Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Mail delivery failed: returning message to sender

Mail delivery failed: returning message to sender


Log-Analyse und Auswertung: Mail delivery failed: returning message to sender

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 03.12.2013, 16:24   #1
Putlitz
 
Mail delivery failed: returning message to sender - Standard

Mail delivery failed: returning message to sender


Hallo,

leider bekomme ich von diversen Personen folgende automatische Rückantwort (siehe unten).
Es scheint so, als ob ich bei einigen Servern auf einer Blacklist/Greylist gekommen bin.

Bitte um Hilfe

Mit freundlichen Grüßen
Bodo zu Putlitz


_________________________________________________________
Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:

"dirk.schiefelbein@lht.dlh.de":
SMTP error from remote server in greeting:
host: mx1.lhsystems.com:
mx1.lhsystems.com
Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.


--- The header of the original message is following. ---

Received: from 3capp-webde-bs15.server.lan ([172.19.170.15]) by
mriweb.server.lan (mriweb001) with ESMTP (Nemesis) id
0LwE7M-1VXf5H3RVe-0184jd for <dirk.schiefelbein@lht.dlh.de>; Tue, 03 Dec 2013
16:18:37 +0100
Received: from [80.254.148.67] by 3capp-webde-bs15.server.lan with HTTP; Tue
Dec 03 16:18:37 CET 2013
MIME-Version: 1.0
Message-ID: <trinity-840d4468-6576-4171-907b-fdf5f5686730-1386083917180@3capp-webde-bs15>
From: "Bodo zu Putlitz" <bodo.putlitz@web.de>
To: dirk.schiefelbein@lht.dlh.de
Subject: test
Content-Type: text/html; charset=UTF-8
Date: Tue, 3 Dec 2013 16:18:37 +0100 (CET)
Importance: normal
Sensitivity: Normal
X-Priority: 3
X-Provags-ID: V03:K0:j77FDymqYJayt1SUEVBrNvqICbG/brDMaqhb+BzdBp5
rPtAwqJF+sAJR8CXfN9jnl/S+s422jD3803k1svoguhZjBirug
lQx5CEW0t6xnlcZvOyUkEsTu7Fpyi5b4E3rnmb1IfmsAe1Olj4
Nx6nIHLlyFmoUKAScPzvDVw6Byf0IvrJ5tUlLPd+eAQNjQmWui
QKPq03iR0wUM1PUnJZVUR4bM7MWI6NOMcKBy8Ji9aPC4oKQLWc
/o//llpPbfV8QBj3aJv561E7Afi1P0lxURmtHgmVqoKqpHF7uZ
kE2tIm/mE1PS1rC6j7ZPbQ7QnP9

FRST Scan:
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013
Ran by putlbz (administrator) on EHNFW721XMGT1-L on 03-12-2013 16:07:15
Running from C:\Users\putlbz\Documents\privat
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(BP) C:\Windows\SysWOW64\AdCompSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
(Cognitas Technologies, Inc.) C:\Program Files (x86)\Cognitas\CrossLink6\cl_svc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe
(BP) C:\Windows\SysWOW64\IPEventSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Oracle Corporation) C:\oracle\ora92\bin\omtsreco.exe
(Safend LTD.) C:\Program Files\Safend\Data Protection Agent\SDPAgent.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Authentication Manager\WaveAMService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acwebsecagent.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Safend Ltd.) C:\Windows\System32\SimonPro.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
() C:\Program Files\Safend\Data Protection Agent\DataProtectionAgent.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\RemoteManagement\ETBINotify.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(BP) C:\Program Files (x86)\Auto Proxy\AutoProxy.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\x86\AeXAgentUIHostSurrogate32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Lync\communicator.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [EmbassySecurityCheck.exe] - C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EmbassySecurityCheck.exe [229768 2011-08-01] (Wave Systems Corp.)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [353136 2011-08-22] (Wave Systems Corp.)
HKLM\...\Run: [AutoRunForERASConnectorTrayApp] - C:\Program Files\Wave Systems Corp\RemoteManagement\ETBINotify.exe [213504 2011-08-03] (Wave Systems Corp.)
Winlogon\Notify\aSinadin: C:\Windows\system32\Sinadin.dll (Safend Ltd.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SensLogn: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [DataProtectionAgent] - C:\Program Files\Safend\Data Protection Agent\DataProtectionAgent.exe [55840 2012-02-14] ( ())
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation)
HKCU\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1219488 2011-01-30] (Adobe Systems Incorporated)
HKCU\...\Policies\system: [DisableRegistryTools] 1
HKCU\...\Policies\system: [RunLogonScriptSync] 1
HKCU\...\Policies\system: [HideLegacyLogonScripts] 1
HKCU\...\Policies\Explorer: [NoWindowsUpdate] 1
HKCU\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKCU\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Policies\Explorer: [NoStartMenuMyMusic] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe [333376 2011-11-15] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe [215360 2011-09-14] (McAfee, Inc.)
HKLM-x32\...\Run: [McAfee Host Intrusion Prevention Tray] - C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe [979104 2010-02-16] (McAfee, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [CfgDownload] - C:\Program Files (x86)\IXOS\bin\CfgDownload.exe [212992 2009-10-31] (Open Text Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Communicator] - C:\Program Files (x86)\Microsoft Lync\communicator.exe [12107944 2013-05-30] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\AMInit64.dll [68096 2011-11-20] (Altiris Inc)
AppInit_DLLs-x32:  AMINIT32.DLL [66048 2011-11-20] (Altiris Inc)
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\taskmgr.exe: [Debugger] C:\Program Files (x86)\TuneUp Utilities 2013\PMLauncher.exe
Lsa: [Authentication Packages] msv1_0 wvauth sesami

