Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.06.2013, 23:42   #1
anna2005
 
Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts - Standard

Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts



Hallo,

seit heute nachmittag kommen hunderte von Mails rein und befallen gleich mehrere unserer Konten. sie gleichen einander allesamt ziemlich.

Hier der Text einer dieser Mails:


Message from yahoo.com.
Unable to deliver message to the following address(es).

<regavictor@yahoo.com>:
This user doesn't have a yahoo.com account (regavictor@yahoo.com) [0]

<valencia1081@yahoo.com>:
This user doesn't have a yahoo.com account (valencia1081@yahoo.com) [-5]

--- Original message follows.

Return-Path: <meine Mail - hab sie rausgenommen>
X-YahooFilteredBulk: 81.169.146.176
Received-SPF: none (domain of care4vet.de does not designate permitted sender hosts)
X-YMailISG: 45c8nWsWLDuVXA3oobvofDJF3MsnyjpCd5feAJid3OAvD5BE
xeRWKtA2X3FAmqsHoJXIMEltq7vucU_RtKYGA7f1pbsufLhefGvuNJ17ZXuI
IHzC0hA5wMv1HrORQXBGJnpkJyVmRQz2YtfYmawjN5qIkiQBPFMVZ6U4yh5V
4gvzRCc4oTxLnUuD_0KKOcHTCw6VOUydyResvj.7UEoVX6F2s6GkzNStQWlA
iYlHsDLJ3Yvhrm9MW2OzcZaBuw7d3QK3xmYiZiKVv53eQhdOHRcOp7HYUGWB
p5Hq49MQv5UyoVh5Xt57QeAB2EF4.3daBj2ripWCqeZVDBRdEKaArau7Zh4K
DWdufZjOD9a8S0SJtUIqE6QVlz6uUbEGJdzGrWJse49Q_kt0D1V83__CAUrt
BvkEMWK9IjPL4Q4.MqUsdhPRDMJvXx1uORk8xfeFOn7lrCv37UQMkkScNNvL
rllHwYTw8V9ZMhAMJ6X5NTj2gQGT52OG7CW57UhWsrz.q2o6y0yBre6WewKo
vnHRQNIsynZPi_G6ael5rwLAuL6GxSw8NPch6WFhhI.P3dKS9duj7G4WuONO
dqEvAmFB29YqpUuLvBt5X1vCtlZY8zqJCnIExqJbXBDxelWOeD2_TydI6iFg
uhFitA27H5nOps6MfUzBWTHxSasi98DukbMtxW_w1PKtXHoo9PDyGg4U5T_8
q9xuXghmMlFpQvgxin6CUcs0eVV3IrcgLPPHzOkYpSIYeCNPIsmqTJxLV.2R
aMoV7617iJaRHrC2U0K2MRTV9qL.DxfUiMJgc81nXSpCRLsr04BmUmZH8Kcv
uzpDAQCtapebfsrBl15wrKYr3nlUTFUF4TYRb9LG1knaf3WH8cpGnmkqITaY
MYN7vP4udTrBTK6vXh5HGWU1MAK0pLWDrxQI_zZF52GAZrtAd.6sf3u5rEZB
hAlwQUhMDm7mLc.JiIMTdkpX7lER0QkETg3QAhRTPidSmQL6I7Tc6Nj7xevG
ZD1rBTrpXy8tsWu7U7kPISDOs91UhAs3yFZRvvOuRjc6bRGYydJhpmbGawpE
Swh2vN_cYbaII41G9jQJtno2pr4_cDpAiXukbnpWAJAmWzzsiq6m3xj.mhal
0eZdGt9HAF.t7A18_lWcqM27U38EVeeHjUtZzByOBVsl9eVHVA1tkJDjEApn
2i7zAvz4W_M5hkH00ZvD7eD78GVMmEaYXRXbsQSXd9cKz26SYEpeGrk2MXDv
MWzlFfhAbFO5crLyCtjpERFOXM6yrONhFfEEOndmE7h3rI6KLhG1lx4r
X-Originating-IP: [81.169.146.176]
Authentication-Results: mta1313.mail.ne1.yahoo.com from=meine Mail; domainkeys=neutral (no sig); from=meine Mail; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO mo-p04-ob.rzone.de) (81.169.146.176)
by mta1313.mail.ne1.yahoo.com with SMTP; Thu, 27 Jun 2013 22:31:11 +0000
X-RZG-CLASS-ID: mo04
X-RZG-AUTH: :JWICemCreu0VpykO8DHPOyhYLYd3gPdauYakB/Dl1j2ypE+QdNby4A/A
Message-ID: <506e99p5RMCM3z.RZmta@mo-p00-ob.rzone.de>
Received: from opslayqn (224-243-28-31.host.sevstar.net [31.28.243.224])
by smtp.strato.de (jorabe mo18) (RZmta 31.28 SBL|AUTH)
with ESMTPA id 506e99p5RMCM3z ; Fri, 28 Jun 2013 00:30:58 +0200 (CEST)
Date: Thu, 27 Jun 2013 23:24:23 -0700
Subject: X X X} V}I +D {S%
From: "Xjizyj Shy" <meine Mail>
To: <wckdloke@gmail.com>, <lemasson007@yahoo.com>, <marcusconyers3@gmail.com>, <tomonori67@aol.com>, <aniesha_malone@sbcglobal.net>, <valencia1081@yahoo.com>, <settislah@hotmail.fr>, <regavictor@yahoo.com>, <taino2478@netzero.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-3

