Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win Vista verschickt Spam kein Fund

Win Vista verschickt Spam kein Fund


Log-Analyse und Auswertung: Win Vista verschickt Spam kein Fund

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 22.12.2014, 16:07   #1
bojeboje
 
Win Vista verschickt Spam kein Fund - Standard

Win Vista verschickt Spam kein Fund


Hallo zusammen,
folgendes Problem:
Emailadresse ( von Unitymedia) wurde jetzt zum 2. Mal gesperrt, da Spam von ihr aus verschickt wurde.
Auf die Emailadresse wird nur von diesem Laptop aus zugegriffen und zwar über das "Windows Email" Programm. Beim 1. Mal war der Laptop im Urlaub dabei und hat dort das Wlan der Vermieterin genutzt. Die Unityhotline irg welche Tipps gegeben ( war leider nicht dabei ) und anschließend war alles gut.
Diesmal ist es wieder direkt am ersten Tag des Urlaubs ( also Laptop über fremdes Wlan benutzt ) passiert und Antivir findet einfach nichts. Provider hat nur mit der permanenten Sperrung der Email gedroht
Vielen Dank schon mal im Vorraus,
Thomas

Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:15 on 22/12/2014 (detlef)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2014 01
Ran by detlef (administrator) on DETLEF-PC on 22-12-2014 15:17:41
Running from C:\Users\detlef\Desktop
Loaded Profile: detlef (Available profiles: detlef)
Platform: Microsoft® Windows Vista™ Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ieuser.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2012-08-30] (Microsoft Corporation)
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [446635 2008-06-03] (Creative Technology Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3444736 2007-12-08] (Dell Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2008-02-15] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-21] (APN)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3628282582-583965577-2510337440-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-3628282582-583965577-2510337440-1000\...\RunOnce: [Adobe Speed Launcher] => 1418831906
HKU\S-1-5-21-3628282582-583965577-2510337440-1000\...\RunOnce: [HPSoftwareUpdate] => C:\Program Files\HP\HP Software Update\HPWUCli.exe [642360 2013-06-05] (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\detlef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKU\S-1-5-21-3628282582-583965577-2510337440-1000 -> Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\detlef\AppData\Roaming\Mozilla\Firefox\Profiles\uoprrkz8.default
FF Homepage: www.google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\detlef\AppData\Roaming\Mozilla\Firefox\Profiles\uoprrkz8.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\detlef\AppData\Roaming\Mozilla\Firefox\Profiles\uoprrkz8.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF Extension: Adblock Plus - C:\Users\detlef\AppData\Roaming\Mozilla\Firefox\Profiles\uoprrkz8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-08]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-11-26]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe [73728 2007-09-20] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [647168 2007-07-25] (Intel Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-06-04] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-07-25] (Intel Corporation) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe [102400 2008-02-15] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2007-12-08] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 15:17 - 2014-12-22 15:18 - 00011506 _____ () C:\Users\detlef\Desktop\FRST.txt
2014-12-22 15:17 - 2014-12-22 15:17 - 00000000 ____D () C:\FRST
2014-12-22 15:15 - 2014-12-22 15:16 - 00000474 _____ () C:\Users\detlef\Desktop\defogger_disable.log
2014-12-22 15:15 - 2014-12-22 15:15 - 00000000 _____ () C:\Users\detlef\defogger_reenable
2014-12-22 15:14 - 2014-12-22 15:11 - 00050477 _____ () C:\Users\detlef\Desktop\Defogger.exe
2014-12-22 15:14 - 2014-12-22 15:09 - 00380416 _____ () C:\Users\detlef\Desktop\Gmer-19357.exe
2014-12-22 15:14 - 2014-12-22 15:07 - 01114112 _____ (Farbar) C:\Users\detlef\Desktop\FRST.exe
2014-12-22 15:03 - 2014-12-22 15:03 - 00000000 ____D () C:\Users\detlef\AppData\Roaming\HpUpdate
2014-12-22 15:02 - 2014-12-22 15:02 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-12-12 20:26 - 2014-12-12 20:26 - 00000938 _____ () C:\Users\detlef\Desktop\Windows Media Player.lnk
2014-12-09 16:11 - 2014-12-09 16:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 15:15 - 2012-08-31 16:29 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{97AFF26E-DE75-444B-AFE6-8277A352578C}.job
2014-12-22 15:15 - 2012-08-28 20:12 - 00000000 ____D () C:\Users\detlef
2014-12-22 15:15 - 2006-11-02 11:33 - 01461736 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-22 15:03 - 2012-08-31 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-12-22 14:52 - 2006-11-02 13:52 - 01487116 _____ () C:\Windows\WindowsUpdate.log
2014-12-22 14:52 - 2006-11-02 13:47 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 14:52 - 2006-11-02 13:47 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-17 19:51 - 2012-08-30 19:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-17 16:30 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-16 20:10 - 2006-11-02 14:01 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-15 17:26 - 2013-12-15 15:45 - 00000000 ____D () C:\Users\detlef\Documents\Kochbuch 2
2014-12-14 20:39 - 2012-08-31 16:35 - 00000000 ____D () C:\Users\detlef\Documents\Kurzspeicher
2014-12-11 09:13 - 2012-08-30 13:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 09:10 - 2013-07-11 09:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 09:07 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-10 23:09 - 2014-11-17 20:06 - 00000000 ____D () C:\Users\detlef\Documents\NHL
2014-12-10 23:09 - 2012-08-31 16:35 - 00000000 ____D () C:\Users\detlef\Documents\Schule
2014-12-10 13:48 - 2014-11-18 15:46 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-10 13:48 - 2014-11-18 15:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-10 13:48 - 2013-08-22 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-10 13:48 - 2013-08-22 18:21 - 00000000 ____D () C:\Program Files\Avira
2014-12-09 22:24 - 2012-08-30 19:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-09 18:56 - 2012-08-31 16:29 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-09 18:53 - 2012-08-30 19:56 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 18:53 - 2012-08-30 19:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-08 23:40 - 2012-08-30 20:51 - 00002631 _____ () C:\Users\detlef\Desktop\Microsoft Office Word 2007.lnk

