Zurück   Trojaner-Board > Malware entfernen > Überwachung, Datenschutz und Spam

Überwachung, Datenschutz und Spam: Dauerhafte "Mail Delivery System"-Mails

Windows 7 Fragen zu Verschlüsselung, Spam, Datenschutz & co. sind hier erwünscht. Hier geht es um Abwehr von Keyloggern oder aderen Spionagesoftware wie Spyware und Adware. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

 
Alt 10.03.2013, 13:31   #1
krustentier
 
Dauerhafte "Mail  Delivery System"-Mails - Standard

Dauerhafte "Mail Delivery System"-Mails



Moin,
ich kriege seit einiger Zeit regelmäßig Mails auf mein Mailkonto die besagen, dass eine von mir verschickte Mail nicht zugestellt werden konnte, bzw dass der Adressent nicht existiert.
Die Mails sehen genauso aus wie die "echten" Mail Delivery System-Mails, insofern gehe ich davon aus, dass ich mir 'nen Trojaner oder sowas eingefangen habe, der automatisch Spam-Mails verschickt.

Eigentlich wollte ich mit BB-Code 'nen Spoiler mit der Mail einfügen, aber irgendwie funktioniert das nicht?

Es ist jedenfalls freenet-Mail-Konto. Ich habe zwei Systeme, mit denen ich auf dieses Konto zugreife, ein Tower und ein Netbook, beide Windows 7 (Rechner 64 Bit, Netbook 32 Bit).
Die Logfiles sind alle vom Tower-System.

OTL.txt:
OTL logfile created on: 10.03.2013 12:19:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

6,00 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 75,61% Memory free
11,99 Gb Paging File | 10,18 Gb Available in Paging File | 84,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 70,81 Gb Free Space | 48,37% Space Free | Partition Type: NTFS
Drive D: | 785,03 Gb Total Space | 604,09 Gb Free Space | 76,95% Space Free | Partition Type: NTFS
Drive E: | 4,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: RAPTORJESUS | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.10 12:19:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2013.03.06 13:12:24 | 001,752,576 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.09 11:15:49 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 16:51:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 16:51:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\VPN Client\cvpnd.exe
PRC - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
PRC - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe


========== Modules (No Company Name) ==========

MOD - [2013.03.06 13:11:54 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Last.fm\listener.dll
MOD - [2013.03.06 13:11:50 | 000,757,248 | ---- | M] () -- C:\Program Files (x86)\Last.fm\unicorn.dll
MOD - [2013.03.06 13:11:24 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Last.fm\logger.dll
MOD - [2013.03.05 13:25:40 | 000,350,720 | ---- | M] () -- C:\Program Files (x86)\Last.fm\lastfm.dll
MOD - [2013.01.18 11:49:56 | 000,182,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\plugins\phonon_backend\phonon_vlc.dll
MOD - [2013.01.18 11:39:50 | 000,302,592 | ---- | M] () -- C:\Program Files (x86)\Last.fm\phonon.dll
MOD - [2012.12.13 00:13:36 | 002,286,592 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libvlccore.dll
MOD - [2012.12.13 00:13:32 | 000,049,664 | ---- | M] () -- C:\Program Files (x86)\Last.fm\plugins\audio_output\libaout_directx_plugin.dll
MOD - [2012.12.13 00:12:58 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libvlc.dll
MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012.12.19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.19 15:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2013.02.27 21:43:27 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.05.08 16:51:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 16:51:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService)
SRV - [2009.09.14 16:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV - [2009.09.14 16:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008.11.25 10:45:40 | 000,153,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.12.19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.08 16:51:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 16:51:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.02 11:27:37 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.04.02 11:27:37 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.28 20:11:19 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.12.09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.10.22 02:00:00 | 001,293,824 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb4.sys -- (fwlanusb4)
DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.05.05 16:10:44 | 001,119,072 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 92 EE 48 94 E6 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files (x86)\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files (x86)\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.28 20:18:23 | 000,000,000 | ---D | M]