haw by mu qare wuwivo safok w hxxp://1ststreet.no/videos.htm?s
dyqugiq zyces zi




*** MESSAGE TRUNCATED ***



oder ein anderer Mailaccount:


This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:

"boddie79@breakthru.com":
mail session aborted by remote SMTP server:
host: mx1.breakthru.com



--- The header of the original message is following. ---

Received: from xcinzwqpgzqy ([124.40.248.66]) by smtp.web.de (mrweb101) with
ESMTPA (Nemesis) id 0MD87M-1V2BLF3fVk-00GcTz; Thu, 27 Jun 2013 23:44:19 +0200
To: <jpspnc@hotmail.fr>, <countrykub@outlook.com>, <brnkthwst@aol.com>, <lane2die4@yahoo.com>, <sergio_neos@hotmail.com>, <boddie79@breakthru.com>
Subject: Vinc entS issy
Date: Thu, 27 Jun 2013 16:44:04 -0700
From: "Az Bluty" <meine Mail>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-6
Message-ID: <0MVLj0-1UlCSD1QTO-00YhZ3@smtp.web.de>
X-Provags-ID: V03:K0:fV41O0WVFlrTEJa4qHsuDXc1Udl72JO57RekY7qnQUSJ63V4Mii
+RPMWWzBH4/4FT7V2s7s41JgCwLyORRwDWB+PMT/VVKkc8me8Itvi2q/zemDyPI/EqrGH/Q
I1eJ2MJSV92vYPVlKhi3fIVg49XchgPTiE0RlhcWiIQPybYJndSOhkB0Evr+vkH6AZbY7Xg
URMxOnARnoEXMocA3JrZQ==







.

Ich habe eben die Anweisungen von Schreuber bei einem ähnlichen Fall gelesen. Bin mir aber nicht sicher, ob er wirklich gleich gelagert ist. Was kann ich tun? Inzwischen sind mindestens 4 Konten befallen.

Gruß
Anna

Alt 28.06.2013, 04:21   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts - Standard

Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts



Hi,

definier mal mehrere unserer Konten. Firmenrechner?

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________

__________________

Alt 28.06.2013, 12:40   #3
anna2005
 
Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts - Standard

Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts



Hallo Schrauber,
ich hoffe, ich blicke da durch, denn ich bin ein ziemlicher Laie.