Some content of TEMP:
====================
C:\Users\detlef\AppData\Local\Temp\avgnt.exe
C:\Users\detlef\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-17 16:45

==================== End Of Log ============================
Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2014 01
Ran by detlef at 2014-12-22 15:18:24
Running from C:\Users\detlef\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C1500}) (Version: 12.21.0.3946 - APN, LLC)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D4200 (Version: 90.0.235.000 - Hewlett-Packard) Hidden
D4200_Help (Version: 90.0.235.000 - Hewlett-Packard) Hidden
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Ihr Firmenname)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1007.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version:  - )
Dell Wireless WLAN Karte (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
DeviceDiscovery (Version: 90.0.205.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
dj_sf_ProductContext (Version: 90.0.235.000 - Hewlett-Packard) Hidden
dj_sf_software (Version: 90.0.235.000 - Hewlett-Packard) Hidden
dj_sf_software_req (Version: 90.0.235.000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Deskjet Printer Driver Software 9.0 (HKLM\...\{03E66394-42F0-4745-85F7-0A2F8F35C09F}) (Version: 9.0 - HP)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Ihr Firmenname)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.1419.1 - Creative Technology Ltd)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.22.6.3 - Marvell)
mCore (Version: 9.24.0000 - Intel Corporation) Hidden
mDriver (Version: 9.24.0000 - Intel) Hidden
mHelp (Version: 9.24.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mMHouse (Version: 9.24.0000 - Intel Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
mPfMgr (Version: 9.24.0000 - Intel Corporation) Hidden
mWMI (Version: 9.24.0000 - Intel Corporation) Hidden
PanoStandAlone (Version: 90.0.146.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 8.2.17 - Dell Inc.)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points  =========================

14-08-2014 13:37:24 Windows Update
25-08-2014 19:59:06 Geplanter Prüfpunkt
27-08-2014 15:26:36 Geplanter Prüfpunkt
11-09-2014 19:49:36 Windows Update
15-10-2014 10:38:26 Windows Update
28-10-2014 18:57:49 Geplanter Prüfpunkt
13-11-2014 17:50:30 Windows Update
19-11-2014 19:44:09 Geplanter Prüfpunkt
24-11-2014 16:01:35 Geplanter Prüfpunkt
11-12-2014 09:02:16 Windows Update
22-12-2014 15:02:21 Installed HP Update.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {8C510525-D35D-4C9B-B9AB-C3E5636D3BF8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {B70236F3-6424-496F-A959-A9C45CC506AE} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - detlef => C:\Program Files\Windows Calendar\wincal.exe [2012-08-30] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{97AFF26E-DE75-444B-AFE6-8277A352578C}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2012-08-30 15:40 - 2007-12-08 13:34 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2012-08-30 15:40 - 2007-12-08 13:34 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2014-11-20 14:09 - 2014-11-20 14:09 - 00245760 _____ () C:\Program Files\Avira\My Avira\System.ComponentModel.Composition.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3628282582-583965577-2510337440-500 - Administrator - Disabled)
detlef (S-1-5-21-3628282582-583965577-2510337440-1000 - Administrator - Enabled) => C:\Users\detlef
Gast (S-1-5-21-3628282582-583965577-2510337440-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/16/2014 06:18:14 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (12/15/2014 06:48:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung bcmwltry.exe, Version 4.170.25.12, Zeitstempel 0x46f3437a, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x03ca7722,
Prozess-ID 0x5d4, Anwendungsstartzeit bcmwltry.exe0.