[2012.03.31 19:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2012.03.08 16:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.08 16:54:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Simple Adblock = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo\1.0.6_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: YouTube Unblocker = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.3.2_0\
CHR - Extension: Google Mail = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{016E9268-C477-43E7-981C-F9CE181897CB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3E39A52-7EBC-43A2-A399-0CA0B3A30664}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.11.21 18:26:21 | 000,000,057 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0aa66bda-49e3-11e1-b894-1c6f6584924d}\Shell - "" = AutoRun
O33 - MountPoints2\{0aa66bda-49e3-11e1-b894-1c6f6584924d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0aa66bda-49e3-11e1-b894-1c6f6584924d}\Shell\install\command - "" = F:\Setup.exe
O33 - MountPoints2\{1dadad8d-58ba-11e1-be3e-1c6f6584924d}\Shell - "" = AutoRun
O33 - MountPoints2\{1dadad8d-58ba-11e1-be3e-1c6f6584924d}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{45efd60b-4937-11e1-ba46-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{45efd60b-4937-11e1-ba46-806e6f6e6963}\Shell\AutoRun\command - "" = E:\OblivionLauncher.exe -- [2006.02.27 16:17:52 | 001,662,976 | R--- | M] (Bethesda Softworks)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.03.10 12:19:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2013.03.09 15:20:57 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\mp3DirectCut
[2013.03.09 15:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut
[2013.03.09 14:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
[2013.03.09 14:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free M4a to MP3 Converter
[2013.03.06 22:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.03.06 22:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.03.06 22:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.03.06 22:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.03.06 20:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2013.02.21 23:30:58 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.21 23:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.21 23:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.11 18:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
[2013.02.11 18:57:32 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDesign.dll
[2013.02.11 18:57:32 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudFile.dll
[2013.02.11 18:57:32 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioInfos.dll
[2013.02.11 18:57:32 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioVisu.dll
[2013.02.11 18:57:32 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudPlayer.dll
[2013.02.11 18:57:32 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioRecord.dll
[2013.02.11 18:57:32 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDisplay.dll
[2013.02.11 18:57:32 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\WMAFile.dll
[2013.02.11 18:57:31 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\FreeAudioPack
[2013.02.11 18:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free mp3 Wma Converter

========== Files - Modified Within 30 Days ==========

[2013.03.10 12:19:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2013.03.10 12:18:53 | 000,000,000 | ---- | M] () -- C:\Users\Alex\defogger_reenable
[2013.03.10 12:17:45 | 000,050,477 | ---- | M] () -- C:\Users\Alex\Desktop\Defogger.exe
[2013.03.10 11:52:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457506275-3499392296-1292500948-1001UA.job
[2013.03.10 11:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.10 10:23:41 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.10 10:23:41 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.10 10:15:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.10 10:15:43 | 534,945,791 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.01 11:26:07 | 004,706,746 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.01 11:26:07 | 001,909,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.01 11:26:07 | 001,400,238 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.01 11:26:07 | 001,242,882 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.01 11:26:07 | 000,007,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.21 23:52:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457506275-3499392296-1292500948-1001Core.job
[2013.02.16 15:40:10 | 000,001,051 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.02.15 21:03:24 | 000,034,213 | ---- | M] () -- C:\Users\Alex\Desktop\Stundenplan Bine.pdf
[2013.02.14 09:39:14 | 000,349,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013.03.10 12:18:53 | 000,000,000 | ---- | C] () -- C:\Users\Alex\defogger_reenable
[2013.03.10 12:17:44 | 000,050,477 | ---- | C] () -- C:\Users\Alex\Desktop\Defogger.exe
[2013.02.16 15:40:10 | 000,001,051 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.02.15 21:03:24 | 000,034,213 | ---- | C] () -- C:\Users\Alex\Desktop\Stundenplan Bine.pdf
[2013.02.11 18:57:32 | 000,116,296 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
[2013.02.11 18:57:31 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012.10.09 18:17:11 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2012.09.12 20:18:28 | 000,000,384 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.05.31 13:03:38 | 000,191,488 | ---- | C] () -- C:\Users\Alex\Part1.par
[2012.05.09 11:24:01 | 000,000,054 | ---- | C] () -- C:\Users\Alex\pc-client.properties
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.12 20:25:50 | 000,007,082 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.29 15:17:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.09.20 19:22:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Canneverbe Limited
[2012.01.29 12:02:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2012.05.06 12:15:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dev-Cpp
[2013.03.10 10:18:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dropbox
[2012.04.21 10:59:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Epson
[2013.02.11 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FreeAudioPack
[2013.01.02 23:53:23 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ICQ
[2012.12.04 10:28:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\LibreOffice
[2013.03.09 15:20:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\mp3DirectCut
[2012.02.15 16:54:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org
[2012.12.21 12:18:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TuneUp Software
[2012.05.01 10:13:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Unigraphics Solutions

========== Purity Check ==========



< End of report >


Extras.txt:
OTL Extras logfile created on: 10.03.2013 12:19:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

