| |
| |||||||
Log-Analyse und Auswertung: Telekom - Virus/TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.06.2014, 19:57
| #1 |
| |  Telekom - Virus/Trojaner Hallo, mein Vater hat eine E-Mail von der "Telekom" erhalten und dann auf den Link geklickt der in der E-Mail enthalten war. Daraufhin hat er die runtergeladene zip-Datei entpackt und die .exe ausgeführt. Ich habe schon eine Viren-Prüfung mit Avira durchgeführt aber der hat nichts gefunden. Danach habe ich die im Forum vorgegebenen Scan-Programme ausgeführt und stelle euch hier die resultierenden Logs vor. Ich danke schonmal für eure Hilfe. FRST.txt Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014
Ran by XXX (administrator) oXXX-PC on 05-06-2014 20:18:56
Running from C:\Users\XXX\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\srvany.exe
() C:\Windows\KMService.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Lexware\Update Service\Hmg.InstallationService.Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVM Berlin) C:\Program Files\avmwlanstick\FRITZWLANMini.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Farbar) C:\Users\XXX\Desktop\FRST(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-07] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10828392 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [6049096 2012-08-23] (Acronis)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [943856 2012-07-24] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [403888 2012-08-23] (Acronis)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-17] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [283136 2007-02-02] (AVM Berlin)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files\Citrix\GoToAssist Remote Support Customer\498\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-19] (Microsoft Corporation)
HKU\S-1-5-21-1253461953-2738518577-2294067324-1001\...\Run: [Video Performer63600.exe] => "C:\Users\VIKTOR~1\AppData\Local\Temp\Video Performer63600.exe" /XML="C:\Users\VIKTOR~1\AppData\Local\Temp\B921.tmp" /STP=0:2 <===== ATTENTION
HKU\S-1-5-21-1253461953-2738518577-2294067324-1001\...\Run: [myjserial.exe] => C:\Users\XXX\AppData\Roaming\Microsoft\myjserial.exe [147456 2009-07-14] (Jjtfzt Elep)
HKU\S-1-5-21-1253461953-2738518577-2294067324-1001\...\MountPoints2: {93e7098c-90ae-11e3-8ce3-001d7d9b1189} - G:\pushinst.exe
HKU\S-1-5-21-1253461953-2738518577-2294067324-1001\...\MountPoints2: {b3274c93-7746-11e0-a67d-001d7d9b1189} - F:\SETUP.EXE
HKU\S-1-5-21-1253461953-2738518577-2294067324-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-1253461953-2738518577-2294067324-1003\...\MountPoints2: {b3274c93-7746-11e0-a67d-001d7d9b1189} - F:\SETUP.EXE
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE4031A68900BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKCU - {1195DB1C-74F7-4539-A792-B7E2805E4626} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=9ECD600E-4240-4A1E-863D-665B8C7A55BF&apn_sauid=D701CE66-01C2-49D5-A771-878B38FA450C
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: 127.0.0.1 activation.acronis.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.5
FireFox:
========
FF ProfilePath: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\xtg6zy13.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=9ECD600E-4240-4A1E-863D-665B8C7A55BF&apn_ptnrs=&apn_sauid=D701CE66-01C2-49D5-A771-878B38FA450C&apn_dtid=OSJ000&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\XX\AppData\Roaming\Mozilla\Firefox\Profiles\xtg6zy13.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ask Toolbar - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\xtg6zy13.default\Extensions\toolbar@ask.com [2012-09-11]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-12]
========================== Services (Whitelisted) =================
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [813576 2012-08-23] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3729400 2012-09-25] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
S3 GoToAssist Remote Support Customer; C:\Program Files\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe [611400 2013-07-25] (Citrix Online, a division of Citrix Systems, Inc.)
