Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
mail delivery failed: returning message to sender - web.de account

mail delivery failed: returning message to sender - web.de account


Plagegeister aller Art und deren Bekämpfung: mail delivery failed: returning message to sender - web.de account

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 17.07.2013, 10:08   #1
stere
 
mail delivery failed: returning message to sender - web.de account - Standard

mail delivery failed: returning message to sender - web.de account


Hallo Trojaner-Board-Team,

habe seit gestern das Problem, dass ich in meinem web.de-Account andauernd Benachrichtigungen über nicht zugestellte Spam?-Mails an beliebige Empfänger erhalte. Ich habe aber keine Mails versendet und schon gar nicht an die angegebenen mir unbekannten Adressen. Hier mal ein Beispiel:
Zitat:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:

"carpenterw@bellsouth.net":
SMTP error from remote server in greeting:
host: gateway-f1.isp.att.net:
82.165.159.34 blocked by ldapu=rblmx,dc=att,dc=net
Error - Blocked for abuse. Contact abuse_rbl@abuse-att.net.
"bluehouse@bellsouth.net":
SMTP error from remote server in greeting:
host: gateway-f1.isp.att.net:
82.165.159.34 blocked by ldapu=rblmx,dc=att,dc=net
Error - Blocked for abuse. Contact abuse_rbl@abuse-att.net.
"caryfarley@bellsouth.net":
SMTP error from remote server in greeting:
host: gateway-f1.isp.att.net:
82.165.159.34 blocked by ldapu=rblmx,dc=att,dc=net
Error - Blocked for abuse. Contact abuse_rbl@abuse-att.net.
"chiphorton5@bellsouth.net":
SMTP error from remote server in greeting:
host: gateway-f1.isp.att.net:
82.165.159.34 blocked by ldapu=rblmx,dc=att,dc=net
Error - Blocked for abuse. Contact abuse_rbl@abuse-att.net.
"bobk54501@charter.net":
mail transaction aborted

"angellab@charter.net":
mail transaction aborted

"dagdarich@charter.net":
mail transaction aborted

"amtouray@charter.net":
mail transaction aborted

"aashley@charter.net":
mail transaction aborted



--- The header of the original message is following. ---

Received: from web.de ([78.132.180.160]) by smtp.web.de (mrweb102) with ESMTPA
(Nemesis) id 0M9GJ0-1Us71c1FfC-00CjzB; Tue, 16 Jul 2013 23:57:27 +0200
Message-ID: <E6FC96F0.FC683431@web.de>
Date: Sun, 03 Jun 2007 10:00:02 +0200
Reply-To: "phanterman@web.de" <phanterman@web.de>
From: "phanterman@web.de" <phanterman@web.de>
MIME-Version: 1.0
To: <bluehouse@bellsouth.net>
Subject: From single mistress
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:num7PfvQEeMtDt18IO/3PZx0F7u0MAJhYqBPtsRT7o0hzej+7NH
OuLoRhbS8xodeE2EOKR0BnrkR7Q++jjID0UM1k9843t+9Fo22WfdpLZBtL7MhY0/gOSzV96
YCRQrXhBVo/sAcqmIf1D1vOWcltKDPyICAKP8stdfQOl6+S+J8kUyIPBv8sMfWjh2gM66Sa
r+/AevGDsI5MfB6q82IDw==





-----
E-Mail ist virenfrei.
Von AVG überprüft - www.avg.de
Version: 2013.0.3349 / Virendatenbank: 3204/6495 - Ausgabedatum: 16.07.2013

Hier noch die Ergebnisse von OTL und Gmer:
OTL:
Code:
ATTFilter
OTL logfile created on: 17.07.2013 10:06:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stephan\Desktop\Programme\Sicherheit
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 60,76% Memory free
7,93 Gb Paging File | 6,18 Gb Available in Paging File | 77,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 239,56 Gb Total Space | 191,18 Gb Free Space | 79,81% Space Free | Partition Type: NTFS
Drive D: | 226,10 Gb Total Space | 23,34 Gb Free Space | 10,32% Space Free | Partition Type: NTFS
 