6,00 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 75,61% Memory free
11,99 Gb Paging File | 10,18 Gb Available in Paging File | 84,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 70,81 Gb Free Space | 48,37% Space Free | Partition Type: NTFS
Drive D: | 785,03 Gb Total Space | 604,09 Gb Free Space | 76,95% Space Free | Partition Type: NTFS
Drive E: | 4,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: RAPTORJESUS | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035C8E57-7E34-451E-96BA-077739A97701}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{10279BEE-426E-433C-A39E-E1A5E77F1F72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{11CC1D5B-CE96-4D45-BB83-5B46F76C132D}" = lport=138 | protocol=17 | dir=in | app=system |
"{19141097-B7C2-40EC-8AC1-4E442532E396}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1D13254D-6A55-4271-B665-F50070A57108}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1F6CF8E4-B0B7-4112-9D88-15427BA1360E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33817499-48CA-42C2-874B-7BB9C433557C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3D601141-50FA-4D29-9093-B01F8BF2394A}" = lport=139 | protocol=6 | dir=in | app=system |
"{45ACD6D2-A6B7-4C91-BBBE-14374C430C61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49F4BE51-7E92-4008-B490-AE44254DC9AF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{71587648-8195-44D1-A139-508E3C54D5EC}" = lport=445 | protocol=6 | dir=in | app=system |
"{750DFB21-1CCE-41EE-90B7-06923ACF37B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D729746-6E9C-4395-BD2C-92A57715E00D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{7FCF9266-76F5-4BAC-8F3C-F58991AAB1E3}" = rport=139 | protocol=6 | dir=out | app=system |
"{9B424F3B-DCA5-456E-8E11-293EF8F3BE94}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A3B1EEB6-5D61-4BBA-BD44-608C36BB620A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD47F954-C815-49E1-9DEE-D8E23FB48934}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B451ED79-A4F5-4C3B-A851-796EB1907690}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDC5CE5C-7D6D-4E27-8609-E1562BDF409D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CAF223CD-2F87-4C17-9975-C01896622610}" = rport=138 | protocol=17 | dir=out | app=system |
"{CD47F851-D7FB-4B5F-BB74-0AC0010C2660}" = rport=137 | protocol=17 | dir=out | app=system |
"{D7F81496-725C-4C93-A83D-34CEF63E7A58}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2276F67-803A-4D66-A27E-CB677B9AA9E4}" = rport=445 | protocol=6 | dir=out | app=system |
"{FD296664-A704-4F83-852C-D1905FE25D85}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03BCCCD8-A454-428E-96B6-CB9CBF51586F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05F08800-AA07-4663-B2DA-519E6D5E483F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0DD0564D-8816-4916-8C6F-61CD7390F896}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1A033EC4-1466-4E0A-AB69-387A7B293730}" = protocol=6 | dir=out | app=system |
"{1E020B7B-E5AB-46F4-8023-67FDC77B51AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{25396856-A3F3-4207-B578-BC6EB01FD6AD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2F38CDAF-3C31-44A8-92F7-EF220E475718}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2F6B63BF-A43A-4665-8E2D-21B0F8FB13DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{32E5FB50-3313-4DC7-B74B-7B4DEB7FFA92}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{34FC8203-55CD-439F-B68C-BE391CFCFDC1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{3B3462A8-6AE0-43FE-9D9E-0A0628DA0245}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{41FAAC1C-FEEE-4BB8-B5FA-1D4DED402729}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{51E8AB91-E5FA-466D-8D82-3BEBB5D46C45}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5217F238-78E2-4867-BCCD-7F5CB1251798}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{5E6440E9-1F49-4AF7-A71C-FCABD4D05DC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{620CAF7F-AF06-4E38-B8BE-32E75FF5D0C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65F19662-041F-4EA2-B165-B5BA33F45389}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68A51B9B-A7E1-497D-BD59-A2595C64AE33}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A4FFF35-16B0-4E5F-88FA-6B6B819AB0F2}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{6BC4DD46-A613-49BC-9408-B409105E86C9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7786627E-034D-4B1E-9916-35ACD52B0E2E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{85B1BE83-0237-4A66-AF0A-1ED1C69E2C55}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8A046FFD-F0C4-4036-A378-7960CD587F5A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{99C7B0BC-414C-43BF-AD52-123C02A33A38}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A8FD89A3-07F3-464E-B13A-55E085596189}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B306C194-6FD8-4A8B-AB6F-B1002D10650F}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{BAA93C0B-7466-49C2-BC38-E83FC8F37C05}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BD50F0ED-4640-4536-AB55-AC94D1906C03}" = protocol=58 | dir=in | app=system |
"{C095609B-1717-4051-A2E3-F9993B50B0F0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C353B347-09F2-41ED-B3A6-AE1D2DDD89B1}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{C9768FBA-CFFE-450E-8F60-7B4A6C107FE5}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{CD41EB04-2250-4EDF-BC3B-E8BAFE2A1034}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CEBF3E0B-9C3D-4993-AAA0-84EF8C7BA53E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{D7E5775C-3381-4957-99D7-F8991C8C062C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E3B32679-1EF8-4C58-944F-3FC15414CE30}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FE080CD7-47C0-426A-9D2B-105A3D803F42}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FE3B8FE5-FABB-492F-82E6-C68EF2C839FA}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{FF1910C8-74E1-4777-9165-680240186E50}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{05562021-9415-453A-8247-D818DC262FE4}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{3057B31B-A8CF-4267-A1FC-4C7BCBC141DA}D:\torchlight ii\torchlight2.exe" = protocol=6 | dir=in | app=d:\torchlight ii\torchlight2.exe |
"TCP Query User{8049F02D-2992-4F3A-B41D-6D57B98192C6}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe |
"TCP Query User{F290DADA-0047-4EC1-8CB7-C39FFDD4A2A5}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{5F61BBAC-C42F-4331-AEFC-4A077D4486EC}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{6E4875A9-3886-4059-BA13-E488DDE43854}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe |
"UDP Query User{75E340C6-FFEA-4A02-8B85-978E89EC2814}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{B84B4C3B-5CAE-4A4D-B613-B1B4B40219DF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{F7CDB217-B97F-47B9-AA6D-59CC46B24476}D:\torchlight ii\torchlight2.exe" = protocol=17 | dir=in | app=d:\torchlight ii\torchlight2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.10 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{10209B87-55D6-493E-A30A-12A265AA324E}" = TQ Defiler
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{30D81BE6-916F-4B57-9EB5-87C1868D9489}" = SciTE Text Editor
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5C2F3077-DBF4-4931-8186-26A6161B29C3}" = CambridgeSoft ChemDraw ActiveX Enterprise Constant 12.0
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.5-beta-20120426-1
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (CSSQL05)
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B93BC257-3F73-47B1-B68D-597C6878C8E7}" = CambridgeSoft ChemBioDraw Ultra 12.0
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}" = LibreOffice 3.6
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.02
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo II" = Diablo II
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"LastFM_is1" = Last.fm Scrobbler 2.1.35
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"PaperCut NG Client_is1" = PaperCut NG Client 10.7
"SSC Service Utility_is1" = SSC Service Utility v4.30
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03.10.2012 06:02:48 | Computer Name = RaptorJesus | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error - 03.10.2012 06:02:48 | Computer Name = RaptorJesus | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error - 03.10.2012 06:02:48 | Computer Name = RaptorJesus | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error - 03.10.2012 15:08:58 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02
ID
des fehlerhaften Prozesses: 0x390 Startzeit der fehlerhaften Anwendung: 0x01cda19a3c19bffb
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: c860d14d-0d8d-11e2-b20b-1c6f6584924d