R2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()
R2 Lexware_Update_Service; C:\Program Files\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2218600 2011-04-08] (NVIDIA Corporation)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7027752 2012-08-18] (Acronis)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-05-05] (DT Soft Ltd)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [328552 2011-07-06] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-09] (Avira GmbH)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [806184 2012-09-25] (Acronis)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [689672 2012-09-25] (Acronis)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [139336 2012-09-25] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [99720 2012-09-25] (Acronis)
S3 PORTIO64; \??\H:\JungleFlasher v0.1.77 Beta (179)\portio32.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
U3 kxkyapow; \??\C:\Users\VIKTOR~1\AppData\Local\Temp\kxkyapow.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-05 20:15 - 2014-06-05 20:15 - 00015218 _____ () C:\Users\XXX\Desktop\gmrs.log
2014-06-05 19:25 - 2014-06-05 17:37 - 00380416 _____ () C:\Users\XXX\Desktop\Gmer-19357.exe
2014-06-05 19:23 - 2014-06-05 19:24 - 00000558 _____ () C:\Users\XXX\Desktop\defogger_disable.log
2014-06-05 19:23 - 2014-06-05 19:23 - 00000156 _____ () C:\Users\XXX\defogger_reenable
2014-06-05 17:54 - 2014-06-05 20:18 - 00015148 _____ () C:\Users\XXX\Desktop\FRST.txt
2014-06-05 17:54 - 2014-06-05 20:18 - 00000000 ____D () C:\FRST
2014-06-05 17:53 - 2014-06-05 17:37 - 01059840 _____ (Farbar) C:\Users\XXX\Desktop\FRST(1).exe
2014-06-05 17:52 - 2014-06-05 17:36 - 00050477 _____ () C:\Users\XXX\Desktop\Defogger.exe
2014-05-14 19:27 - 2014-05-14 19:27 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 19:22 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 19:22 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 19:22 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 18:38 - 2014-05-21 17:46 - 00045445 _____ () C:\31124957.SXA
2014-05-14 06:40 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 06:40 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 06:40 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 06:40 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 06:40 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 06:40 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 06:40 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 06:40 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 06:40 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 06:40 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 06:40 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 06:40 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 06:40 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 06:40 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 06:40 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 06:40 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 06:40 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 06:40 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 06:40 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 06:40 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 06:40 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 06:40 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 06:40 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 06:40 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 06:40 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 06:40 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 06:39 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 17:53 - 2014-05-19 17:26 - 00000505 _____ () C:\31124956.SXB
2014-05-13 17:53 - 2014-05-13 17:53 - 00028233 _____ () C:\31124956_2013.SXB
2014-05-12 18:26 - 2014-05-12 18:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-12 18:09 - 2014-05-19 17:26 - 00051302 _____ () C:\31124956.SXA
2014-05-06 18:48 - 2014-05-15 06:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
==================== One Month Modified Files and Folders =======
2014-06-05 20:19 - 2011-05-05 20:18 - 00000000 ____D () C:\Users\XXX\AppData\Local\Temp
2014-06-05 20:18 - 2014-06-05 17:54 - 00015148 _____ () C:\Users\XXX\Desktop\FRST.txt
2014-06-05 20:18 - 2014-06-05 17:54 - 00000000 ____D () C:\FRST
2014-06-05 20:15 - 2014-06-05 20:15 - 00015218 _____ () C:\Users\XXX\Desktop\gmrs.log
2014-06-05 20:13 - 2014-05-29 09:22 - 00133813 _____ () C:\30271081.SXC
2014-06-05 20:13 - 2012-05-10 18:57 - 00173735 _____ () C:\30271081.SXA
2014-06-05 19:53 - 2011-05-05 20:14 - 01934151 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 19:47 - 2013-06-30 19:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 19:24 - 2014-06-05 19:23 - 00000558 _____ () C:\Users\XXX\Desktop\defogger_disable.log
2014-06-05 19:24 - 2011-05-05 20:22 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-05 19:23 - 2014-06-05 19:23 - 00000156 _____ () C:\Users\XXX\defogger_reenable
2014-06-05 19:23 - 2011-05-05 20:18 - 00000000 ____D () C:\Users\XXX
2014-06-05 17:52 - 2009-07-14 06:39 - 00110233 _____ () C:\Windows\setupact.log
2014-06-05 17:37 - 2014-06-05 19:25 - 00380416 _____ () C:\Users\XXX\Desktop\Gmer-19357.exe
2014-06-05 17:37 - 2014-06-05 17:53 - 01059840 _____ (Farbar) C:\Users\XXX\Desktop\FRST(1).exe