Computer Name: STEPHAN-LAPTOP | User Name: Stephan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.17 09:50:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stephan\Desktop\Programme\Sicherheit\OTL.exe
PRC - [2013.07.08 19:36:19 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Stephan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.06.27 00:48:20 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.05.14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.04.05 17:35:28 | 000,327,392 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe
PRC - [2010.07.30 09:53:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010.07.08 23:05:08 | 000,145,120 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2009.09.18 19:14:50 | 000,284,048 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
PRC - [2009.09.18 19:14:32 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
PRC - [2009.09.16 17:42:30 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.27 00:48:20 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009.09.18 19:14:54 | 000,124,304 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll
MOD - [2009.09.18 19:14:52 | 000,275,864 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll
MOD - [2009.09.18 19:14:52 | 000,034,088 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapSvcps.dll
MOD - [2009.09.18 19:14:50 | 000,349,480 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll
MOD - [2009.09.16 17:42:28 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009.08.18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.07.11 20:21:54 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.27 00:48:20 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.01 07:24:24 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.05 17:35:28 | 000,327,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService)
SRV - [2010.08.20 22:08:46 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010.07.08 23:05:08 | 000,145,120 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.18 19:14:50 | 000,284,048 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009.09.04 13:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2000.01.01 02:00:00 | 000,327,680 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2000.01.01 02:00:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.25 22:57:11 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2013.05.25 19:54:03 | 001,077,416 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod77-64.sys -- (mod7764)
DRV:64bit: - [2013.05.05 20:26:36 | 004,747,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2013.05.01 12:36:45 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.04.03 09:58:18 | 000,103,064 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.03.29 02:53:48 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013.03.21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013.02.08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013.02.08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013.02.08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013.02.08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013.02.08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:15 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:24:15 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:24:14 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.08.20 22:08:46 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.07.30 09:53:20 | 000,032,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.03.29 17:31:18 | 000,142,848 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tinspusb.sys -- (USBTINSP)
DRV:64bit: - [2009.09.17 11:56:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.09.17 11:56:16 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.09.17 11:56:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.09.17 11:56:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.08.18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.28 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2000.01.01 02:00:00 | 000,543,744 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2000.01.01 02:00:00 | 000,174,200 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2000.01.01 02:00:00 | 000,026,208 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B 19 6B 94 B2 45 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledAddons: %7Bf13b157f-b174-47e7-a34d-4815ddfdfeb8%7D:0.9.89
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:0.7.1.1
FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:1.8.0
FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.24.1
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.1
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.8
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..network.proxy.ftp: "85.142.17.5"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "85.142.17.5"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "85.142.17.5"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "85.142.17.5"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.27 00:48:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.26 14:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.27 00:48:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.26 14:03:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013.04.30 16:59:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\Extensions
[2013.07.15 22:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\Firefox\Profiles\0ydee5rc.default\extensions
[2013.04.30 18:55:41 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Stephan\AppData\Roaming\mozilla\Firefox\Profiles\0ydee5rc.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2013.06.29 15:39:26 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Stephan\AppData\Roaming\mozilla\Firefox\Profiles\0ydee5rc.default\extensions\ich@maltegoetz.de
[2013.07.03 10:23:25 | 000,116,577 | ---- | M] () (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\0ydee5rc.default\extensions\adblockpopups@jessehakanen.net.xpi
[2013.05.25 19:10:34 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\0ydee5rc.default\extensions\firebug@software.joehewitt.com.xpi