Die erste Meldung war:
Scan completed. The FRST.txt is saved in the same location FRST tool is run.
Dann kam dieser Text:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013
Ran by Shop (administrator) on 28-06-2013 13:30:43
Running from C:\Users\Shop\Desktop\downloads_desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Buhl\Mein Büro\DB-Server\bin\delguard.exe
(Firebird Project) C:\Program Files (x86)\Buhl\Mein Büro\DB-Server\bin\delserv.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
() C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Program Files (x86)\TP-LINK\QSS\HwBtnDetector.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
() C:\Windows\KMService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() D:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFIE.EXE
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TP-LINK TECHNOLOGIES CO., LTD.) C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe
() D:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Iminent) C:\Program Files (x86)\Iminent\Iminent.exe
(Iminent) C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\system32\consent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [SPUpdSentinel] "C:\Program Files (x86)\Common Files\Umbrella\umbrella_bkp.exe"  -SERVICEARGS=c [2839592 2013-06-28] (Iminent)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun [6875136 2013-03-27] (FreeDownloadManager.ORG)
HKCU\...\Run: [EPSON87677A] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_SE8CA.tmp" /EF "HKCU" [194 2013-05-09] () <===== ATTENTION
HKCU\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
MountPoints2: {b63665fe-4dbd-11e2-bb32-806e6f6e6963} - E:\autorun.exe
MountPoints2: {b63665ff-4dbd-11e2-bb32-806e6f6e6963} - F:\autorun.exe
MountPoints2: {ee746401-cb99-11e2-9ccf-14dae9c8c067} - G:\AutoRun.exe
MountPoints2: {ee746406-cb99-11e2-9ccf-14dae9c8c067} - G:\AutoRun.exe
HKLM-x32\...\Run: [jswtrayutil] "C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe" [36949 2008-05-12] (TP-LINK TECHNOLOGIES CO., LTD.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UIExec] "D:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe" [139088 2010-09-30] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1648264 2013-04-25] (Ask)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" [1074736 2013-04-02] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-04-02] (Iminent)
HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [3076096 2012-06-06] (Brother Industries, Ltd.)
HKU\UpdatusUser.Shop-PC\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKU\UpdatusUser.Shop-PC\...\Run: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun [6875136 2013-03-27] (FreeDownloadManager.ORG)
HKU\UpdatusUser.Shop-PC\...\Run: [EPSON87677A] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_SE8CA.tmp" /EF "HKCU" [194 2013-05-09] () <===== ATTENTION
HKU\UpdatusUser.Shop-PC\...\Run: [EPSON SX510W Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_S7B99.tmp" /EF "HKCU" [150 2013-05-10] () <===== ATTENTION
HKU\UpdatusUser.Shop-PC\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/?ie=10
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} -  No File
SearchScopes: HKCU - {6BE5D541-2F3E-4735-B5C7-0FDFC06E4DF9} URL = hxxp://www.computerbild.de/suche/index.html?s_text={searchTerms}
SearchScopes: HKCU - {6FD5B14E-CB86-442A-B4D2-8A40C3C8392C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
SearchScopes: HKCU - {B6C4B7F7-D093-4E6E-86DA-A7DBFC76565B} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^YYYYYY^YY^DE&apn_uid=0C27AEA6-844E-45DD-8CCF-CC9B13194A4B&apn_sauid=8B6ECD20-BD41-4DB9-8398-A842B398441A
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Shop\AppData\Roaming\Mozilla\Firefox\Profiles\mdcwq1ni.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Spartipps von SparPilot.com - C:\Users\Shop\AppData\Roaming\Mozilla\Firefox\Profiles\mdcwq1ni.default\Extensions\sparpilot@sparpilot.com
FF Extension: No Name - C:\Users\Shop\AppData\Roaming\Mozilla\Firefox\Profiles\mdcwq1ni.default\Extensions\toolbar@ask.com
FF Extension: fdm_ffext - C:\Users\Shop\AppData\Roaming\Mozilla\Firefox\Profiles\mdcwq1ni.default\Extensions\fdm_ffext@freedownloadmanager.org
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM-x32\...\Firefox\Extensions: [jid0-hjoQNmABq6jg91jHpQyvgJUouUP@jetpack] C:\Program Files (x86)\GutscheinFinder\jid0-hjoQNmABq6jg91jHpQyvgJUouUPjetpack.xpi
FF Extension: No Name - C:\Program Files (x86)\GutscheinFinder\jid0-hjoQNmABq6jg91jHpQyvgJUouUPjetpack.xpi
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Components] C:\Program Files (x86)\Mozilla Firefox\components
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Firefox\plugins
FF HKLM-x32\...\Mozilla Thunderbird 17.0.7\Extensions: [Components] C:\Program Files (x86)\Mozilla Thunderbird\components
FF Extension: No Name - C:\Program Files (x86)\Mozilla Thunderbird\components
FF HKLM-x32\...\Mozilla Thunderbird 17.0.7\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF HKCU\...\Mozilla Firefox 22.0\Extensions: [Components] C:\Program Files (x86)\Mozilla Firefox\components
FF HKCU\...\Mozilla Firefox 22.0\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Firefox\plugins
FF HKCU\...\Mozilla Thunderbird 17.0.7\Extensions: [Components] C:\Program Files (x86)\Mozilla Thunderbird\components
FF Extension: No Name - C:\Program Files (x86)\Mozilla Thunderbird\components
FF HKCU\...\Mozilla Thunderbird 17.0.7\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Thunderbird\plugins