Error - 03.10.2012 15:11:17 | Computer Name = RaptorJesus | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version 5.6.2.3199 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7bc Startzeit:
01cda19aaf22568d Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Winamp\winamp.exe

Berichts-ID:
19b485d1-0d8e-11e2-b20b-1c6f6584924d

Error - 03.10.2012 15:48:34 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02
ID
des fehlerhaften Prozesses: 0xdc0 Startzeit der fehlerhaften Anwendung: 0x01cda19a8adbe398
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 506d9662-0d93-11e2-b20b-1c6f6584924d

Error - 03.10.2012 15:52:08 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02
ID
des fehlerhaften Prozesses: 0x1180 Startzeit der fehlerhaften Anwendung: 0x01cda1a012e43b55
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: cff8d9cc-0d93-11e2-b20b-1c6f6584924d

Error - 04.10.2012 05:08:46 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02
ID
des fehlerhaften Prozesses: 0x394 Startzeit der fehlerhaften Anwendung: 0x01cda20f94197ec2
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 1a05266f-0e03-11e2-96a6-1c6f6584924d

Error - 04.10.2012 08:06:01 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02
ID
des fehlerhaften Prozesses: 0xd8c Startzeit der fehlerhaften Anwendung: 0x01cda20fdc80fc0d
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: dcc204ef-0e1b-11e2-96a6-1c6f6584924d

Error - 04.10.2012 08:09:35 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02
ID
des fehlerhaften Prozesses: 0xa2c Startzeit der fehlerhaften Anwendung: 0x01cda2289f3b6984
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften
Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 5c525a3b-0e1c-11e2-96a6-1c6f6584924d

[ OSession Events ]
Error - 12.11.2012 18:51:31 | Computer Name = RaptorJesus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1821
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 12.11.2012 19:12:19 | Computer Name = RaptorJesus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1226
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 13.11.2012 10:47:23 | Computer Name = RaptorJesus | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1980
seconds with 1140 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 09.03.2013 09:03:55 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 09.03.2013 09:04:50 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 09.03.2013 09:05:51 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 09.03.2013 09:06:52 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 09.03.2013 09:07:52 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 09.03.2013 09:08:54 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 09.03.2013 18:26:14 | Computer Name = RaptorJesus | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024200d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2667402)

Error - 10.03.2013 05:15:43 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 10.03.2013 05:15:52 | Computer Name = RaptorJesus | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 10.03.2013 06:30:18 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =


< End of report >

Gmer.txt:

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-10 13:26:20
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Alex\AppData\Local\Temp\uflyraow.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076451465 2 bytes [45, 76]
.text C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764514bb 2 bytes [45, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1040] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076451465 2 bytes [45, 76]
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1040] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000764514bb 2 bytes [45, 76]
.text ... * 2
.text C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe[3084] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076451465 2 bytes [45, 76]
.text C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe[3084] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000764514bb 2 bytes [45, 76]
.text ... * 2
.text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076451465 2 bytes [45, 76]
.text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764514bb 2 bytes [45, 76]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:1420] 00000000777d2e3e
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2208] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2212] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2216] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2220] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2224] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2228] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2364] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2368] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2372] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2376] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2380] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2384] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2388] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2392] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2396] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2400] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2404] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2416] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2420] 00000000777d3e59
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2436] 00000000715a1c2f
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2500] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2524] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:3032] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:3036] 00000000731c29e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:4088] 00000000777d3e59

---- EOF - GMER 2.1 ----

Eine der Mail Delivery System-Mails:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

crusnikoo2@aol.com
SMTP error from remote mail server after end of data:
host mailin-04.mx.aol.com [205.188.146.194]: 521 5.2.1 :
(RLY:SN) hxxp://postmaster.info.aol.com/errors/554rlysn.html