[2013.07.07 20:01:29 | 000,320,068 | ---- | M] () (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\0ydee5rc.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
[2013.02.10 13:56:07 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\0ydee5rc.default\extensions\stealthyextension@gmail.com.xpi
[2012.12.10 23:48:50 | 000,032,231 | ---- | M] () (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\0ydee5rc.default\extensions\support@wolfram.com.xpi
[2013.07.15 20:33:34 | 000,535,736 | ---- | M] () (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\0ydee5rc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.18 10:49:47 | 000,117,280 | ---- | M] () (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\0ydee5rc.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2013.05.09 12:26:17 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\0ydee5rc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.10 23:49:39 | 000,016,192 | ---- | M] () (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\0ydee5rc.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2012.12.10 23:49:39 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\0ydee5rc.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2012.12.10 23:49:39 | 000,210,138 | ---- | M] () (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\0ydee5rc.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
[2013.06.13 10:31:15 | 000,010,530 | ---- | M] () -- C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\0ydee5rc.default\searchplugins\duckduckgo.xml
[2013.06.27 00:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.27 00:48:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Stephan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20C91B71-FE91-4AAB-914B-5F3391A25501}: DhcpNameServer = 134.108.34.5 134.108.34.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BB9116C-35CF-4587-AA14-2B55ADBF29FE}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5392CCC7-60B1-47BC-B050-50E77DF8D6A4}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA989699-637F-4115-9BCD-A3D9ABE7F0B8}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{01bee6e5-b306-11e2-8d25-00269e88b9eb}\Shell - "" = AutoRun
O33 - MountPoints2\{01bee6e5-b306-11e2-8d25-00269e88b9eb}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{581721ed-b243-11e2-a65e-00269e88b9eb}\Shell - "" = AutoRun
O33 - MountPoints2\{581721ed-b243-11e2-a65e-00269e88b9eb}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{581721ed-b243-11e2-a65e-00269e88b9eb}\Shell\configure\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{581721ed-b243-11e2-a65e-00269e88b9eb}\Shell\install\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.09 09:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.06.27 00:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.26 14:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.06.25 22:57:30 | 000,160,992 | R--- | C] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
[2013.06.25 22:57:28 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\XSManager
[2013.06.25 22:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager
[2013.06.25 22:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XSManager
[2013.06.25 22:45:54 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Local\Diagnostics
[2013.06.25 17:58:10 | 000,312,544 | ---- | C] (4G Systems GmbH & Co. KG) -- C:\Windows\updater4g.exe
[2013.06.18 23:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2013.06.18 23:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2013.06.18 18:48:07 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\CAD-KAS
[2013.06.18 18:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.3
[2013.06.18 18:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Editor 3
[2013.06.18 18:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF to Word Doc Converter
[2013.06.18 18:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free PDF to Word Doc Converter
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.17 10:05:25 | 000,000,000 | ---- | M] () -- C:\Users\Stephan\defogger_reenable
[2013.07.17 09:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.17 09:45:36 | 000,019,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.17 09:45:36 | 000,019,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.17 09:38:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.17 09:38:18 | 3195,420,672 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.12 09:15:03 | 001,498,698 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.12 09:15:03 | 000,654,390 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.12 09:15:03 | 000,616,232 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.12 09:15:03 | 000,130,230 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.12 09:15:03 | 000,106,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.11 20:13:09 | 000,439,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.25 22:57:12 | 000,141,824 | ---- | M] (Wireless Data Device) -- C:\Windows\SysNative\drivers\cmntnet.sys
[2013.06.25 22:57:12 | 000,123,904 | ---- | M] (Wireless Device) -- C:\Windows\SysNative\drivers\cmnuusbser.sys
[2013.06.25 22:57:12 | 000,101,056 | ---- | M] () -- C:\Windows\SysNative\drivers\dvb_nova_12mhz_b0.inp
[2013.06.25 22:57:12 | 000,092,456 | ---- | M] () -- C:\Windows\SysNative\drivers\isdbt_nova_12mhz_b0.inp
[2013.06.25 22:57:12 | 000,079,036 | ---- | M] () -- C:\Windows\SysNative\drivers\tdmb_nova_12mhz_b0.inp
[2013.06.25 22:57:12 | 000,000,040 | ---- | M] () -- C:\Windows\SysNative\drivers\smsbda.cfg
[2013.06.25 22:57:11 | 000,133,120 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_netamd.sys
[2013.06.25 22:57:11 | 000,118,272 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_seramd.sys
[2013.06.25 22:57:11 | 000,117,888 | ---- | M] (Mobile Connector) -- C:\Windows\SysNative\drivers\cmnsusbser.sys
[2013.06.25 22:57:11 | 000,112,640 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_net32.sys
[2013.06.25 22:57:11 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_ser32.sys
[2013.06.25 22:57:11 | 000,063,648 | ---- | M] (Siano) -- C:\Windows\SysNative\drivers\smsbda.sys
[2013.06.18 18:47:59 | 000,081,408 | ---- | M] () -- C:\Windows\cadkasdeinst01.exe
 
