14 08:11:53 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.06.13 13:15:47 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\18050fc0ebf2c4835d05ffd337aa1616\System.Deployment.ni.dll MOD - [2012.06.13 13:10:59 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.13 13:10:51 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.06.13 13:10:39 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll MOD - [2012.06.13 13:10:13 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012.05.18 10:04:54 | 000,252,408 | ---- | M] () -- C:\Programme\MyTomTom 3\TomTomSupporterProxy.dll MOD - [2012.05.18 10:04:54 | 000,067,576 | ---- | M] () -- C:\Programme\MyTomTom 3\TomTomSupporterBase.dll MOD - [2012.05.18 10:04:44 | 007,964,160 | ---- | M] () -- C:\Programme\MyTomTom 3\QtGui4.dll MOD - [2012.05.18 10:04:44 | 000,980,480 | ---- | M] () -- C:\Programme\MyTomTom 3\QtNetwork4.dll MOD - [2012.05.18 10:04:44 | 000,019,456 | ---- | M] () -- C:\Programme\MyTomTom 3\DeviceDetection.dll MOD - [2012.05.18 10:04:42 | 002,302,464 | ---- | M] () -- C:\Programme\MyTomTom 3\QtCore4.dll MOD - [2012.05.18 10:04:42 | 000,357,888 | ---- | M] () -- C:\Programme\MyTomTom 3\QtXml4.dll MOD - [2012.05.13 07:42:50 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.13 07:39:05 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.13 07:38:29 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll MOD - [2012.05.13 07:38:01 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012.05.13 07:37:54 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.13 07:37:43 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.25 02:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ========== Services (SafeList) ========== SRV - [2012.10.08 21:10:34 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.14 08:11:53 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.20 02:26:02 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService) SRV - [2012.05.14 14:48:54 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.14 14:48:54 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.14 14:48:53 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2012.05.14 14:48:53 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.14 14:48:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.08 17:55:56 | 007,027,664 | ---- | M] (ETU Software GmbH) [Auto | Running] -- C:\Programme\HSETU\ApplicationService\ApplicationService.exe -- (HSETUApplicationService) SRV - [2012.03.08 17:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.29 14:16:30 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -- (Lexware_Datenbank_Plus) SRV - [2011.04.01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.02.20 13:57:32 | 000,110,592 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTSERV.EXE -- (LBTServ) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.05.14 14:48:54 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.14 14:48:54 | 000,112,032 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot) DRV - [2012.05.14 14:48:54 | 000,091,968 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim) DRV - [2012.05.14 14:48:54 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.03.26 22:45:14 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2012.01.25 10:09:25 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2011.10.11 14:52:55 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.01.19 05:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2007.09.17 08:07:00 | 007,624,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.01.11 19:15:16 | 000,032,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2007.01.11 19:15:06 | 000,032,272 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.14 08:11:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.14 08:11:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.22 10:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd\AppData\Roaming\mozilla\Extensions [2012.10.27 12:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\x47eyp4j.default\extensions [2012.10.16 22:55:51 | 000,558,413 | ---- | M] () (No name found) -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\x47eyp4j.default\extensions\toolbar@web.de.xpi [2012.02.24 21:33:18 | 000,000,933 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\x47eyp4j.default\searchplugins\11-suche.xml [2012.02.24 21:33:18 | 000,002,419 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\x47eyp4j.default\searchplugins\englische-ergebnisse.xml [2012.02.24 21:33:18 | 000,010,525 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\x47eyp4j.default\searchplugins\gmx-suche.xml [2012.02.24 21:33:18 | 000,002,457 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\x47eyp4j.default\searchplugins\lastminute.xml [2012.02.24 21:33:18 | 000,005,508 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\x47eyp4j.default\searchplugins\webde-suche.xml [2012.10.05 09:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.14 08:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.09.14 08:11:43 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de [2012.09.14 08:11:53 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.10.08 12:01:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Logitech BT Wizard] LBTWiz.exe -silent File not found O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Bernd\AppData\Local\Apps\2.0\CY52MG7G.2LX\31JMOZKE.H8C\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BE2E673-F951-4FE5-A387-7598FDFE91A2}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002.07.26 10:31:14 | 000,000,046 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.30 11:44:16 | 000,000,000 | ---D | C] -- C:\Users\Bernd\Documents\WISO Mein Geld [2012.10.30 11:39:25 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\Buhl Data Service [2012.10.30 11:39:04 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\Buhl Data Service GmbH [2012.10.30 11:39:04 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\Buhl Data Service [2012.10.30 11:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Mein Geld 2013 [2012.10.30 11:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH [2012.10.30 11:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Buhl [2012.10.30 10:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VR-NetWorld Admin [2012.10.30 10:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\VR-NetWorld [2012.10.28 15:07:39 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\hpb [2012.10.28 15:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TWG [2012.10.28 15:07:21 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\twg [2012.10.26 15:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.10.11 11:06:53 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.10.11 11:03:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2012.10.11 11:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2012.10.11 11:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2012.10.11 10:47:32 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\Windows Live [2012.10.11 10:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2012.10.08 19:42:03 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\SUPERAntiSpyware.com [2012.10.08 16:51:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.10.08 12:02:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.08 12:02:52 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\temp [2012.10.07 21:15:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt ========== Files - Modified Within 30 Days ========== [2012.11.04 19:16:30 | 000,000,000 | ---- | M] () -- C:\Users\Bernd\defogger_reenable [2012.11.04 18:00:53 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.04 18:00:53 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.04 17:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.03 10:07:15 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.03 10:07:15 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.03 10:07:15 | 000,127,064 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.03 10:07:15 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.03 10:01:27 | 000,000,442 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2012.11.03 10:00:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.03 10:00:52 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys [2012.11.02 23:01:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.11.02 22:08:28 | 000,098,304 | ---- | M] () -- C:\Users\Bernd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.30 18:48:15 | 000,001,920 | ---- | M] () -- C:\Users\Public\Desktop\Lumac.lnk [2012.10.30 18:38:35 | 000,389,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.30 11:38:22 | 000,000,993 | ---- | M] () -- C:\Users\Public\Desktop\Belegschnellerfassung.lnk [2012.10.30 11:38:22 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\WISO Mein Geld 2013.lnk [2012.10.30 10:56:02 | 000,000,129 | ---- | M] () -- C:\Windows\ODBC.INI [2012.10.30 10:46:50 | 000,001,042 | ---- | M] () -- C:\Windows\ODBCINST.INI [2012.10.30 09:34:18 | 000,000,024 | ---- | M] () -- C:\Windows\HBUser.ini [2012.10.28 15:07:29 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\TWG-Händlerprogramm.lnk [2012.10.26 15:04:00 | 000,001,292 | ---- | M] () -- C:\Users\Bernd\Desktop\CopyTrans Control Center.lnk [2012.10.08 12:01:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts ========== Files Created - No Company Name ========== [2012.11.04 19:16:30 | 000,000,000 | ---- | C] () -- C:\Users\Bernd\defogger_reenable [2012.10.30 18:48:15 | 000,001,920 | ---- | C] () -- C:\Users\Public\Desktop\Lumac.lnk [2012.10.30 18:48:15 | 000,001,918 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lumac.lnk [2012.10.30 11:38:22 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\Belegschnellerfassung.lnk [2012.10.30 11:38:22 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\WISO Mein Geld 2013.lnk [2012.10.28 15:07:29 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\TWG-Händlerprogramm.lnk [2012.10.11 11:03:04 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2012.10.11 11:02:31 | 000,001,227 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2012.10.11 11:02:06 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2012.10.11 11:01:44 | 000,002,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012.10.03 13:00:49 | 000,000,000 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\SharedSettings.ccs [2012.09.21 15:09:44 | 000,170,840 | ---- | C] () -- C:\Users\Bernd\dropbearmulti [2012.09.21 15:09:44 | 000,000,398 | ---- | C] () -- C:\Users\Bernd\usbnetwork.sh [2012.09.21 15:09:44 | 000,000,082 | ---- | C] () -- C:\Users\Bernd\._scp [2012.09.21 15:09:44 | 000,000,082 | ---- | C] () -- C:\Users\Bernd\._dropbearkey [2012.09.21 15:09:44 | 000,000,082 | ---- | C] () -- C:\Users\Bernd\._dropbearconvert [2012.09.21 15:09:44 | 000,000,082 | ---- | C] () -- C:\Users\Bernd\._dbclient [2012.06.27 16:52:20 | 000,000,129 | ---- | C] () -- C:\Windows\ODBC.INI [2012.04.07 06:10:19 | 005,734,769 | ---- | C] () -- C:\Users\Bernd\Energie.zip [2012.02.27 09:41:52 | 000,202,240 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2012.02.27 09:40:44 | 000,304,128 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll [2012.02.27 09:38:36 | 000,133,120 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll [2012.02.27 09:38:18 | 000,069,120 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll [2012.02.08 08:02:11 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2012.01.25 11:04:11 | 000,001,583 | ---- | C] () -- C:\Windows\System32\hpenum.ini [2012.01.25 11:04:11 | 000,000,103 | ---- | C] () -- C:\Windows\System32\hptrace.ini [2012.01.25 11:04:11 | 000,000,055 | ---- | C] () -- C:\Windows\hpntwksetup.ini [2012.01.25 11:02:33 | 000,013,451 | ---- | C] () -- C:\Windows\hpbins01.dat [2012.01.25 11:02:11 | 000,003,342 | ---- | C] () -- C:\Windows\hplj3380.ini [2012.01.25 10:44:40 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2012.01.24 17:37:00 | 000,000,024 | ---- | C] () -- C:\Windows\HBUser.ini [2012.01.24 14:24:32 | 000,098,304 | ---- | C] () -- C:\Users\Bernd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.24 14:16:57 | 000,001,042 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.01.23 06:58:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.01.23 05:02:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012.01.23 05:02:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.01.23 05:01:34 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.01.21 13:57:50 | 000,000,680 | ---- | C] () -- C:\Users\Bernd\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.30 11:39:25 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Buhl Data Service [2012.10.30 17:43:01 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Buhl Data Service GmbH [2012.01.24 15:29:38 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\DataDesign [2012.04.09 14:44:57 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\HSETU [2012.02.22 21:06:05 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Lexware [2012.11.01 20:57:21 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\LumacDaemon [2012.10.30 13:18:57 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\T-Online [2012.03.16 07:05:24 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\TeamViewer [2012.10.28 15:07:21 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\twg [2012.08.08 20:58:49 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\WindSolutions ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.11.2012 19:17:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bernd\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 50,32% Memory free
6,23 Gb Paging File | 4,71 Gb Available in Paging File | 75,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,78 Gb Total Space | 137,92 Gb Free Space | 61,91% Space Free | Partition Type: NTFS
Drive D: | 232,83 Gb Total Space | 88,12 Gb Free Space | 37,85% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 9,92 Gb Free Space | 99,21% Space Free | Partition Type: NTFS
Drive F: | 630,98 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 931,51 Gb Total Space | 541,50 Gb Free Space | 58,13% Space Free | Partition Type: NTFS
Computer Name: LANGBAUER-PC | User Name: Bernd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Mueller Foto\Mueller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files\Mueller Foto\Mueller Foto\Müller Foto.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0888C603-217D-47E3-BB0C-7EE03F5C2EFE}" = lport=139 | protocol=6 | dir=in | app=system |
"{0FE13160-65AE-400E-9D3A-55008BC173FD}" = rport=137 | protocol=17 | dir=out | app=system |
"{13EC43C7-5A1E-4ABE-A88E-58D64F89B5B5}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1AB5F715-E0E2-4B99-9573-5B1E0F9E278B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{228E07D6-1D60-4EF4-AEAF-FE843BA4324F}" = lport=445 | protocol=6 | dir=in | app=system |
"{26A55C42-DDEA-4933-8B5D-CDB90FAE48C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{37F1F846-DA2B-4793-A530-49C8F61B8490}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{384656F5-7F39-4D06-A463-C85F2F49EC07}" = rport=139 | protocol=6 | dir=out | app=system |
"{3FB16AC2-0B55-4B83-A3D9-C6B408F7814B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4727A091-44DC-4AEF-9D49-34583BEA3BF8}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{483CB6AE-D5D1-4C7B-9C12-12C519AB0BA3}" = rport=445 | protocol=6 | dir=out | app=system |
"{70B9A6DA-9451-4E2F-93B7-B3BBFA885F12}" = rport=138 | protocol=17 | dir=out | app=system |
"{70BFE012-5D8D-4798-86F2-8352ED92F07C}" = lport=138 | protocol=17 | dir=in | app=system |
"{77DADD8B-4E91-45F4-8012-C8ABF277A0C3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B8225DCF-31E2-4675-8ABE-091A2DC4770F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BFB9EE9A-443D-4B3D-9083-3A541870C566}" = rport=2869 | protocol=6 | dir=out | app=system |
"{CE161C5B-2164-4402-A469-E7E07512F2D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D55E5BD3-0700-44D8-82BA-34E4012EF0D3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F190DF76-2609-49EA-AF19-2C9733806E0E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F1E21676-D35E-4CF7-8261-D6369A668FDB}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FF9A5A9C-C38E-4A9A-A634-91257A1285EB}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06FB3C60-34A9-478A-A695-ABBB3D464B34}" = protocol=6 | dir=in | app=c:\users\bernd\appdata\local\apps\2.0\d2ykvdhe.a2x\jjqmhegw.3mr\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{0B60AAEF-F253-42CE-AC3D-FA27F66FC12F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1231DD8C-D8EE-45A0-B2F5-F51C10D2D36A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{1F62E017-59E2-4F0E-BC4B-6AC9BE7D547A}" = protocol=17 | dir=in | app=c:\users\bernd\appdata\local\apps\2.0\cy52mg7g.2lx\31jmozke.h8c\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{27D04AFD-79E4-4F85-A1AA-7F63796F7BE4}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3AE6F3EE-C102-4D57-B7E5-F0B7DC8B87D0}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{4756E529-A971-46DF-860E-7F12836C8C10}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4BF7122B-6436-4A02-B00B-D5A0ADA6B77A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4D55650D-54F3-4F14-A0FC-6A43D24ED554}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{52702EA9-8DF1-41DE-BEC7-CF64ED53123B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{582E7973-BCC4-411B-971E-99E4F9E20B88}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{588C5763-F80B-4A09-B6EF-A87CCC208D9A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{60048C5E-50E6-4DE9-A5A4-28CBD0A1BE48}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7F04323E-ED9A-4F9B-9F8C-DBAB7058EC79}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{89AC897F-9245-4E00-AB7C-3C71944AD143}" = protocol=6 | dir=in | app=c:\program files\sybase\sql anywhere 9\win32\dbsrv9.exe |