Error: (12/15/2014 02:44:56 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (12/15/2014 00:02:35 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (12/15/2014 10:51:09 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (12/15/2014 10:31:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung bcmwltry.exe, Version 4.170.25.12, Zeitstempel 0x46f3437a, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x03ca975a,
Prozess-ID 0x5c8, Anwendungsstartzeit bcmwltry.exe0.

Error: (12/15/2014 08:49:37 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (12/15/2014 08:36:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung bcmwltry.exe, Version 4.170.25.12, Zeitstempel 0x46f3437a, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x03ca975a,
Prozess-ID 0x5c4, Anwendungsstartzeit bcmwltry.exe0.

Error: (12/15/2014 07:00:26 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (12/14/2014 10:11:16 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


System errors:
=============
Error: (12/16/2014 08:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (12/16/2014 08:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (12/16/2014 08:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (12/16/2014 08:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (12/16/2014 08:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (12/16/2014 08:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (12/16/2014 08:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (12/16/2014 08:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2

Error: (12/16/2014 08:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/16/2014 05:59:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-12 21:17:36.522
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 20:38:02.058
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-28 19:24:48.260
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-28 19:24:48.217
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-28 19:13:02.000
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-28 19:13:01.963
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-28 19:12:52.552
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-28 19:12:52.501
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 49%
Total physical RAM: 2037.43 MB
Available physical RAM: 1029.34 MB
Total Pagefile: 4292.16 MB
Available Pagefile: 2926.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.69 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.45 GB) (Free:103.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (MULTIBOOT) (Removable) (Total:7.5 GB) (Free:7.48 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: A8000000)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)

==================== End Of Log ============================
Gmer
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-22 15:41:21
Windows 6.0.6000  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9160821AS rev.3.CDE 149,05GB
Running: Gmer-19357.exe; Driver: C:\Users\detlef\AppData\Local\Temp\uxlyrpod.sys


---- System - GMER 2.1 ----

SSDT            8BB23674                                                                                  ZwClose
SSDT            8BB2367E                                                                                  ZwCreateSection
SSDT            8BB2366F                                                                                  ZwDuplicateObject
SSDT            8BB23610                                                                                  ZwOpenProcess
SSDT            8BB23615                                                                                  ZwOpenThread
SSDT            8BB23688                                                                                  ZwRequestWaitReplyPort
SSDT            8BB23683                                                                                  ZwSetContextThread
SSDT            8BB2368D                                                                                  ZwSetSecurityObject
SSDT            8BB23692                                                                                  ZwSystemDebugControl
SSDT            8BB2361F                                                                                  ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 368                                                       81C80874 4 Bytes  [74, 36, B2, 8B] {JZ 0x38; MOV DL, 0x8b}
.text           ntkrnlpa.exe!ZwCallbackReturn + 3D4                                                       81C808E0 4 Bytes  [7E, 36, B2, 8B] {JLE 0x38; MOV DL, 0x8b}
.text           ntkrnlpa.exe!ZwCallbackReturn + 73C                                                       81C80C48 4 Bytes  [83, 36, B2, 8B]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Internet Explorer\iexplore.exe[4956] USER32.dll!DialogBoxIndirectParamW  767114EA 5 Bytes  JMP 66472046 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[4956] USER32.dll!MessageBoxExA            7672570D 5 Bytes  JMP 66471F8D C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[4956] USER32.dll!DialogBoxParamA          767265BF 5 Bytes  JMP 6647200B C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[4956] USER32.dll!MessageBoxIndirectW      7672F1B3 5 Bytes  JMP 663217EA C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[4956] USER32.dll!DialogBoxParamW          7673129F 5 Bytes  JMP 662FF4B9 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[4956] USER32.dll!DialogBoxIndirectParamA  767529C9 5 Bytes  JMP 66472081 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[4956] USER32.dll!MessageBoxIndirectA      7675FACF 5 Bytes  JMP 66471FC7 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[4956] USER32.dll!MessageBoxExW            7675FBC9 5 Bytes  JMP 66471F53 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[4956] ole32.dll!OleLoadFromStream         763208B2 5 Bytes  JMP 66472243 C:\Windows\system32\IEFRAME.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                  fltmgr.sys

---- EOF - GMER 2.1 ----

Alt 22.12.2014, 16:32   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Win Vista verschickt Spam kein Fund - Standard

Win Vista verschickt Spam kein Fund


Hi,

Passwort ändern vom Mail Account.