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: bp1bocpa002.bp.com:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://globalsearch.bpweb.bp.com/searchleft2.asp?Button=Yes
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://kompass.bpweb.bp.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://kompass.bpweb.bp.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130218094041.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: OneBPSidebar Class - {02F70F62-1717-4A69-8F51-E9B9B50B88DB} - C:\Program Files (x86)\OneBP\OneBP sidebar\ATLBPWorldCompanion.dll (BP)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO-x32: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130218094041.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} vpnweb.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} -  No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220

==================== Services (Whitelisted) =================

R3 acwebsecagent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acwebsecagent.exe [856056 2012-06-07] (Cisco Systems, Inc.)
R2 AdCompSv; C:\Windows\SysWOW64\AdCompSvc.exe [47616 2010-05-25] (BP)
R3 AeXAgentSrvHost; C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe [265048 2012-04-16] (Symantec Corporation)
R2 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2117464 2012-04-16] (Symantec Corporation)
S3 AltirisAgentProvider; C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [408408 2012-04-16] (Symantec Corporation)
R2 cogclsvc; C:\Program Files (x86)\Cognitas\CrossLink6\cl_svc.exe [221328 2011-04-28] (Cognitas Technologies, Inc.)
S3 ConfigService; C:\Program Files (x86)\Altiris\Altiris Agent\Agents\Deployment\Agent\ConfigService.exe [229992 2011-08-12] ()
R2 enterceptAgent; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [1498224 2010-02-16] (McAfee, Inc.)
S3 ETBIService; C:\Program Files\Wave Systems Corp\RemoteManagement\ETBIService.exe [186880 2011-08-03] (Wave Systems Corp.)
R2 hips; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [39840 2009-11-23] (McAfee, Inc.)
R2 IPEventSv; C:\Windows\SysWOW64\IPEventSvc.exe [52224 2010-05-25] (BP)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132672 2011-11-15] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199008 2013-02-18] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [209760 2011-09-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2013-02-18] (McAfee, Inc.)
R2 OracleMTSRecoveryService; C:\oracle\ora92\bin\omtsreco.exe [57603 2002-04-30] (Oracle Corporation)
S3 OracleOraHome92ClientCache; C:\oracle\ora92\bin\ONRSD.EXE [243352 2006-07-28] ()
S3 SDBAgent; C:\Program Files\Safend\Data Protection Agent\SDBAgent.exe [1869344 2012-02-14] (Safend Ltd.)
R2 SDPAgent; C:\Program Files\Safend\Data Protection Agent\SDPAgent.exe [27168 2012-02-14] (Safend LTD.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2409272 2013-10-11] (TuneUp Software)
R2 Wave Authentication Manager Service; C:\Program Files\Wave Systems Corp\Authentication Manager\WaveAMService.exe [1626112 2011-08-08] (Wave Systems Corp.)