------ This is a copy of the message, including all the headers. ------

Return-path: <****@freenet.de>
Received: from [195.4.92.141] (helo=mjail1.freenet.de)
by mout0.freenet.de with esmtpa (ID ****@freenet.de) (port 25) (Exim 4.80.1 #2)
id 1UEQuD-0000Ct-4b
for crusnikoo2@aol.com; Sat, 09 Mar 2013 22:02:13 +0100
Received: from localhost ([::1]:45339 helo=mjail1.freenet.de)
by mjail1.freenet.de with esmtpa (ID ****@freenet.de) (Exim 4.80.1 #2)
id 1UEQuC-00084X-Vr
for crusnikoo2@aol.com; Sat, 09 Mar 2013 22:02:13 +0100
Received: from [195.4.92.24] (port=60049 helo=14.mx.freenet.de)
by mjail1.freenet.de with esmtpa (ID ****@freenet.de) (Exim 4.80.1 #2)
id 1UEQqh-00021l-JL
for crusnikoo2@aol.com; Sat, 09 Mar 2013 21:58:35 +0100
Received: from [123.5.165.187] (port=2596 helo=dzau)
by 14.mx.freenet.de with esmtpsa (ID ****@freenet.de) (TLSv1HE-RSA-AES256-SHA:256) (port 25) (Exim
4.80.1 #2)
id 1UEQqg-0006Rr-F1
for crusnikoo2@aol.com; Sat, 09 Mar 2013 21:58:35 +0100
Reply-To: noreply@battle.com
Message-ID: <E66836BACDE2A5AB85AF0A02B40CBF6A@dzau>
From: "noreply@emailwow.blizzard.com" <crusnikoo2@aol.com>
To: <crusnikoo2@aol.com>
Subject: Exploitative Activity---Unauthorized Cheat Programs ("Hacks")(crusnikoo2@aol.com)
Date: Sun, 10 Mar 2013 04:58:30 +0800
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_064F_01326C62.16FA9AA0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
X-purgate-ID: 149285::1362862715-00000747-3E0787A2/0-0/0-0

This is a multi-part message in MIME format.

------=_NextPart_000_064F_01326C62.16FA9AA0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: base64