"{8DC824EA-192C-4FA0-81C9-82A47C4BFC67}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A75C0E85-0E23-4396-9211-B61FA66287B1}" = protocol=6 | dir=in | app=c:\users\bernd\appdata\local\apps\2.0\cy52mg7g.2lx\31jmozke.h8c\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{ADDFE578-DB86-4DA4-8A8D-310D07337755}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D3DE4B67-11EA-461A-B91E-3F2B9F2D0AFF}" = protocol=17 | dir=in | app=c:\program files\sybase\sql anywhere 9\win32\dbsrv9.exe |
"{E45D78E9-2D10-494B-93F3-2572CE914440}" = protocol=17 | dir=in | app=c:\users\bernd\appdata\local\apps\2.0\cy52mg7g.2lx\31jmozke.h8c\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{E4AAD852-94FA-456E-B90F-AD7B39BBCE50}" = protocol=6 | dir=in | app=c:\users\bernd\appdata\local\apps\2.0\cy52mg7g.2lx\31jmozke.h8c\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{F55A8D93-0C77-4574-8CF5-19CCF707E8C4}" = protocol=17 | dir=in | app=c:\users\bernd\appdata\local\apps\2.0\d2ykvdhe.a2x\jjqmhegw.3mr\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010AE555-28A0-486B-82F2-F5ABD3C6730B}" = Lexware business plus 2012
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{084732CF-79B7-40ED-814A-B49E81B14D6B}" = Lexware Elster
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{103C2CEA-0C40-44C2-A115-86A51AEBAA39}" = HSETU Energieberater Professional
"{164E3750-2271-4DCC-9B86-4A9CFD47A087}" = HS Verbrauchspass
"{16FB2E08-AE8E-40C6-8334-B6A59E264D05}" = Lexware Admintools Plus
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1A2B3C4D-ABCD-EF01-701D-6789E1701D01}" = HSETU Heizlast 12831/2
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F8BBCAE-0858-4C1B-8414-977C7E1DFA1A}_is1" = TWG Händlerprogramm
"{417EB05C-1410-42E2-AE12-82C86D10B8CB}" = Lumac
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{448DA1AD-D1CA-4967-8EFA-9482F31E7BFD}" = Lexware Datenbank plus 2012
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6553F4A8-B67F-49BA-A882-FF499C83CF4B}" = 32 Bit HP CIO Components Installer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B54B1AE-EBCA-48BE-92AF-61D02118F093}" = Lexware online banking
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{900F386B-084E-4451-B734-E815EA74445F}" = Lexware kaufmann plus 2012
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CADE1721-0AE3-4FE9-B37F-CF98CA42A14F}" = Borland Database Engine
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DAC580DB-6629-43B9-98DD-8BABA515B958}" = WISO Mein Geld 2013 Professional
"{DD23CAA4-8872-4B95-B263-EA46FD82CF19}" = LaserAIO
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8033CB5-A8DF-47B3-BDE9-1796626994C6}" = Lexware faktura+auftrag 2012
"{E8788309-C0D0-46CD-8D77-1574D7F0B721}" = HSETU PV Quick
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Internet Security 2012
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"InstallShield_{417EB05C-1410-42E2-AE12-82C86D10B8CB}" = Lumac
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Müller Foto" = Müller Foto
"MyTomTom" = MyTomTom 3.2.0.700
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WISO Mein Geld 2013 Professional" = WISO Mein Geld 2013 Professional
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.11.2012 18:18:03 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11217
Error - 01.11.2012 18:18:04 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 01.11.2012 18:18:04 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12215
Error - 01.11.2012 18:18:04 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12215
Error - 01.11.2012 18:18:05 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 01.11.2012 18:18:05 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13214
Error - 01.11.2012 18:18:05 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13214
Error - 01.11.2012 18:18:06 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 01.11.2012 18:18:06 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14228
Error - 01.11.2012 18:18:06 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14228
[ System Events ]
Error - 30.10.2012 03:09:35 | Computer Name = Langbauer-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 30.10.2012 03:12:22 | Computer Name = Langbauer-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.24 für die Netzwerkkarte mit der Netzwerkadresse
001E8C2ED657 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 30.10.2012 13:39:46 | Computer Name = Langbauer-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 30.10.2012 13:39:46 | Computer Name = Langbauer-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.10.2012 02:37:03 | Computer Name = Langbauer-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Lexware PDF-Export 3 nicht unter
dem Namen Lexware PDF-Export 3 freigeben. Fehler: 2114. Der Drucker kann nicht
von anderen Benutzern im Netzwerk verwendet werden.