==================== Drivers (Whitelisted) ====================

S3 CLVMini; C:\Windows\System32\DRIVERS\clvmini.sys [34416 2010-05-05] (Cognitas Technologies, Inc.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [38472 2010-11-25] (Dell Inc.)
S3 Firehk; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.)
R3 FirehkMP; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.)
R3 firelm01; C:\Windows\system32\drivers\firelm01.sys [39480 2010-02-16] (McAfee, Inc.)
R0 FirePM; C:\Windows\System32\Drivers\FirePM.sys [187808 2010-02-16] (McAfee, Inc.)
R1 FireTDI; C:\Windows\system32\Drivers\FireTDI.sys [254520 2010-02-16] (McAfee, Inc.)
R3 HIPK; C:\Windows\System32\drivers\HIPK.sys [138776 2009-11-23] (McAfee, Inc.)
R3 HIPPSK; C:\Windows\System32\drivers\HIPPSK.sys [45424 2009-11-23] (McAfee, Inc.)
R3 HIPQK; C:\Windows\System32\drivers\HIPQK.sys [40152 2009-11-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [158712 2013-02-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [228752 2013-02-18] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [642952 2013-02-18] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100904 2013-02-18] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [84424 2009-11-23] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2013-02-18] (McAfee, Inc.)
R0 Sahara; C:\Windows\System32\drivers\Sahara.sys [247328 2012-02-14] (Safend Ltd.)
R0 Salvador; C:\Windows\System32\drivers\Salvador.sys [45088 2012-02-14] (Safend Ltd.)
R1 Santa; C:\Windows\System32\drivers\santa.sys [63520 2012-02-14] (Safend Ltd.)
R0 Scarlet; C:\Windows\System32\drivers\Scarlet.sys [50720 2012-02-14] (Safend Ltd.)
R0 SDiego; C:\Windows\System32\drivers\SDiego.sys [78880 2012-02-14] (Safend Ltd.)
R0 Shandy; C:\Windows\System32\drivers\Shandy.sys [183840 2012-02-14] (Safend Ltd.)
R3 Shlos; C:\Windows\System32\drivers\Shlos.sys [50208 2012-02-14] (Safend Ltd.)
R0 Sidney; C:\Windows\System32\drivers\Sidney.sys [128032 2012-02-14] (Safend Ltd.)
R3 Sofy; C:\Windows\System32\drivers\Sofy.sys [59424 2012-02-14] (Safend Ltd.)
R0 SpfdBus; C:\Windows\System32\DRIVERS\SpfdBus.sys [11296 2012-02-14] (Safend Ltd.)
R0 Sptrep; C:\Windows\System32\drivers\Sptrep.sys [11808 2012-02-14] (Safend Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
U4 CSI ECM Socket Listener; 
U4 CSIRemoteC; 
U5 SPHINX; C:\Windows\System32\Drivers\SPHINX.sys [78368 2012-02-14] (Safend Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-03 16:07 - 2013-12-03 16:07 - 00000000 ____D C:\FRST
2013-12-03 08:29 - 2013-12-03 08:29 - 00001024 _____ C:\.rnd
2013-12-03 08:29 - 2013-12-03 08:29 - 00000113 _____ C:\Windows\SysWOW64\api_hook_list.dat
2013-12-03 08:29 - 2013-12-03 08:29 - 00000113 _____ C:\Windows\system32\api_hook_list.dat
2013-12-03 08:29 - 2009-11-23 17:33 - 00040328 _____ (McAfee, Inc.) C:\Windows\SysWOW64\HIPIS0e011b3.dll
2013-12-03 08:29 - 2009-11-23 17:21 - 00046568 _____ (McAfee, Inc.) C:\Windows\system32\HIPIS0e011b3.dll
2013-11-26 09:04 - 2013-12-03 15:32 - 00004898 _____ C:\Windows\System32\Tasks\WSCEAA
2013-11-20 04:38 - 2013-10-12 03:31 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-20 04:38 - 2013-10-12 03:31 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-20 04:38 - 2013-10-12 03:31 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-20 04:38 - 2013-10-12 03:30 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-20 04:38 - 2013-10-12 03:30 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-20 04:38 - 2013-10-12 03:29 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-20 04:38 - 2013-10-12 03:29 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-20 04:38 - 2013-10-12 03:29 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-20 04:38 - 2013-10-12 03:04 - 01232384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-20 04:38 - 2013-10-12 03:04 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-20 04:38 - 2013-10-12 03:04 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-20 04:38 - 2013-10-12 03:02 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-20 04:38 - 2013-10-12 03:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-20 04:38 - 2013-10-12 03:01 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-20 04:38 - 2013-10-12 03:01 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-20 04:38 - 2013-10-12 03:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-20 04:38 - 2013-10-12 03:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-20 04:38 - 2013-10-12 02:32 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-20 04:38 - 2013-10-12 02:15 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-20 04:37 - 2013-10-12 03:30 - 09071104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-20 04:37 - 2013-10-12 03:29 - 12295168 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-20 04:37 - 2013-10-12 03:02 - 06038528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 20:56 - 2013-11-15 20:58 - 00000000 ____D C:\Users\putlbz\Desktop\USA NOV 13
2013-11-15 20:47 - 2013-12-03 08:29 - 00002630 _____ C:\Windows\setupact.log
2013-11-15 20:47 - 2013-11-15 20:47 - 00000000 _____ C:\Windows\setuperr.log
2013-11-15 20:46 - 2013-11-29 16:28 - 00034244 _____ C:\Windows\PFRO.log