R3JlZXRpbmdzISBqb25uY2tqaXNrZnduaG82NTE4NjQ1NjE3MTcxMTg5MjgxOQ0KMTQ1MzA5NjUz
NzM4MTU1MDIyMjk0NzU5MHRsaTJ0bXVreXhuNHhrbg0KbnFrdXFhYWJsdmV0eGF0NDY5MjM3NjUw
OTM4NjA1bmRnY2phZWJ1eQ0KSXQgaGFzIGNvbWUgdG8gb3VyIGF0dGVudGlvbiB0aGF0IHlvdSBh
cmUgdHJ5aW5nIHRvIHNlbGwvdHJhZGUgeW91ciBwZXJzb25hbCBXb3JsZCBvZiBXYXJjcmFmdCBh
Y2NvdW50LiBBcyB5b3UgbWF5IG9yIG1heSBub3QgYmUgYXdhcmUgb2YsIHRoaXMgY29uZmxpY3Rz
IHdpdGggdGhlIEVVTEEgYW5kIFRlcm1zIG9mIEFncmVlbWVudC4gSWYgdGhpcyBwcm92ZXMgdG8g
YmUgdHJ1ZSwgeW91ciBhY2NvdW50IGNhbiBhbmQgd2lsbCBiZSBkaXNhYmxlZC4gSXQgd2lsbCBi
ZSBvbmdvaW5nIGZvciBmdXJ0aGVyIGludmVzdGlnYXRpb24gYnkgQmxpenphcmQgRW50ZXJ0YWlu
bWVudCdzIGVtcGxveWVlcy4NCjZkZXA2ZDN6bTY1MzY4OTk4MjYyOTExNzd2a3RlcGR4aWhtDQpj
bm9mZmZyd2hvbHR6ZXhhaHJqZTk5NjkxMDM1ODYyOTAwNA0KU28gd2UgaGF2ZSByZXZpZXdlZCBv
dXIgbG9ncyBvZiB5b3VyIGFjY291bnQsIGFuZCB3ZSB3ZXJlIGFibGUgdG8gZGV0ZXJtaW5lIHRo
ZSBmb2xsb3dpbmc6DQo3NTg1NTI3NTkyNzIwMjBhYW92MXBoY3ZxOXVtMGltcm9wYnVwbHcyaXNr
aGxnc2FmYmduanh4DQoqQmF0dGxlLk5ldCBBY2NvdW50IE5hbWU6IGNydXNuaWtvbzJAYW9sLmNv
bSB0cWp6cw0Kb3Q1bjRqZDNmZzQ1ODcyMTAwMDc4NzQwNjMxNjE5MTE2Njc0dWlzMncyZHN2aTV1
aGI1aG9xcA0KKkJhdHRsZS5OZXQgQWNjb3VudCBBY3Rpb246NDkgSG91ciBTdXNwZW5zaW9uDQph
eGdqOGlvZTZ2MTg3MDYzNzU2MjcyNTU1cm5meXNiMnpqbmQya25iDQo1NzIzMTc5MDE3NDI5NDVo
MXBrZ3R3eHlzdW14ZmtyeG5udw0KV2UgaGF2ZSBmb3VuZCB0aGlzIGJlaGF2aW9yIGlzIG1hbnkg
dGltZXMgZGlyZWN0bHkgcmVsYXRlZCB0byBncm91cHMgcmVzcG9uc2libGUgZm9yIGNvbXByb21p
c2luZyBXb3JsZCBvZiBXYXJjcmFmdCBhY2NvdW50czsgd2UgdGFrZSB0aGVzZSBpc3N1ZXMgdmVy
eSBzZXJpb3VzbHkuIFlvdSBzaG91bGQgZ28gdG8gdGhlIGFjY291bnQgbWFuYWdlbWVudCB3ZWJz
aXRlIHRvIHN1Ym1pdCB5b3VyIGFjY291bnQgaW5mb3JtYXRpb24gc3RhdHVzIGFzIHNvb24gYXMg
cG9zc2libGUgOmh0dHBzOi8vd3d3LmJhdHRsZS5uZXQvbG9naW4vY3J1c25pa29vMi9sb2dpbi54
bWxyZWY9aHR0cHMyRnVzLmJhdHRsZS5uZXQlMkZhY2NvdW50JSV6c2p2d3RldXRvaDV6M3l0ZXdi
ZA0KaGZncHV2cmR0ejVhczJkaWRydHh6cG5sZjQ0OTQ4NDU0NTENCjQ5MDcxNzA0OTg2MjY3NG9l
anBmbmtmbHQ4NzUzMjE4ODkwDQpQbGVhc2UgYmUgYXdhcmUgdGhhdCBpZiB1bmF1dGhvcml6ZWQg
YWNjZXNzIHRvIHRoaXMgYWNjb3VudCwgaXQgbWF5IGxlYWQgdG8gZnVydGhlciBhY3Rpb24gYWdh
aW5zdCB0aGUgYWNjb3VudC4gV2UgbXVzdCBhc2sgdGhhdCBubyBhZGRpdGlvbmFsIGVtYWlscyBi
ZSBzdWJtaXR0ZWQgcmVnYXJkaW5nIHRoaXMgaXNzdWUsIGFzIGFkZGl0aW9uYWwgZW1haWxzIHdp
bGwgdWx0aW1hdGVseSByZXN1bHQgaW4gdW5kdWUgZGVsYXlzIGluIHJlc3BvbnNlIHRpbWUuDQo3
Y21meWxla3R3Z25udnd1ZGNneDg5MjM4NDQxNDU2ODY3Ng0KMzgxMTQ3NTM2NDkxNDI4MjA4ODI2
NDM2MXFzdWIxcjc0aXoNClNpbmNlcmVseSw8YnI+IDxicj5UaGUgQmF0dGxlLm5ldCBBY2NvdW50
IFRlYW08YnI+DQpvcTQ5bnpyZnlpZmhodGM2NTg3MjQ2MDgxMDU2NzFvdnZoaWJicGNxDQozNTY4
MzMzMjY1MzY5MjRkbGdxdWlmdmFzZ3lrbGINCm55dWphcWdzb2MyNTczOTAyMDAzdWh4ZWprYnZv
YWlzd2hvDQpycWx6d2t0Zmd3bnVidXEzMDI1NDExNDAzampjcWJvZ2pycmpldHV2DQpvcGl1cnZu
ZGtpdHp5dmh5a3V2czgzNDgxMzYyOTE2Mjc0NQ==

------=_NextPart_000_064F_01326C62.16FA9AA0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: base64