Error - 31.10.2012 02:37:03 | Computer Name = Langbauer-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker hp LaserJet 3015 PCL 5 nicht unter
dem Namen hp LaserJet 3015 PCL 5 freigeben. Fehler: 2114. Der Drucker kann nicht
von anderen Benutzern im Netzwerk verwendet werden.
Error - 31.10.2012 02:37:03 | Computer Name = Langbauer-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Amyuni PDF Converter nicht unter
dem Namen Amyuni PDF Converter freigeben. Fehler: 2114. Der Drucker kann nicht
von anderen Benutzern im Netzwerk verwendet werden.
Error - 02.11.2012 00:25:36 | Computer Name = Langbauer-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 02.11.2012 00:25:52 | Computer Name = Langbauer-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 03.11.2012 05:01:03 | Computer Name = Langbauer-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Lexware PDF-Export 3 nicht unter
dem Namen Lexware PDF-Export 3 freigeben. Fehler: 2114. Der Drucker kann nicht
von anderen Benutzern im Netzwerk verwendet werden.
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.04.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Bernd :: LANGBAUER-PC [Administrator] 04.11.2012 19:59:52 mbam-log-2012-11-04 (19-59-52).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|L:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 377066 Laufzeit: 2 Stunde(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
06.11.2012, 21:18
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | E-Mail Account wurde gesperrtZitat:
 Nur der Provider kann den E-Mailversand wieder freischalten. Was genau wurde denn gesperrt, nur dein T-Online-Mailkonto oder gleich alle Ports für den Mailversand? Den Rechner hatten wir beide ja bereinigt und wie du siehst zeigt ein aktuelles Log von Malwarebytes keine Schädlinge
__________________ |
|
06.11.2012, 23:31
| #3 |
| | E-Mail Account wurde gesperrt Das Seltsame ist ja, das sie mir im Oktober mit Sperrung gedroht haben, ich hab ihnen dann geschrieben, das ich den PC bereinigt hab und die Passwörter gewechselt.
__________________Dann haben sie mich am Sonntag ohne Vorwarnung gesperrt, ähm die Ports?!? ich konnte mit dem Outlook keine Mails mehr abrufen. Dann hab ich Malwarebyte durchlaufen lassen, gesehen das kein Virus drauf ist, nochmal Passwörter gewechselt und T-online angeschrieben das sie mich doch bitte freischalten sollen. das haben sie dann auch heute gemacht, aber ich verstehe nicht wie noch weiterhin spams von meinem account versendet worden sind?!? Aber so wie es aussieht, ist ja alles gut und Du kannst den Threat schließen. PC ist sauber (nochmal danke), Mailen kann ich auch wieder, ich war nur äußerst beunruhigt weil sie mich so ohne vorwarnung gesperrt haben und ich dachte ich hab schon wieder viren. |
|
| Themen zu E-Mail Account wurde gesperrt |
| 32 bit, antivir, auftrag, avira, bho, bingbar, bluescreen, bonjour, converter, desktop, e-mail, e-mail account, entfernen, error, firefox, flash player, google, helper, hotspot, logfile, mozilla, nodrives, office 2007, plug-in, registry, scan, security, software, svchost.exe, virus, vista, visual studio, wiso |
Linear-Darstellung