==================== One Month Modified Files and Folders =======

2013-12-03 16:07 - 2013-12-03 16:07 - 00000000 ____D C:\FRST
2013-12-03 16:07 - 2013-02-22 13:44 - 00000000 ____D C:\Users\putlbz\Documents\privat
2013-12-03 15:42 - 2013-02-25 16:46 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2013-12-03 15:36 - 2013-02-18 09:07 - 01415660 _____ C:\Windows\WindowsUpdate.log
2013-12-03 15:32 - 2013-11-26 09:04 - 00004898 _____ C:\Windows\System32\Tasks\WSCEAA
2013-12-03 15:21 - 2013-02-18 09:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 11:30 - 2013-02-22 13:04 - 00000000 ____D C:\Users\putlbz\Tracing
2013-12-03 08:41 - 2009-07-14 05:45 - 00012048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 08:41 - 2009-07-14 05:45 - 00012048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 08:32 - 2012-07-06 10:33 - 00000000 ____D C:\Windows\COE
2013-12-03 08:29 - 2013-12-03 08:29 - 00001024 _____ C:\.rnd
2013-12-03 08:29 - 2013-12-03 08:29 - 00000113 _____ C:\Windows\SysWOW64\api_hook_list.dat
2013-12-03 08:29 - 2013-12-03 08:29 - 00000113 _____ C:\Windows\system32\api_hook_list.dat
2013-12-03 08:29 - 2013-11-15 20:47 - 00002630 _____ C:\Windows\setupact.log
2013-12-03 08:29 - 2013-02-18 09:44 - 00005712 _____ C:\Windows\system32\config\netlogon.ftl
2013-12-03 08:29 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-29 16:28 - 2013-11-15 20:46 - 00034244 _____ C:\Windows\PFRO.log
2013-11-28 14:17 - 2012-07-09 09:36 - 00695776 _____ C:\Windows\system32\perfh00C.dat
2013-11-28 14:17 - 2012-07-09 09:36 - 00694712 _____ C:\Windows\system32\perfh00A.dat
2013-11-28 14:17 - 2012-07-09 09:36 - 00677448 _____ C:\Windows\system32\perfh019.dat
2013-11-28 14:17 - 2012-07-09 09:36 - 00653028 _____ C:\Windows\system32\perfh007.dat
2013-11-28 14:17 - 2012-07-09 09:36 - 00450012 _____ C:\Windows\system32\perfh014.dat
2013-11-28 14:17 - 2012-07-09 09:36 - 00390860 _____ C:\Windows\system32\perfh011.dat
2013-11-28 14:17 - 2012-07-09 09:36 - 00380448 _____ C:\Windows\system32\prfh0404.dat
2013-11-28 14:17 - 2012-07-09 09:36 - 00364370 _____ C:\Windows\system32\prfh0804.dat
2013-11-28 14:17 - 2012-07-09 09:36 - 00137174 _____ C:\Windows\system32\perfc00A.dat
2013-11-28 14:17 - 2012-07-09 09:36 - 00132640 _____ C:\Windows\system32\perfc019.dat
2013-11-28 14:17 - 2012-07-09 09:36 - 00130250 _____ C:\Windows\system32\perfc00C.dat
2013-11-28 14:17 - 2012-07-09 09:36 - 00129804 _____ C:\Windows\system32\perfc007.dat
2013-11-28 14:17 - 2012-07-09 09:36 - 00106518 _____ C:\Windows\system32\perfc011.dat
2013-11-28 14:17 - 2012-07-09 09:36 - 00104378 _____ C:\Windows\system32\prfc0804.dat
2013-11-28 14:17 - 2012-07-09 09:36 - 00099464 _____ C:\Windows\system32\prfc0404.dat
2013-11-28 14:17 - 2012-07-09 09:36 - 00077226 _____ C:\Windows\system32\perfc014.dat
2013-11-28 14:17 - 2009-07-14 06:13 - 05928218 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-28 14:15 - 2013-07-11 15:36 - 00000000 ____D C:\Users\putlbz\Desktop\Technikum
2013-11-27 09:23 - 2013-02-22 13:42 - 00000000 ____D C:\Users\putlbz\Desktop\Vorlagen und Orga-Charts
2013-11-26 12:01 - 2013-02-22 13:42 - 00046080 _____ C:\Users\putlbz\Documents\Bestellformular Konferenzraumbewirtung Neuhof 23.10..xls
2013-11-25 11:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-20 04:37 - 2013-02-21 09:45 - 00119265 __RSH C:\ProgramData\ntuser.pol
2013-11-17 23:53 - 2013-02-18 09:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync
2013-11-15 20:58 - 2013-11-15 20:56 - 00000000 ____D C:\Users\putlbz\Desktop\USA NOV 13
2013-11-15 20:47 - 2013-11-15 20:47 - 00000000 _____ C:\Windows\setuperr.log
2013-11-15 13:17 - 2013-02-22 13:44 - 00000000 ____D C:\Users\putlbz\Documents\Passwords

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\InstallAX.exe
C:\Users\Administrator\AppData\Local\Temp\InstallAX64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-03 08:49