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv
L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu
dD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxNRVRBIGNvbnRlbnQ9Ik1TSFRNTCA2LjAw
LjI5MDAuNjMzMiIgbmFtZT1HRU5FUkFUT1I+PC9IRUFEPg0KPEJPRFk+DQo8UD5HcmVldGluZ3Mh
IDxGT05UIA0KY29sb3I9d2hpdGU+bmVnenNsempmbHN4ZGx0OTAzNjYyMTcyMDE2OTU4NDYxOTY8
QlI+ODE1OTk2MjE2NDE0ODc4ODAyMTAyNzU3OHd2YW9xeW93a2poeDdpaDxCUj5tbmp2Z3V0YXlv
ZXdqZmw3NzYyMTkyNDY5NjEwNzhwbGNxbmZnb3JzPEJSPjwvRk9OVD5UaGlzIHN1c3BlbnNpb24g
aGFwcGVuZWQgYmVjYXVzZSBvbmUgb3IgbW9yZSBjaGFyYWN0ZXJzIG9uIHRoZSBhY2NvdW50IHdl
cmUgaWRlbnRpZmllZCBleGNoYW5naW5nLCBvciBjb250cmlidXRpbmcgdG8gdGhlIGV4Y2hhbmdl
IG9mLCBpbi1nYW1lIHByb3BlcnR5IChpdGVtcyBvciBnb2xkKSBmb3IgInJlYWwtd29ybGQiIGN1
cnJlbmN5LiBUaGlzIGV4Y2hhbmdlIHByb2Nlc3MgbmVnYXRpdmVseSBpbXBhY3RzIHRoZSBXb3Js
ZCBvZiBXYXJjcmFmdCBnYW1lIGVudmlyb25tZW50IGJ5IGRldHJhY3RpbmcgZnJvbSB0aGUgdmFs
dWUgb2YgdGhlIGluLWdhbWUgZWNvbm9teS48QlI+PEZPTlQgDQpjb2xvcj13aGl0ZT54aXFxY3N0
aWloNTUzNjAwMDA2OTc2NTg4ZGl4aHNoYm56bzxCUj5mdnhhZ2RucGVvcHRpdGNsaHlpeDc3NzY1
NTgxODkwMjU2MjxCUj48L0ZPTlQ+U28gDQp3ZSBoYXZlIHJldmlld2VkIG91ciBsb2dzIG9mIHlv
dXIgYWNjb3VudCwgYW5kIHdlIHdlcmUgYWJsZSB0byBkZXRlcm1pbmUgdGhlIA0KZm9sbG93aW5n
OjxCUj48Rk9OVCANCmNvbG9yPXdoaXRlPjc5NTQ0MTAxMTA4OTkyODlodWxydGd3d2I3b3NnMGp4
ZGRtNmM1czZjbXFzaGZwbWRud3F5cnY8QlI+PC9GT05UPipCYXR0bGUuTmV0IA0KQWNjb3VudCBO
YW1lOiBjcnVzbmlrb28yQGFvbC5jb20gPEZPTlQgDQpjb2xvcj13aGl0ZT5yZ2VxYjxCUj48L0ZP
TlQ+PEZPTlQgDQpjb2xvcj13aGl0ZT5nb2VzYmRpdnZtMzQwMDEzMTIwNDQ3NTIwODI4NDg3MjUw
MXF1cmphd3JvazBydWlneTRiMWxlPEJSPjwvRk9OVD4qQmF0dGxlLk5ldCANCkFjY291bnQgQWN0
aW9uOjQ5IEhvdXIgU3VzcGVuc2lvbjxCUj48Rk9OVCANCmNvbG9yPXdoaXRlPm1maWVxbnNmZnk3
MzMxMTgzOTQzNTUxNTN1eWRoOXlsZmJkcHdhcXQ8QlI+NzgxODA5Mzc5Njg3MzI3dXBnbDF5dzJ0
c3JieG5rYXBocmg8QlI+PC9GT05UPkluIG9yZGVyIHRvIGd1YXJhbnRlZSB0aGUgbGVnaXRpbWFj
eSBvZiB5b3VyIGFjY291bnQsIHNvIHdlIGhhdmUgaXNzdWVkIHRoaXMgd2FybmluZyBsZXR0ZXJz
IHRvIHlvdS5Zb3Ugc2hvdWxkIGdvIHRvIHRoZSBhY2NvdW50IG1hbmFnZW1lbnQgd2Vic2l0ZSB0
byBzdWJtaXQgeW91ciBhY2NvdW50IGluZm9ybWF0aW9uIGFzIHNvb24gYXMgcG9zc2libGUgOjxB
IA0KaHJlZj0iaHR0cDovL2RpYWJsbzMuYmxpenphcmQubmV0Lndhcm5pbmcuZ3NvemVrLmFkbWlu
LmFkbWludWJlLmluZm8vZXhwZy9pbmRleC5waHA/cmVmPWh0dHBzJTNBJTJGJTJGdXMuYmF0dGxl
Lm5ldCUyRmFjY291bnQlMkZtYW5hZ2VtZW50JTJGaW5kZXgueG1sJmFwcD1iYW0iPmh0dHBzOi8v
d3d3LmJhdHRsZS5uZXQvbG9naW4vY3J1c25pa29vMi9sb2dpbi54bWxyZWY9aHR0cHMyRnVzLmJh
dHRsZS5uZXQlMkZhY2NvdW50JSV0YXZieGpoZXF6NmE3c25ta2VtdDxCUj48L0E+PEZPTlQgDQpj
b2xvcj13aGl0ZT5seXZkZWVia3BxYmg1ZWFsb2M2dzR4bm9qMzUzMjU5MDAxMTxCUj41ODQwMDY4
MjY0Mjc2ODdob250a3Nndnl5MzA1NjU5ODgwNTxCUj48L0ZPTlQ+SWYgeW91IGlnbm9yZSB0aGlz
IG1haWwgeW91ciBhY2NvdW50IGNhbiBhbmQgd2lsbCBiZSBjbG9zZWQgcGVybWFuZW50bHkuIFBs
ZWFzZSBiZSBhd2FyZSB0aGF0IGlmIHVuYXV0aG9yaXplZCBhY2Nlc3MgdG8gdGhpcyBhY2NvdW50
LCBpdCBtYXkgbGVhZCB0byBmdXJ0aGVyIGFjdGlvbiBhZ2FpbnN0IHRoZSBhY2NvdW50LjxCUj48
Rk9OVCANCmNvbG9yPXdoaXRlPjUyYm4xaTZpeG52aHNweGV3aXRuOTk1NjE3MTk3NDk3NTUwPEJS
PjIwMzI5MTI1ODExOTU3OTAxMjM0NzI0ODlueGl2a2l6ZnV1PEJSPjwvRk9OVD5SZWdhcmRzLDxi
cj4gPGJyPkJsaXp6YXJkIEVudGVydGFpbm1lbnQ8YnI+PEJSPjxGT05UIA0KY29sb3I9d2hpdGU+
dHdld2NxbHN4anJvY21jMjY2MzQxMjkzODExNDIzY2F0cm9kemttdjxCUj42ODg3MDkwOTk0OTkw
MDJyeGZpdmtmZmF4bnd1emk8QlI+eWtuaXlhYXZjbjU5MjczOTQ2MTRqcmJpeGtianRreWR4eXM8
QlI+bXpjaWhwbmF0a2N0d213MDQ0ODA5NDg2NHRhZWF1c2l6YnppeWR2aDxCUj5tcmhrY3p0eGdk
YmZ4dGZraGxvaTIxMTMyNTAyOTQwNDM1NjwvRk9OVD48L1A+PC9CT0RZPjwvSFRNTD4NCg==