Zitat:
also Laptop über fremdes Wlan benutzt
Als was trägst Du das WLAN ein?`Wenn Du dich verbindest kommt ne Frage was das für ein Netzwerk ist:

Öffentlich / Arbeitsplatz / Heimnetz

Was wählst Du da immer`?
__________________

__________________
Alt 22.12.2014, 19:07   #3
bojeboje
 
Win Vista verschickt Spam kein Fund - Standard

Win Vista verschickt Spam kein Fund


Ja das mit dem Passwort ändern haben beide Male die vom Provider übernommmen als ich angerufen hatte, dass sie bitte den Account wieder freischalten.
Wurde beim ersten Mal danach auf ein ebendso sicheres Passwort gewechselt.

"Öffentlich"
__________________
Alt 23.12.2014, 17:11   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Win Vista verschickt Spam kein Fund - Standard

Win Vista verschickt Spam kein Fund


Der Provider ändert dein Passwort?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win Vista verschickt Spam kein Fund
adware, antivir, antivirus, avira, browser, cpu, excel, flash player, home, homepage, karte, kein fund, mozilla, problem, registry, rundll, scan, security, services.exe, software, spam, svchost.exe, system, vista, windows, wlan


« Windows 8.1 - Ganzes Paket eingefangen - PerformerSoft/OpenCandy/SearchProtect... | Rechner ist sehr langsam - Windows xp; 1,5GB RAM »


Ähnliche Themen: Win Vista verschickt Spam kein Fund


  1. Trojaner verschickt Spam-Emails
    Log-Analyse und Auswertung - 05.11.2015 (3)
  2. web.de Mailadresse verschickt Spam
    Log-Analyse und Auswertung - 20.05.2015 (7)
  3. Hotmail verschickt Spam
    Plagegeister aller Art und deren Bekämpfung - 19.12.2014 (15)
  4. Yahoo-Mail Account verschickt Spam, hinterlässt keine Spuren im Verschickt-Ordner Win8
    Plagegeister aller Art und deren Bekämpfung - 16.07.2014 (11)
  5. GMX Account verschickt Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 09.02.2014 (11)
  6. AOL Mailadresse verschickt Spam
    Plagegeister aller Art und deren Bekämpfung - 30.05.2013 (31)
  7. emailadresse verschickt spam
    Log-Analyse und Auswertung - 15.05.2013 (34)
  8. Spam über GMX Konto verschickt
    Überwachung, Datenschutz und Spam - 01.01.2013 (5)
  9. Account hat spam-emails verschickt
    Log-Analyse und Auswertung - 21.11.2011 (11)
  10. Yahoo verschickt Spam-Mails
    Log-Analyse und Auswertung - 01.10.2011 (1)
  11. Hotmail verschickt Spam-Mails
    Überwachung, Datenschutz und Spam - 16.08.2011 (1)
  12. MBR-Infiziert, Rechner verschickt Spam
    Log-Analyse und Auswertung - 30.07.2011 (41)
  13. Msn verschickt Spam!
    Plagegeister aller Art und deren Bekämpfung - 12.05.2011 (29)
  14. Mail-Account verschickt Spam
    Plagegeister aller Art und deren Bekämpfung - 09.12.2010 (30)
  15. dnschanger, fakealert, kein Fund mit G data, Fund mit antimalwarebytes
    Log-Analyse und Auswertung - 07.06.2010 (11)
  16. PC verschickt SPAM!!!
    Plagegeister aller Art und deren Bekämpfung - 22.01.2008 (1)
  17. Services.exe verschickt Spam
    Plagegeister aller Art und deren Bekämpfung - 01.09.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win Vista verschickt Spam kein Fund - Hallo zusammen, folgendes Problem: Emailadresse ( von Unitymedia) wurde jetzt zum 2. Mal gesperrt, da Spam von ihr aus verschickt wurde. Auf die Emailadresse wird nur von diesem Laptop aus - Win Vista verschickt Spam kein Fund...
Archiv
Du betrachtest: Win Vista verschickt Spam kein Fund auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131