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Addition Scan:FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2013
Ran by putlbz at 2013-12-03 16:08:46
Running from C:\Users\putlbz\Documents\privat
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Host Intrusion Prevention Firewall (Disabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 13.2.1)
7-Zip 9.20 (x32)
Acrobat X Professional (x32 Version: 10.0.3)
Administrator Password Changer (x32 Version: 1.0.1)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.4) (x32 Version: 10.1.4)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
Altiris Application Metering Agent (x32 Version: 7.1.7580.0)
Altiris Inventory Agent (x32 Version: 7.1.7580.0)
ARAL Schrift (x32 Version: 1.0.0)
AuthenTec Fingerprint Sensor Minimum Install (Version: 8.4.2.5)
Auto Proxy (x32 Version: 4.1.0)
BP Branded Wallpaper (x32 Version: 1.0.0)
BP Office Templates (x32 Version: 7.0.0.4)
BP Univers Fonts (Roman) (x32 Version: 3.0.0.0)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.0.08057)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.08057)
Cisco AnyConnect Web Security Module (x32 Version: 3.0.08057)
Citrix Online Plug-in (DV) (x32 Version: 12.3.0.8)
Citrix Online Plug-in (HDX) (x32 Version: 12.3.0.8)
Citrix Online Plug-in (SSON) (x32 Version: 12.3.0.8)
Citrix Online Plug-in (USB) (x32 Version: 12.3.0.8)
Citrix Online Plug-in (Web) (x32 Version: 12.3.0.8)
Citrix Online Plug-in (x32 Version: 12.3.0.8)
Client Profile Updating Utility 5.2.1 (x32 Version: 5.2.1.518)
Cognitas CrossLink v6.0.8.8 with ECP x64 (Version: 6.0.8.8)
Custom (Version: 01.00.00.000)
Data Protection Agent (Version: 3.4.5619.10914)
Dell ControlVault Host Components Installer 64 bit (Version: 2.0.20.159)
Dell System Manager (Version: 1.7.10000)
Dell Touchpad (Version: 7.1208.101.116)
Deployment Solution Agent (x32 Version: 7.1.2316.0)
DHTML Editing Component (x32 Version: 6.02.0001)
Embassy Security Center - Trusted  Drive  Edition (Version: 02.08.04.011)
EMBASSY Security Center (Version: 04.03.00.129)
ERAS Connector (Version: 02.08.04.0338)
ESC Home Page Plugin (Version: 04.03.00.008)
ESC Home Page Plugin (x32 Version: )
GoToAssist Corporate (x32 Version: 9.1.0.615)
Interactive guide for Excel 2010 (x32 Version: 1.2.1)
IPEvent (x32 Version: 1.1)
Java Auto Updater (x32 Version: 2.0.2.4)
Java(TM) 6 Update 21 (64-bit) (Version: 6.0.210)
Java(TM) 6 Update 21 (x32 Version: 6.0.210)
Main_Profile
McAfee Agent (x32 Version: 4.6.0.2292)
McAfee Host Intrusion Prevention (x32 Version: 7.00.0700)
McAfee VirusScan Enterprise (x32 Version: 8.8.01000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft AntiXSS v4.2.1 (x32 Version: 4.2.1)
Microsoft Lync 2010 (Version: 4.0.7577.4392)
Microsoft Lync 2010, MUI (Version: 4.0.7577.0)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Live Meeting 2007 (x32 Version: 8.0.6362.200)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Project 2003 German User Interface Pack (x32 Version: 11.0.6726.0)
Microsoft Office Project Standard 2003 (x32 Version: 11.0.6707.0)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Standard 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (x32 Version: 9.0)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (x32 Version: 10.0.40219.1)
Microsoft RunTime Components (x32 Version: 2.0.0.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visio Viewer 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727)
Microsoft Visual J# 2.0 Redistributable Package (x32)
Microsoft Word 2010 Interactive Guide (x32 Version: 1.2.1)
Mindjet MindManager 2012 (x32 Version: 10.0.445)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML4.0 redistributable (x32 Version: 4.0.0.0)
OneBP sidebar (x32 Version: 4.2)
Open Text Imaging Windows Viewer (x32 Version: 9.7.0)
Open Text Imaging Windows Viewer 9.7.0 - German Language (x32 Version: 9.7.0)
Oracle Client (x32 Version: 9.2.0.8)
Outlook 2010 Interactive Guide (x32 Version: 1.2.1)
Password Safe 3.22 for Windows (x32 Version: 3.22)
Patch Management Agent (x32 Version: 7.1.7580.0)
PDF-XChange 3
PowerPoint 2010 Interactive Guide (x32 Version: 1.2.1)
RAP (x32)
SAP Business Explorer (x32 Version: 7.30)
SAP GUI for Windows 7 -  v7200.1.2.1051 Build  1184507 PL2 (x32)
SAP GUI for Windows 7.30 (x32 Version: 7.30 Compilation 1)
SAPToolsGerW7 (x32 Version: 7.0.1)
Services file (Version: 1.0.3)
Software Management Solution Plugin (x32 Version: 7.1.7580.0)
Trusted Drive Manager (Version: 4.4.0.28)
TuneUp Utilities 2013 (x32 Version: 13.0.4000.122)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.122)
upekmsi (Version: 03.64.05.0000)
vcredist_x86 (x32 Version: 1.0.0)
Wave Infrastructure Installer (Version: 07.67.30.0020)
Wave Support Software Installer (Version: 05.13.00.035)
WinZip 14.5 (x32 Version: 14.5.9095)