Chrome: 
=======
CHR DefaultSearchURL: (Ask) - hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=0C27AEA6-844E-45DD-8CCF-CC9B13194A4B&apn_ptnrs=U3&apn_sauid=8B6ECD20-BD41-4DB9-8398-A842B398441A&apn_dtid=OSJ000YYDE&q={searchTerms}
CHR DefaultSuggestURL: (Ask) - hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Shop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Shop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Shop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Shop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (GutscheinCodes.de GutscheinFinder) - C:\Users\Shop\AppData\Local\Google\Chrome\User Data\Default\Extensions\didlmjkkjfegblmkekbhgpefajgikncm\1.0.2_0
CHR Extension: (Iminent) - C:\Users\Shop\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.15.4.1_0
CHR Extension: (Gmail) - C:\Users\Shop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [562744 2013-05-02] (Avira Operations GmbH & Co. KG)
R2 deltraDBGuard; C:\Program Files (x86)\Buhl\Mein Büro\DB-Server\bin\delguard.exe [1205760 2005-12-13] ()
R2 deltraDBServer; C:\Program Files (x86)\Buhl\Mein Büro\DB-Server\bin\delserv.exe [2764800 2011-02-01] (Firebird Project)
R2 JSWHwBtn; C:\Program Files (x86)\TP-LINK\QSS\HwBtnSvc.exe [16384 2008-02-29] ()
S3 jswpsapi; C:\Program Files (x86)\TP-LINK\QSS\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
R2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2003-04-18] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2839592 2013-06-28] (Iminent)
R2 UI Assistant Service; D:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()

==================== Drivers (Whitelisted) ====================

S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [514856 2012-11-09] (ITETech                  )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-28 13:27 - 2013-06-28 13:27 - 00000000 ____D C:\FRST
2013-06-26 15:51 - 2013-06-26 15:54 - 102323272 ____A C:\Users\Shop\Desktop\avira_free_antivirus3736_de.exe
2013-06-26 13:33 - 2013-06-26 15:11 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2013-06-26 02:30 - 2013-06-26 02:30 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-06-23 21:39 - 2013-06-23 21:39 - 01016792 ____A C:\Windows\Minidump\062313-27424-01.dmp
2013-06-23 21:39 - 2013-06-23 21:39 - 00000000 ____D C:\Windows\Minidump
2013-06-16 03:00 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 03:00 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 03:00 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 03:00 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 03:00 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 03:00 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 03:00 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 03:00 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 03:00 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 03:00 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 03:00 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 03:00 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 03:01 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 03:01 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 03:01 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 03:01 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 03:01 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 03:01 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 03:01 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 03:01 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 03:01 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 03:01 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 03:01 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 03:01 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 03:01 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 17:03 - 2013-06-12 17:11 - 00000000 ____D C:\Users\Shop\Desktop\postmarken
2013-06-12 13:53 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 13:53 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 13:53 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 13:53 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 13:53 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 13:53 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 13:53 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 13:53 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 13:53 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 13:53 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 13:53 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 13:53 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 13:53 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-03 14:31 - 2013-06-03 14:31 - 00000132 ____A C:\Users\Shop\AppData\Roaming\Adobe GIF Format CS5 Prefs
2013-06-03 02:47 - 2013-06-03 02:47 - 02574616 ____A C:\Users\Shop\Desktop\TERRATEC_Cinergy_T_Stick_RC_Drv_Setup_64.1.1129.2011_Vista_7_8_64Bit.exe
2013-06-03 02:40 - 2013-06-03 02:40 - 00000000 ____D C:\ProgramData\TerraTec
2013-06-03 02:37 - 2013-06-03 02:37 - 00000000 ____D C:\Users\Shop\AppData\Roaming\TerraTec
2013-06-03 02:33 - 2013-06-03 02:35 - 00000000 ____A C:\Users\Shop\Desktop\TERRATEC_Home_Cinema_6_27_07.exe
2013-06-02 23:35 - 2013-06-02 23:37 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2013-06-02 23:35 - 2008-08-26 16:19 - 00133632 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbnet.sys
2013-06-02 23:35 - 2008-07-24 12:04 - 00115328 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbmdm.sys
2013-06-02 23:35 - 2008-04-14 09:36 - 00691712 ____A (DiBcom SA) C:\Windows\System32\Drivers\mod7700.sys
2013-06-02 23:35 - 2007-08-09 04:10 - 00029696 ____A (Huawei Tech. Co., Ltd.) C:\Windows\System32\Drivers\ewdcsc.sys
2013-06-01 15:32 - 2013-06-01 15:32 - 00000000 ____D C:\ProgramData\Free Download Manager
2013-05-31 15:53 - 2013-05-31 15:53 - 01608192 ____A C:\Users\Shop\Desktop\Pferdefutter & zubehoer-6.xlt
2013-05-31 13:43 - 2013-05-31 13:43 - 00000000 ____D C:\Users\Shop\Desktop\terratec ordner
2013-05-31 13:42 - 2013-05-31 13:42 - 00000000 ____D C:\Users\Shop\Desktop\gefällt mir-beispiele
2013-05-31 13:41 - 2013-05-31 13:41 - 00000000 ____D C:\Users\Shop\Desktop\gefältt mir-beispiele
2013-05-31 13:30 - 2013-05-31 13:30 - 00000000 ___HD C:\Windows\msdownld.tmp