------=_NextPart_000_064F_01326C62.16FA9AA0--

 

Themen zu Dauerhafte "Mail Delivery System"-Mails
32 bit, adblock, antivir, audiograbber, autorun, avira, bho, bonjour, error, failed, fehler, firefox, flash player, helper, home, homepage, install.exe, mail delivery, object, panda usb vaccine, plug-in, prozess, realtek, registry, rundll, scan, senden, software, svchost.exe, system, tower, trojaner, windows




Ähnliche Themen: Dauerhafte "Mail Delivery System"-Mails


  1. Massen E-mails Mail Delivery System
    Plagegeister aller Art und deren Bekämpfung - 29.09.2015 (4)
  2. Bekomme massen E-Mail "This message was created automatically by mail delivery software."
    Plagegeister aller Art und deren Bekämpfung - 31.08.2015 (2)
  3. Unzählige Emails mit dem Betreff "Mail Delivery System <MAILER-DAEMON@XXX.info>" erhalten
    Plagegeister aller Art und deren Bekämpfung - 21.03.2015 (15)
  4. Windows 7 - ich erhalte ca. 2 x pro Woche ein Paket "Mail-delivery-failures"
    Plagegeister aller Art und deren Bekämpfung - 24.09.2014 (25)
  5. Mail Delivery System Mails... Mail-Konto gehackt?
    Plagegeister aller Art und deren Bekämpfung - 06.03.2014 (7)
  6. Ständige Spam Mails im Minutentakt "Mail Delivery System"
    Überwachung, Datenschutz und Spam - 16.02.2014 (17)
  7. "Mail delivery failed: returning message to sender" bei web.de
    Log-Analyse und Auswertung - 28.01.2014 (1)
  8. "Mail Delivery System" - Spam-Emails
    Überwachung, Datenschutz und Spam - 17.01.2014 (3)
  9. Windows 7; Brief Telekom: Sicherheitswarnung Internetzugang; 3 Trojaner ; mehrer Emails "Mail Delivery System" auch nach Passwordänderung
    Plagegeister aller Art und deren Bekämpfung - 04.09.2013 (28)
  10. Postfach überschwemmt mit: "Mail Delivery Failed [...]" (GMX)
    Plagegeister aller Art und deren Bekämpfung - 12.03.2013 (0)
  11. E-Mail "Mail Delivery System" hundertfach im Posteingang
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (13)
  12. "Mail delivery failed" häuft sich im Posteingang
    Log-Analyse und Auswertung - 17.11.2012 (9)
  13. Noch ein Fall von "Mail delivery failed: returning message to sender"
    Plagegeister aller Art und deren Bekämpfung - 10.10.2012 (2)
  14. Mail Delivery System Mails
    Plagegeister aller Art und deren Bekämpfung - 17.02.2012 (1)
  15. Verdacht auf Spam-Bot an meinem PC (Hunderte Mail Delivery System-Mails)
    Log-Analyse und Auswertung - 21.06.2011 (4)
  16. Heute schon über 30 "Mail Delivery System "Mail Delivery System" Mail bekommen
    Log-Analyse und Auswertung - 26.05.2008 (4)
  17. tausende E-mails mit Mail Delivery System
    Plagegeister aller Art und deren Bekämpfung - 03.08.2007 (7)

Zum Thema Dauerhafte "Mail Delivery System"-Mails - Moin, ich kriege seit einiger Zeit regelmäßig Mails auf mein Mailkonto die besagen, dass eine von mir verschickte Mail nicht zugestellt werden konnte, bzw dass der Adressent nicht existiert. Die - Dauerhafte "Mail Delivery System"-Mails...
Archiv
Du betrachtest: Dauerhafte "Mail Delivery System"-Mails auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.