==================== Restore Points  =========================

08-11-2013 09:28:51 Scheduled Checkpoint
15-11-2013 11:41:46 Scheduled Checkpoint
20-11-2013 03:34:49 ER11-2013 Restore Point
20-11-2013 03:36:55 Windows Update
20-11-2013 03:40:25 Windows Update
27-11-2013 14:48:12 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {273A54DF-545F-4792-A90F-BD06C927DDD0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {6BEAD4AF-EE0A-4D14-88F6-7834356B600C} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27] (Adobe Systems Incorporated)
Task: {AE59BE6C-60CF-4386-84D8-5715D9FCB42C} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-10-11] (TuneUp Software)
Task: {EF289015-FD22-4E73-B50D-25A0390350B0} - System32\Tasks\WSCEAA => C:\Program Files\Wave Systems Corp\RemoteManagement\wsceaa.exe [2011-08-04] (Wave Systems Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-02-14 14:57 - 2012-02-14 14:57 - 00899616 _____ () C:\Program Files\Safend\Data Protection Agent\Utils.dll
2012-02-14 14:57 - 2012-02-14 14:57 - 00911904 _____ () C:\Program Files\Safend\Data Protection Agent\Common.dll
2012-02-14 14:57 - 2012-02-14 14:57 - 00854560 _____ () C:\Program Files\Safend\Data Protection Agent\UI.Common.dll
2012-02-14 14:57 - 2012-02-14 14:57 - 00133664 _____ () C:\Program Files\Safend\Data Protection Agent\DataProtectionAgent.exe.brand.dll
2012-02-14 14:57 - 2012-02-14 14:57 - 00723488 _____ () C:\Program Files\Safend\Data Protection Agent\Backend.Agent.Controller.dll
2012-02-14 14:53 - 2012-02-14 14:53 - 00018944 _____ () C:\Program Files\Safend\Data Protection Agent\en-US\DataProtectionAgent.resources.dll
2012-02-14 14:57 - 2012-02-14 14:57 - 00150048 _____ () C:\Program Files\Safend\Data Protection Agent\Agent.UI.dll
2013-02-18 17:00 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-08-03 12:01 - 2011-08-03 12:01 - 00033280 _____ () C:\Program Files\Wave Systems Corp\RemoteManagement\res\ETBI-Res_de.dll
2012-06-07 09:36 - 2012-06-07 09:36 - 00067576 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_thread-vc80-mt-1_45.dll
2012-06-07 09:35 - 2012-06-07 09:35 - 00017912 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_system-vc80-mt-1_45.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2011-09-14 20:08 - 2011-09-14 20:08 - 00150032 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\WscAv.dll
2002-04-29 14:04 - 2002-04-29 14:04 - 00246032 _____ () C:\oracle\ora92\bin\ORATRACE9.dll
2012-06-07 09:35 - 2012-06-07 09:35 - 00063480 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_date_time-vc80-mt-1_45.dll
2012-06-07 09:35 - 2012-06-07 09:35 - 00153592 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_filesystem-vc80-mt-1_45.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2011-09-14 13:02 - 2011-09-14 13:02 - 00150856 _____ () C:\Program Files (x86)\Mindjet\MindManager 10\zlib.dll
2011-01-30 16:45 - 2011-01-30 16:45 - 02893216 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
2010-12-21 01:15 - 2010-12-21 01:15 - 01041248 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:EB79147D

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SDPAgent => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SP => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SDPAgent => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SP => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Cognitas CrossLink Virtual Adapter
Description: Cognitas CrossLink Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cognitas
Service: CLVMini
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2013 03:02:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.7105.5000, Zeitstempel: 0x51e84e55
Name des fehlerhaften Moduls: OUTLOOK.EXE, Version: 14.0.7105.5000, Zeitstempel: 0x51e84e55
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00a8ee1e
ID des fehlerhaften Prozesses: 0x130
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3

Error: (12/03/2013 08:29:33 AM) (Source: Password Changer) (User: )
Description: Cannot Change Password for local account [BPGDB_Guest].

Error: (12/03/2013 08:29:33 AM) (Source: Password Changer) (User: )
Description: Cannot Change Password for local account [BPGDB_Administrator].

Error: (11/29/2013 04:29:31 PM) (Source: AutoEnrollment) (User: )
Description: BP1\putlbz0x8007003aDer angegebene Server kann den angeforderten Vorgang nicht ausführen.

Error: (11/29/2013 04:28:28 PM) (Source: Password Changer) (User: )
Description: Cannot Change Password for local account [BPGDB_Guest].

Error: (11/29/2013 04:28:28 PM) (Source: Password Changer) (User: )
Description: Cannot Change Password for local account [BPGDB_Administrator].

Error: (11/29/2013 07:22:44 AM) (Source: Password Changer) (User: )
Description: Cannot Change Password for local account [BPGDB_Guest].

Error: (11/29/2013 07:22:44 AM) (Source: Password Changer) (User: )
Description: Cannot Change Password for local account [BPGDB_Administrator].