==================== One Month Modified Files and Folders =======

2013-06-28 13:30 - 2009-07-14 06:45 - 00019888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-28 13:30 - 2009-07-14 06:45 - 00019888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-28 13:28 - 2012-12-24 14:39 - 00000000 ____D C:\Users\Shop\AppData\Roaming\Skype
2013-06-28 13:27 - 2013-06-28 13:27 - 00000000 ____D C:\FRST
2013-06-28 13:25 - 2012-12-31 00:49 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-28 13:03 - 2012-12-24 14:41 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-28 13:03 - 2012-12-24 14:40 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-28 12:59 - 2009-07-14 19:58 - 00653928 ____A C:\Windows\System32\perfh007.dat
2013-06-28 12:59 - 2009-07-14 19:58 - 00129800 ____A C:\Windows\System32\perfc007.dat
2013-06-28 12:59 - 2009-07-14 07:13 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-28 12:54 - 2012-12-28 02:24 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-28 12:54 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-28 12:54 - 2009-07-14 06:51 - 00021012 ____A C:\Windows\setupact.log
2013-06-28 04:32 - 2012-12-24 13:38 - 01535702 ____A C:\Windows\WindowsUpdate.log
2013-06-27 21:13 - 2012-12-24 16:21 - 00245198 ____A C:\Windows\PFRO.log
2013-06-27 21:12 - 2013-01-30 17:03 - 00000000 ____D C:\ProgramData\Avira
2013-06-27 16:46 - 2013-01-14 14:50 - 00000000 ____D C:\Users\Shop\AppData\Local\Deployment
2013-06-27 16:44 - 2013-01-14 14:48 - 00000000 ____D C:\DHL
2013-06-27 14:21 - 2012-05-31 11:45 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-26 21:12 - 2012-12-24 15:30 - 00000000 ____D C:\Users\Shop\Desktop\Adobe CS5
2013-06-26 15:54 - 2013-06-26 15:51 - 102323272 ____A C:\Users\Shop\Desktop\avira_free_antivirus3736_de.exe
2013-06-26 15:11 - 2013-06-26 13:33 - 00000000 ___DC C:\Program Files (x86)\Mozilla Thunderbird
2013-06-26 02:30 - 2013-06-26 02:30 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2013-06-23 21:39 - 2013-06-23 21:39 - 01016792 ____A C:\Windows\Minidump\062313-27424-01.dmp
2013-06-23 21:39 - 2013-06-23 21:39 - 00000000 ____D C:\Windows\Minidump
2013-06-21 18:58 - 2012-12-28 04:48 - 00001456 ____A C:\Users\Shop\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2013-06-17 15:35 - 2013-03-18 03:41 - 00068096 __ASH C:\Users\Shop\Thumbs.db
2013-06-13 03:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 03:02 - 2012-12-26 17:19 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 17:11 - 2013-06-12 17:03 - 00000000 ____D C:\Users\Shop\Desktop\postmarken
2013-06-11 22:25 - 2012-12-31 00:49 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 22:25 - 2012-12-31 00:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-10 23:17 - 2013-04-07 16:27 - 00000000 ____D C:\Users\Shop\Desktop\Verkauf_alles
2013-06-08 16:08 - 2013-06-16 03:00 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-16 03:00 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-16 03:00 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-16 03:00 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-16 03:00 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-16 03:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-16 03:00 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-16 03:00 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-16 03:00 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-16 03:00 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-16 03:00 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-16 03:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-03 14:31 - 2013-06-03 14:31 - 00000132 ____A C:\Users\Shop\AppData\Roaming\Adobe GIF Format CS5 Prefs
2013-06-03 03:08 - 2013-05-16 22:54 - 00000000 ____D C:\Program Files (x86)\LAV Filters
2013-06-03 02:48 - 2012-02-25 05:48 - 00000000 ___DC C:\Program Files (x86)\TerraTec
2013-06-03 02:47 - 2013-06-03 02:47 - 02574616 ____A C:\Users\Shop\Desktop\TERRATEC_Cinergy_T_Stick_RC_Drv_Setup_64.1.1129.2011_Vista_7_8_64Bit.exe
2013-06-03 02:40 - 2013-06-03 02:40 - 00000000 ____D C:\ProgramData\TerraTec
2013-06-03 02:37 - 2013-06-03 02:37 - 00000000 ____D C:\Users\Shop\AppData\Roaming\TerraTec
2013-06-03 02:35 - 2013-06-03 02:33 - 00000000 ____A C:\Users\Shop\Desktop\TERRATEC_Home_Cinema_6_27_07.exe
2013-06-02 23:37 - 2013-06-02 23:35 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2013-06-01 16:23 - 2013-05-13 01:38 - 00000000 ____D C:\Users\Shop\AppData\Roaming\ControlCenter4
2013-06-01 15:32 - 2013-06-01 15:32 - 00000000 ____D C:\ProgramData\Free Download Manager
2013-05-31 15:53 - 2013-05-31 15:53 - 01608192 ____A C:\Users\Shop\Desktop\Pferdefutter & zubehoer-6.xlt
2013-05-31 13:43 - 2013-05-31 13:43 - 00000000 ____D C:\Users\Shop\Desktop\terratec ordner
2013-05-31 13:42 - 2013-05-31 13:42 - 00000000 ____D C:\Users\Shop\Desktop\gefällt mir-beispiele
2013-05-31 13:41 - 2013-05-31 13:41 - 00000000 ____D C:\Users\Shop\Desktop\gefältt mir-beispiele
2013-05-31 13:30 - 2013-05-31 13:30 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-05-31 13:30 - 2013-04-30 03:00 - 00018143 ____A C:\Windows\IE10_main.log