========== Files Created - No Company Name ==========
 
[2013.07.17 10:05:25 | 000,000,000 | ---- | C] () -- C:\Users\Stephan\defogger_reenable
[2013.06.25 22:57:28 | 000,101,056 | ---- | C] () -- C:\Windows\SysNative\drivers\dvb_nova_12mhz_b0.inp
[2013.06.25 22:57:28 | 000,092,456 | ---- | C] () -- C:\Windows\SysNative\drivers\isdbt_nova_12mhz_b0.inp
[2013.06.25 22:57:28 | 000,079,036 | ---- | C] () -- C:\Windows\SysNative\drivers\tdmb_nova_12mhz_b0.inp
[2013.06.25 22:57:28 | 000,000,040 | ---- | C] () -- C:\Windows\SysNative\drivers\smsbda.cfg
[2013.06.18 18:47:59 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2013.04.30 16:43:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 07:00:09 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:46 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.06.19 10:49:01 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Audacity
[2013.05.01 10:12:34 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\AVG2013
[2013.05.05 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\BatteryBar
[2013.06.18 18:48:07 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\CAD-KAS
[2013.05.05 13:05:45 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\DAEMON Tools Lite
[2013.05.14 17:50:25 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Downloaded Installations
[2013.07.05 15:53:12 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Dropbox
[2013.05.07 14:34:35 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\DVDVideoSoft
[2013.05.14 17:51:17 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\FileOpen
[2013.07.17 10:14:14 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\NetSpeedMonitor
[2013.06.18 18:23:09 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Nitro
[2013.06.18 23:35:38 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Nitro PDF
[2013.05.17 17:17:14 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\OpenOffice.org
[2013.05.05 15:52:20 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Samsung
[2013.07.17 10:04:59 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Spotify
[2013.05.18 19:49:05 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Subversion
[2013.04.30 19:05:03 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Synaptics
[2013.05.01 10:00:23 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Thunderbird
[2013.05.01 10:11:35 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\TuneUp Software
[2013.06.25 23:02:50 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\uTorrent
[2013.05.05 20:28:45 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\WinBatch
[2013.06.25 23:01:20 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\XSManager
 
========== Purity Check ==========
 
 

< End of report >
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 17.07.2013 10:06:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stephan\Desktop\Programme\Sicherheit
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 60,76% Memory free
7,93 Gb Paging File | 6,18 Gb Available in Paging File | 77,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 239,56 Gb Total Space | 191,18 Gb Free Space | 79,81% Space Free | Partition Type: NTFS
Drive D: | 226,10 Gb Total Space | 23,34 Gb Free Space | 10,32% Space Free | Partition Type: NTFS
 