Error: (11/28/2013 08:47:44 AM) (Source: Password Changer) (User: )
Description: Cannot Change Password for local account [BPGDB_Guest].

Error: (11/28/2013 08:47:44 AM) (Source: Password Changer) (User: )
Description: Cannot Change Password for local account [BPGDB_Administrator].


System errors:
=============
Error: (12/03/2013 08:31:52 AM) (Source: Microsoft-Windows-GroupPolicy) (User: BP1)
Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Der WMI-Filter (Windows Management Instrumentation) für das Gruppenrichtlinienobjekt "cn={C2191729-8CFB-4FBD-9772-486DA18EB3EE},cn=policies,cn=system,DC=bp1,DC=ad,DC=bp,DC=com" konnte nicht ausgewertet werden. Dies kann darauf zurückzuführen sein, dass RSoP deaktiviert ist, oder dass der WMI-Dienst deaktiviert oder angehalten wurde, bzw. andere WMI-Fehler aufgetreten sind. Stellen Sie sicher, dass der WMI-Dienst gestartet ist und dass der Starttyp auf automatischen Start festgelegt ist. Neue Gruppenrichtlinienobjekte oder -einstellungen werden nicht verarbeitet, bis dieses Ereignis behoben wurde.

Error: (12/03/2013 08:31:52 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Der WMI-Filter (Windows Management Instrumentation) für das Gruppenrichtlinienobjekt "cn={C2191729-8CFB-4FBD-9772-486DA18EB3EE},cn=policies,cn=system,DC=bp1,DC=ad,DC=bp,DC=com" konnte nicht ausgewertet werden. Dies kann darauf zurückzuführen sein, dass RSoP deaktiviert ist, oder dass der WMI-Dienst deaktiviert oder angehalten wurde, bzw. andere WMI-Fehler aufgetreten sind. Stellen Sie sicher, dass der WMI-Dienst gestartet ist und dass der Starttyp auf automatischen Start festgelegt ist. Neue Gruppenrichtlinienobjekte oder -einstellungen werden nicht verarbeitet, bis dieses Ereignis behoben wurde.

Error: (12/03/2013 08:31:52 AM) (Source: DCOM) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}

Error: (12/03/2013 08:29:29 AM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne BP1 aufgrund der folgenden
Ursache nicht einrichten: 
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (11/29/2013 04:56:15 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (11/29/2013 04:33:52 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422

Error: (11/29/2013 04:31:55 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422

Error: (11/29/2013 04:31:52 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422

Error: (11/29/2013 04:31:48 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422

Error: (11/29/2013 04:30:45 PM) (Source: DCOM) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}


Microsoft Office Sessions:
=========================
Error: (12/03/2013 03:02:05 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE14.0.7105.500051e84e55OUTLOOK.EXE14.0.7105.500051e84e55c000000500a8ee1e13001cef002cf6626c3C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEC:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE7cf75d7a-5c23-11e3-ba9f-24b6fdfd49c4

Error: (12/03/2013 08:29:33 AM) (Source: Password Changer)(User: )
Description: BPGDB_Guest

Error: (12/03/2013 08:29:33 AM) (Source: Password Changer)(User: )
Description: BPGDB_Administrator

Error: (11/29/2013 04:29:31 PM) (Source: AutoEnrollment)(User: )
Description: BP1\putlbz0x8007003aDer angegebene Server kann den angeforderten Vorgang nicht ausführen.

Error: (11/29/2013 04:28:28 PM) (Source: Password Changer)(User: )
Description: BPGDB_Guest

Error: (11/29/2013 04:28:28 PM) (Source: Password Changer)(User: )
Description: BPGDB_Administrator

Error: (11/29/2013 07:22:44 AM) (Source: Password Changer)(User: )
Description: BPGDB_Guest

Error: (11/29/2013 07:22:44 AM) (Source: Password Changer)(User: )
Description: BPGDB_Administrator

Error: (11/28/2013 08:47:44 AM) (Source: Password Changer)(User: )
Description: BPGDB_Guest

Error: (11/28/2013 08:47:44 AM) (Source: Password Changer)(User: )
Description: BPGDB_Administrator


==================== Memory info =========================== 

Percentage of memory in use: 54%
Total physical RAM: 3977.05 MB
Available physical RAM: 1825.64 MB
Total Pagefile: 9940.23 MB
Available Pagefile: 7382.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (VOYAGER-1.0) (Fixed) (Total:298.09 GB) (Free:232.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive p: (MSA1000 DS002 LW F) (Network) (Total:203.89 GB) (Free:18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: AF438F49)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

Alt 03.12.2013, 18:01   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Mail delivery failed: returning message to sender - Standard

Mail delivery failed: returning message to sender


hi,
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________
Alt 03.12.2013, 18:27   #3
Putlitz
 
Mail delivery failed: returning message to sender - Standard

Mail delivery failed: returning message to sender


Hallo, folgende Nachricht erscheint wenn ich auf den Link 1 klicke

Blocked
This website is blocked for your and BP's protection.