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-23 00:35

==================== End Of Log ============================
         
--- --- ---

Danach:
The Addition.txt is saved in the same location FRST.tool is run.

Und diese Meldung:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-06-2013
Ran by Shop at 2013-06-28 13:31:13
Running from C:\Users\Shop\Desktop\downloads_desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

1&1 Surf-Stick (x32 Version: 1.0.0.2)
Adobe AIR (x32 Version: 3.6.0.6090)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Creative Suite 5 Master Collection (x32 Version: 5.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Artisteer 4 (x32 Version: 4.1)
Ask Toolbar (x32 Version: 1.15.25.0)
Ask Toolbar Updater (HKCU Version: 1.2.6.36191)
Avira Free Antivirus (x32 Version: 13.0.0.3640)
Bixolon Font Downloader 5.1 (x32)
Bonjour (Version: 2.0.4.0)
Brother MFL-Pro Suite MFC-J430W (x32 Version: 1.1.6.0)
CDBurnerXP (x32 Version: 4.5.0.3717)
Cinergy T Stick RC V86.001.1129.2011 (x32 Version: 86.001.1129.2011)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DVBViewer TERRATEC Edition (x32)
EASYLOG V6.6 (x32 Version: 6.6)
EPSON Scan (x32)
EPSON SX510W Series Printer Uninstall
EpsonNet Print (x32 Version: 2.4i)
EpsonNet Setup (x32 Version: 3.1c)
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2)
Free Download Manager 3.9.2 (x32)
Google Chrome (x32 Version: 27.0.1453.116)
Google Drive (x32 Version: 1.10.4769.632)
Google Earth (x32 Version: 7.0.1.8244)
Google Update Helper (x32 Version: 1.3.21.145)
GutscheinFinder (x32)
Iminent (x32 Version: 6.14.22.0)
Jägermeister Radio (x32 Version: 2.1.1)
Java 7 Update 11 (x32 Version: 7.0.110)
Java Auto Updater (x32 Version: 2.1.9.0)
LabelArtist (x32 Version: 2.2.0)
LAV Filters 0.53.2 (x32 Version: 0.53.2)
LogSelect hbh-PaketService (HKCU Version: 1.0.0.18)
Mein Büro (x32 Version: 13.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mobile Partner (x32 Version: 11.300.05.00.382)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Nuance PaperPort 12 (x32 Version: 12.1.0000)
Nuance PDF Viewer Plus (x32 Version: 5.30.3290)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
PaperPort Image Printer 64-bit (Version: 1.00.0001)
PDF Architect (x32 Version: 1.1.83.9982)
PDF Settings CS5 (x32 Version: 10.0)
PDFCreator (x32 Version: 1.7.0)
PxMergeModule (x32 Version: 1.00.0000)
QSS Installation Program (x32 Version: 5.0)
QSS Installation Program (x32)
QSS-Installationsprogramm (x32 Version: 5.0)
QSS-Installationsprogramm (x32)
Scansoft PDF Professional (x32)
Skype™ 6.3 (x32 Version: 6.3.107)
TeamViewer 8 (x32 Version: 8.0.18930)
TERRATEC Cinergy T Stick RC (64 Bit) (x32 Version: 64.1.1129.2011)
TerraTec Home Cinema (x32 Version: 6.27.7)
THC Codec Patch (x32 Version: 1.00.0000)
THC codec patch (x32 Version: 1.00.0000)
TP-LINK Wireless Client Utility (x32 Version: 2.0)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Windows Internet Explorer 10 (x32 Version: 10.0)
Windows-Treiberpaket - TERRATEC (AF9035BDA) Media (11/05/2009 9.6.3.1) (Version: 11/05/2009 9.6.3.1)
Windows-Treiberpaket - TERRATEC (RTL2832U_IRHID) HIDClass (12/15/2011 8664.003.0925.2009) (Version: 12/15/2011 8664.003.0925.2009)
Windows-Treiberpaket - TERRATEC (RTL2832UUSB) MEDIA (11/29/2011 64.001.1129.2011) (Version: 11/29/2011 64.001.1129.2011)
WinRAR 4.10 (64-Bit) (Version: 4.10.0)