Computer Name: STEPHAN-LAPTOP | User Name: Stephan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 61 01 DA 5A 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06DF58A7-8C48-4C4E-88A6-E8F159B59DE4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1CA8FA20-9F9C-43BD-BAFF-2DF7C58FEA27}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2849EE1F-22DA-404D-B438-C8DD5BF7AE74}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{3FBDD841-B9BE-4354-A3B3-4C3812D8BC30}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4FD33FEA-5497-4951-926C-4E897AA140B6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{616F8076-4809-4C4B-A885-0BC5E8029B06}" = lport=445 | protocol=6 | dir=in | app=system | 
"{71D0BA91-E510-4E50-881F-02FED66CED81}" = lport=138 | protocol=17 | dir=in | app=system | 
"{87E4C790-10B6-4B42-B245-AA821DC43C53}" = rport=138 | protocol=17 | dir=out | app=system | 
"{88E45917-A266-4382-8361-EF0913EC6806}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8AB11C85-0B04-4515-8D23-03F4FAE05F14}" = rport=137 | protocol=17 | dir=out | app=system | 
"{991D674A-3B70-444A-AAB8-A16C2BF5080B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A313AF49-BDA2-4A36-865A-0275A21D0446}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E078E152-FDDF-4C23-A126-103C6A1E21D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012CE528-ABC7-409C-A6EB-E3E72C6E6FB4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{09988081-CAF0-4B5B-8024-06E6509A7EB8}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{09AA5670-E811-4007-B1FC-AD05AE40639A}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{0BA56737-5830-41ED-AB74-264529AF559D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{0E2A02F1-EFA5-44F4-A0A3-2783E646B56A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{1E5B7DB1-47B5-48D9-BD1D-64DF27569AFC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2481BE4F-3B22-4709-A13E-B4648A0BCAEB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{25A9816B-E48B-4D3A-A0F4-175738B700FE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{292D02A5-66B3-44E3-9EBF-D704A25994D6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{37A5AD6E-A007-4153-91F6-CF2FA2571222}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{52E5022D-99B9-4942-93CA-328D78CA53B9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{5C5E3817-A0C1-4B71-8ED5-6B522CBBCE54}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{6C51DFF7-4DFA-4DE0-87E5-8AD322A72BF8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{6DC817E3-6661-40AF-977B-4946C8581BCA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{71973CD4-133E-4C0D-8882-33965F7D9031}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{84A3F44F-523F-4FD3-ACFC-289C76ED4408}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{9475DDDD-61F8-4F85-B4A4-54B0CE108DAD}" = protocol=6 | dir=in | app=c:\users\stephan\appdata\roaming\dropbox\bin\dropbox.exe | 
"{965CD8AB-13A9-4FE1-834D-8ED0B595A722}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9BC50E4C-BF0C-4AF3-94F1-E9591FEA1688}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{AC464EA7-643E-412B-81A5-256BDA37D5E0}" = protocol=17 | dir=in | app=c:\users\stephan\appdata\roaming\dropbox\bin\dropbox.exe | 
"{AF7ED365-4DD4-4612-9968-B2BCAA260EF0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B5CFE654-9AC8-45A6-834A-3A7EC28510A9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{C1080C7F-415E-4D95-A7DC-005B155831BF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{C1560315-A377-4FD6-A067-21D12A24CE80}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{C788333B-36CA-4B07-B290-46A5700F6DC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C80CF3CF-0432-485E-A5E7-115C17D87C19}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{CFCA1B55-E980-4E9D-A433-C782FDDF7CD7}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{D262D038-7DE5-43BB-A0FE-E69F8FFB46CE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{D656C429-B83F-4D83-B2BD-58A8035C1A00}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{E0C1B8B2-4132-4E24-94AD-0DAD0FCC78F6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{E4F406A2-5A0F-46DF-9F9E-ED50748C7325}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E6223A1C-96EB-42FC-AE97-451122EB6469}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{E680E945-BDBD-4B4F-961A-64C4FBE3461D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"TCP Query User{51B0011D-C531-4CA7-B471-A1F620F2B148}C:\users\stephan\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\stephan\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{959D8156-C9E7-43D7-84DC-0B4BDE919F5C}C:\users\stephan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\stephan\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{B379EDC4-5EB8-41EE-9779-C96EC4BDB873}C:\program files (x86)\hp\common\hpdevicedetection3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hp\common\hpdevicedetection3.exe | 
"TCP Query User{CFB1730B-E61B-4774-83D7-0380E2F7C3CD}C:\users\stephan\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\stephan\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{2F33C95D-2CA7-451D-8078-D47D8BA6F354}C:\users\stephan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\stephan\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{3E5C3DA2-6908-4CE5-99D4-BB4A19823AC6}C:\users\stephan\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\stephan\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{4A045ED2-EEA8-45CB-9CA3-C52979C2A3B4}C:\users\stephan\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\stephan\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{D7ACCAD4-896D-4A2C-B3BA-C26EA8CBEA3C}C:\program files (x86)\hp\common\hpdevicedetection3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hp\common\hpdevicedetection3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1197549C-5221-4C9A-8182-E77D289734DA}" = Nitro Reader 3
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{78B5B205-2F59-4D96-9D83-DEB94CD5229B}" = AVG 2013
"{79E9FC36-6AC7-73DA-B9D4-B4389F135833}" = AMD Catalyst Install Manager
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE7891D8-2340-4CD6-BA0A-6C8C01F7B4B4}" = AVG 2013
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"AVG" = AVG 2013
"BatteryBar" = BatteryBar (remove only)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.6
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E052F74-10A7-42E7-84EB-01C172F5AB5D}" = SlimDrivers
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.5.1
"{879F7C80-BCA3-4A11-BDB1-658252ECD7E0}" = HP Product Detection
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.3
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"LAME_is1" = LAME v3.99.3 (for Windows)
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenVPN" = OpenVPN 2.1.3
"SpeedFan" = SpeedFan (remove only)
"uTorrent" = µTorrent
"XSManager" = XSManager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.07.2013 03:09:53 | Computer Name = Stephan-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.07.2013 13:22:54 | Computer Name = Stephan-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917,
 Zeitstempel: 0x51c06b1b  Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917,
 Zeitstempel: 0x51c06a5b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00173668  ID des fehlerhaften
 Prozesses: 0x708  Startzeit der fehlerhaften Anwendung: 0x01ce7f2373193c04  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 af768cb6-eb17-11e2-893f-00269e88b9eb
 