The website that you are trying to access is currently categorised as Illegal Activities and has been deemed to be potentially unsafe or unsuitable for browsing.
__________________
Alt 04.12.2013, 11:32   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Mail delivery failed: returning message to sender - Standard

Mail delivery failed: returning message to sender


Von wem kommt die Meldung?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.12.2013, 13:09   #5
Putlitz
 
Mail delivery failed: returning message to sender - Standard

Mail delivery failed: returning message to sender


Da ich Mitarbeiter der BP bin kommt diese Antwort von den Administratoren, die vermutlich den download nicht zulassen.

Besteht das Problem ggfls. nur von diesem PC mit dieser IP....und andere PCs und das iphone hat diese Probleme nicht?

Gruß Putlitz


Alt 05.12.2013, 08:39   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Mail delivery failed: returning message to sender - Standard

Mail delivery failed: returning message to sender


Was isn BP?

Also ist das ein Firmenrechner und ihr habt ne eigene IT Abteilung?
__________________
--> Mail delivery failed: returning message to sender

Alt 05.12.2013, 12:19   #7
Putlitz
 
Mail delivery failed: returning message to sender - Standard

Mail delivery failed: returning message to sender


Moin,

ja, es handelt sich um einen Firmenrechner der BP.
Na klar haben wir eine eigene IT - warte mal...gerade müßte Indien zuständig sein, ggfls. auch Polen...je nach Uhrzeit.

Nein, im Ernst, die BP wird sich doch vermutlich nicht mit meinem web.de Problem beschäftigen, oder?

Beste Grüße
Putlitz

Noch eine Frage:

Besteht das Problem darin, dass die IP-Adresse von meinem Firmenrechner auf den Servern von diversen meiner Kontakten auf der Blacklist/Greylist gelandet ist?

Macht es dann Sinn um das Problem zu lösen die IP - Adresse ändern zu lassen (wenn das überhaupt möglich ist)?

Viele Grüße
Putlitz

Alt 06.12.2013, 09:41   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Mail delivery failed: returning message to sender - Standard

Mail delivery failed: returning message to sender


Das Problem ist, dass wir laut Regeln (die du gelesen haben solltest) keine Firmenrechner bereinigen, die eine eigene IT haben.

1) die IT wird dafür bezahlt
2) unsere Tools sind alle private use only, und auch von den Erkennungen so ausgelegt, dass da gerne mal was firmenspezifisches, was so auf einem heimandwender-pc niemals vorkommen kann, gelöscht werden könnte. Wäre dann blöd.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Mail delivery failed: returning message to sender
4d36e972-e325-11ce-bfc1-08002be10318, access, alter, apc, automatische, blacklist, charset, could, delivered, delivery, diverse, email, failed, failure, folge, folgende, header, mail, message, nemesis, not, original, permanent, please, plug-in, remote, schei, sending, server, servern, web.de


« Windows 7: Verseuchter Rechner (Malewarebytes findet 23 infizierte Dateien) | Fehlermeldung beim Start »


Ähnliche Themen: Mail delivery failed: returning message to sender


  1. bis zu 50 x am Tag: mail delivery failed: Returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 23.11.2015 (25)
  2. mailer-daemon@gmx.de; Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 06.02.2015 (1)
  3. keineantwortadresse@web.de/Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 18.08.2014 (6)
  4. Mail delivery failed: returning message to sender (adressen stimmten)
    Log-Analyse und Auswertung - 17.08.2014 (5)
  5. Mail delivery failed: returning message to sender
    Überwachung, Datenschutz und Spam - 16.07.2014 (3)
  6. mail delivery failed: returning message to sender - web.de account
    Plagegeister aller Art und deren Bekämpfung - 23.03.2014 (9)
  7. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 24.11.2013 (11)
  8. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (8)
  9. mail delivery failed: returning message to sender - web.de account
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (9)
  10. mail delivery failed: returning message to sender im gmx account
    Log-Analyse und Auswertung - 12.07.2013 (5)
  11. Mail delivery failed returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (7)
  12. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (3)
  13. Seit ca. 7 Tagen: web.de - mail delivery failed returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (13)
  14. mail delivery failed: returning message to sender bei web.de
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (11)
  15. Mail delivery failed: returning message to sender bei web.de
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (11)
  16. mail delivery failed: returning message to sender im web.de account
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (3)
  17. Mail Delivery Failed: Returning Message to Sender
    Alles rund um Windows - 10.10.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Mail delivery failed: returning message to sender - Hallo, leider bekomme ich von diversen Personen folgende automatische Rückantwort (siehe unten). Es scheint so, als ob ich bei einigen Servern auf einer Blacklist/Greylist gekommen bin. Bitte um Hilfe Mit - Mail delivery failed: returning message to sender...
Archiv
Du betrachtest: Mail delivery failed: returning message to sender auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131