==================== Restore Points =========================

27-06-2013 23:20:59 Geplanter Prüfpunkt

==================== Hosts content: ==========================
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com.*
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 crl.verisign.net
127.0.0.1 CRL.VERISIGN.NET.*
127.0.0.1 ood.opsource.net
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 practivate.adobe
127.0.0.1 practivate.adobe.*
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.newoa
127.0.0.1 practivate.adobe.ntp
127.0.0.1 practivate.adobe.ipp

There are more than 32 lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {145A8724-EAF9-4E89-866E-A52C2A9D399A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {1B1512D2-AA82-4562-8426-F18E5E91A4C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01] (Google Inc.)
Task: {6E29D41D-F3ED-4E5F-8099-5D45A897617A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {BABAA94A-C64C-40E3-A4AC-0316B61EC321} - System32\Tasks\AdobeAAMUpdater-1.0-Shop-PC-Shop => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {C01E0414-E929-4DC1-924E-3DCC8D8956E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01] (Google Inc.)
Task: {F646693F-BDB6-498C-A210-7866DB1B3B0A} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-25] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2013 09:11:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1148948

Error: (06/26/2013 09:11:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1148948

Error: (06/26/2013 09:11:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/26/2013 08:53:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16333

Error: (06/26/2013 08:53:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16333

Error: (06/26/2013 08:53:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/26/2013 08:53:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15304

Error: (06/26/2013 08:53:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15304

Error: (06/26/2013 08:53:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/26/2013 08:53:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14134


System errors:
=============
Error: (06/28/2013 00:56:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (06/28/2013 00:56:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/28/2013 00:55:35 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (06/28/2013 00:55:34 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/28/2013 01:41:28 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (06/28/2013 01:41:28 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/28/2013 01:40:09 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (06/28/2013 01:40:08 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/27/2013 09:16:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (06/27/2013 09:16:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (06/26/2013 09:11:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1148948

Error: (06/26/2013 09:11:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1148948

Error: (06/26/2013 09:11:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/26/2013 08:53:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16333

Error: (06/26/2013 08:53:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16333

Error: (06/26/2013 08:53:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/26/2013 08:53:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15304

Error: (06/26/2013 08:53:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15304

Error: (06/26/2013 08:53:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/26/2013 08:53:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14134


==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 8191.12 MB
Available physical RAM: 6233.92 MB
Total Pagefile: 16380.42 MB
Available Pagefile: 14296.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:97.65 GB) (Free:11.18 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: (Multimedia) (Fixed) (Total:1765.36 GB) (Free:1394.64 GB) NTFS (Disk=0 Partition=2)
Drive e: (601706_CINERGY_K2) (CDROM) (Total:0.43 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 19191918)
Partition 1: (Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-303483060224) - (Type=07 NTFS)

==================== End Of Log ============================


Was meinst du damit? (#-Symbol im Eingabefenster der Webseite anklicken) Es hat sich keine Website geöffnet.