Error - 12.07.2013 18:00:19 | Computer Name = Stephan-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.07.2013 06:54:55 | Computer Name = Stephan-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.07.2013 10:54:09 | Computer Name = Stephan-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.07.2013 12:42:55 | Computer Name = Stephan-Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 14.07.2013 13:39:37 | Computer Name = Stephan-Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 15.07.2013 02:32:43 | Computer Name = Stephan-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.07.2013 13:51:03 | Computer Name = Stephan-Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 16.07.2013 03:58:59 | Computer Name = Stephan-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.07.2013 04:38:02 | Computer Name = Stephan-Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 17.07.2013 03:39:13 | Computer Name = Stephan-Laptop | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 16.07.2013 10:21:49 | Computer Name = Stephan-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.07.2013 11:15:41 | Computer Name = Stephan-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.07.2013 12:37:31 | Computer Name = Stephan-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.07.2013 12:44:27 | Computer Name = Stephan-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.07.2013 14:36:53 | Computer Name = Stephan-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.07.2013 16:22:48 | Computer Name = Stephan-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.07.2013 17:11:48 | Computer Name = Stephan-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.07.2013 18:36:14 | Computer Name = Stephan-Laptop | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 17.07.2013 03:38:21 | Computer Name = Stephan-Laptop | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 17.07.2013 03:38:21 | Computer Name = Stephan-Laptop | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
Gmer:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-17 10:47:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500420AS rev.0006HPM1 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Stephan\AppData\Local\Temp\pwdiykow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            0000000076571465 2 bytes [57, 76]
.text  C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155           00000000765714bb 2 bytes [57, 76]
.text  ...                                                                                                                   * 2
.text  C:\Users\Stephan\Desktop\Programme\Sicherheit\OTL.exe[3180] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69   0000000076571465 2 bytes [57, 76]
.text  C:\Users\Stephan\Desktop\Programme\Sicherheit\OTL.exe[3180] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155  00000000765714bb 2 bytes [57, 76]
.text  ...                                                                                                                   * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00271332ed8b                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00271332ed8b@d0176a98da31                              0x90 0xE3 0xE9 0x89 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00271332ed8b (not active ControlSet)                       
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00271332ed8b@d0176a98da31                                  0x90 0xE3 0xE9 0x89 ...

---- EOF - GMER 2.1 ----
Habe ich mir irgendetwas eingefangen, oder wie kommt es dazu? Hoffe ihr könnt mir weiterhelfen.
Vielen Dank schonmal im vorraus!

 

Themen zu mail delivery failed: returning message to sender - web.de account
adobe, adobe reader xi, application/pdf:, autorun, avg, benachrichtigungen, bho, desktop, failed, firefox, flash player, format, iexplore.exe, install.exe, launch, logfile, mail delivery, mozilla, mp3, nemesis, plug-in, problem, realtek, registry, rundll, scan, security, server, spam, spotify web helper, stick, svchost.exe, tracker, udp, visual studio, windows


« Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? | Locked-Dateien Trojaner? »


Ähnliche Themen: mail delivery failed: returning message to sender - web.de account


  1. bis zu 50 x am Tag: mail delivery failed: Returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 23.11.2015 (25)
  2. mailer-daemon@gmx.de; Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 06.02.2015 (1)
  3. keineantwortadresse@web.de/Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 18.08.2014 (6)
  4. Mail delivery failed: returning message to sender (adressen stimmten)
    Log-Analyse und Auswertung - 17.08.2014 (5)
  5. Mail delivery failed: returning message to sender
    Überwachung, Datenschutz und Spam - 16.07.2014 (3)
  6. mail delivery failed: returning message to sender - web.de account
    Plagegeister aller Art und deren Bekämpfung - 23.03.2014 (9)
  7. Mail delivery failed: returning message to sender
    Log-Analyse und Auswertung - 06.12.2013 (7)
  8. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 24.11.2013 (11)
  9. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (8)
  10. mail delivery failed: returning message to sender im gmx account
    Log-Analyse und Auswertung - 12.07.2013 (5)
  11. Mail delivery failed returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (7)
  12. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (3)
  13. Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (13)
  14. mail delivery failed: returning message to sender bei web.de
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (11)
  15. Mail delivery failed: returning message to sender bei web.de
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (11)
  16. mail delivery failed: returning message to sender im web.de account
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (3)
  17. Mail Delivery Failed: Returning Message to Sender
    Alles rund um Windows - 10.10.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema mail delivery failed: returning message to sender - web.de account - Hallo Trojaner-Board-Team, habe seit gestern das Problem, dass ich in meinem web.de-Account andauernd Benachrichtigungen über nicht zugestellte Spam?-Mails an beliebige Empfänger erhalte. Ich habe aber keine Mails versendet und schon - mail delivery failed: returning message to sender - web.de account...

Alle Zeitangaben in WEZ +1. Es ist jetzt 20:57 Uhr.

Kontakt - Trojaner-Board - Archiv - Datenschutzerklärung - Nach oben

Copyright ©2000-2025, Trojaner-Board
Archiv
Du betrachtest: mail delivery failed: returning message to sender - web.de account auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19