Danke schon mal für die erste Hilfe.

Gruß
Anna
__________________

Alt 28.06.2013, 17:07   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts - Standard

Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts



Zitat:
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com.*
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
Dateien, wie Crack.exe, Keygen.exe oder Patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte.
Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf
Anleitung zum Neu aufsetzten
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.06.2013, 23:36   #5
anna2005
 
Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts - Standard

Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts



ich würde gerne meinen ersten beitrag löschen oder löschen lassen. leider bekomme ich keine antwort. habe bereits vor 2 tagen angefragt via pn. bitte seid so nett und löscht ihn für mich, da ich selbst die funktion nicht nutzen kann und versehentlich vergessen habe, etwas zu löschen.
vielleicht am besten den ganzen thread.

oder sagt mir, wie ich das machen kann.


Alt 30.06.2013, 04:28   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts - Standard

Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts



http://www.trojaner-board.de/108423-...-anfragen.html
__________________
--> Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts

Antwort

Themen zu Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts
127.0.0.1, account, ander, anderer, befallen, charset, could, delivered, delivery, domain, heute, hosts, mail delivery, mailer, mails, mehreren, mindestens, nemesis, neu, not, original, permanent, remote, server, smtp, wirklich, zwischen



Ähnliche Themen: Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts


  1. GMail Konto versendet täglich hunderte Spam Mails an mir unbekannte Adressen
    Log-Analyse und Auswertung - 29.03.2015 (5)
  2. Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender
    Log-Analyse und Auswertung - 05.01.2015 (11)
  3. Hunderte Mails kommen bei mir an. Mail delivery failed: returning message to senderHa
    Log-Analyse und Auswertung - 07.09.2014 (3)
  4. Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun?
    Plagegeister aller Art und deren Bekämpfung - 27.08.2014 (5)
  5. Mailer Daemon Mails von GMX-Konto - Spam oder sendet Outlook selbstständig Mails?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (8)
  6. Windows 7: Mailer-Daemon Mails von gmx ohne Ende
    Log-Analyse und Auswertung - 29.10.2013 (3)
  7. Flut von Mailer Daemon @ GMX Mails!
    Log-Analyse und Auswertung - 28.10.2013 (6)
  8. Win XP: Schädlingsbefall? Hunderte Mail delivery failed-Mails erhalten
    Plagegeister aller Art und deren Bekämpfung - 27.08.2013 (13)
  9. Trojaner mit Zahlungsaufforderung und hunderte Spam-Mails
    Log-Analyse und Auswertung - 11.06.2013 (15)
  10. Mailer-Daemon - erhalte für EINGEGANGENE Mails Mailer-Daemon-Nachrichten
    Plagegeister aller Art und deren Bekämpfung - 09.12.2012 (3)
  11. hunderte Mails von MAILER-DAEMON@mailout-de.gmx.net in zwei tagen im Posteingang
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (1)
  12. Hunderte E-Mails nach Sperr-Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (7)
  13. GMX Account erhält Mailer Daemon Mails von Arcor - Spam-Weiterleitung?
    Überwachung, Datenschutz und Spam - 17.07.2012 (0)
  14. Mailer-Demon-Meldungen und X bei Hijackthis
    Log-Analyse und Auswertung - 24.11.2011 (18)
  15. Verdacht auf Spam-Bot an meinem PC (Hunderte Mail Delivery System-Mails)
    Log-Analyse und Auswertung - 21.06.2011 (4)
  16. Plötzlich hunderte MAILER-DAEMON@mail.gmx.net emails
    Plagegeister aller Art und deren Bekämpfung - 19.10.2010 (1)
  17. Outlook verschickt hunderte Mails, Trojaner und Heuristicmalware
    Log-Analyse und Auswertung - 02.07.2009 (27)

Zum Thema Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts - Hallo, seit heute nachmittag kommen hunderte von Mails rein und befallen gleich mehrere unserer Konten. sie gleichen einander allesamt ziemlich. Hier der Text einer dieser Mails: Message from yahoo.com. Unable - Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts...
Archiv
Du betrachtest: Hunderte von MAILER Demon Mails in gleich mehreren unserer Emailaccounts auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.