2014-06-05 17:36 - 2014-06-05 17:52 - 00050477 _____ () C:\Users\XXX\Desktop\Defogger.exe
2014-06-05 17:14 - 2014-05-30 20:07 - 00089369 _____ () C:\31124912.SXC
2014-06-05 17:14 - 2012-04-16 20:14 - 00395866 _____ () C:\31124912.SXA
2014-06-05 17:08 - 2009-07-14 06:34 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 17:08 - 2009-07-14 06:34 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 17:00 - 2011-05-05 21:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-05 17:00 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-15 07:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 06:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 06:18 - 2014-05-06 18:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 06:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 19:29 - 2011-05-05 20:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 19:27 - 2014-05-14 19:27 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 19:27 - 2013-07-17 15:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 19:25 - 2011-05-05 21:19 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 12:47 - 2013-06-30 19:50 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 12:47 - 2012-02-08 18:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 17:53 - 2014-05-13 17:53 - 00028233 _____ () C:\31124956_2013.SXB
2014-05-13 06:15 - 2012-05-06 09:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-12 18:26 - 2014-05-12 18:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-12 10:19 - 2014-04-23 18:24 - 00054823 _____ () C:\Ehret_Dimitri_2013.SXB
2014-05-12 10:19 - 2014-04-23 18:24 - 00000547 _____ () C:\Ehret_Dimitri.SXB
2014-05-12 10:19 - 2014-04-23 18:06 - 00067884 _____ () C:\Ehret_Dimitri.SXA
2014-05-12 10:17 - 2011-05-17 15:32 - 00000758 _____ () C:\31124889.SXB
2014-05-12 10:17 - 2011-05-16 14:06 - 00314461 _____ () C:\31124889.SXA
2014-05-09 09:06 - 2014-05-14 06:40 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 06:40 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 18:03 - 2011-07-05 09:36 - 00000716 _____ () C:\31124899.SXB
2014-05-07 18:03 - 2011-07-05 09:30 - 00225574 _____ () C:\31124899.SXA
2014-05-07 17:54 - 2014-04-07 17:23 - 00054167 _____ () C:\pries-andrej_2013.SXB
2014-05-07 17:54 - 2014-04-07 17:23 - 00000634 _____ () C:\pries-andrej.SXB
2014-05-07 17:54 - 2014-03-29 16:06 - 00115585 _____ () C:\pries-andrej.SXA
2014-05-07 13:07 - 2014-04-07 17:23 - 00052476 _____ () C:\pries-andrej_2012.SXB
2014-05-07 13:07 - 2013-02-10 12:52 - 00000634 _____ () C:\Hellmann_Nikolaus.SXB
2014-05-07 13:07 - 2011-09-23 12:41 - 00212391 _____ () C:\Hellmann_Nikolaus.SXA
2014-05-06 20:34 - 2012-05-23 06:36 - 00013731 _____ () C:\Haas_Angelika.SXA
2014-05-06 05:25 - 2014-05-14 19:22 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-14 19:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-14 19:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
Files to move or delete:
====================
C:\Users\XXX\g2ax_customer_downloadhelper_win32_x86.exe
Some content of TEMP:
====================
C:\Users\XXX\AppData\Local\Temp\4rvja0xm.dll
C:\Users\XXX\AppData\Local\Temp\APNStub.exe
C:\Users\XXX\AppData\Local\Temp\AskSLib.dll
C:\Users\XXX\AppData\Local\Temp\avgnt.exe
C:\Users\XXX\AppData\Local\Temp\h3tpriax.dll
C:\Users\XXX\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\XXX\AppData\Local\Temp\lypctcsy.dll
C:\Users\XXX\AppData\Local\Temp\wqpeqjmh.dll
C:\Users\XXX\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-29 09:55
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-06-2014
Ran by XXX at 2014-06-05 20:19:19
Running from C:\Users\XXX\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.5.684.213 - Advanced Micro Devices Inc.) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60707.2331 - ATI Technologies Inc.) Hidden
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.2.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.1.23037 - Ask.com) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{11661616-6C82-1CA6-874A-2C7A5A7BF72C}) (Version: 3.0.833.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator 2.2 (HKLM\...\MP Navigator 2.2) (Version: - )
Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version: - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (Version: 2011.0707.2346.40825 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2011.0707.2346.40825 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2011.0707.2346.40825 - ATI Technologies, Inc.) Hidden
CCC Help English (Version: 2011.0707.2345.40825 - ATI) Hidden
ccc-utility (Version: 2011.0707.2346.40825 - ATI) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
dakota.ag (HKLM\...\dakota.ag) (Version: 6.0 - ITSG GmbH)
dakota.ag (Version: 6.0 - ITSG GmbH) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)
GoToAssist Customer 1.6.0.498 (HKLM\...\GoToAssist Express Customer) (Version: 1.6.0.498 - Citrix Online)
GuD StarSign Crypto USB Token für ELSTER (HKLM\...\{2DF407D3-A8AD-4ACF-BFD5-5F7D42EC62FD}) (Version: 1.1.3 - secunet Security Networks AG)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{DEB23231-0851-4E3E-A2DB-EED8A40B0883}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM\...\{13D324E9-9DB1-478D-944C-28BBE1BB80DC}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.240 - Oracle)
Lexware Elster (HKLM\...\{9CCD2A54-3AC9-4675-82A9-71BFC32004C4}) (Version: 14.04.00.0014 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (HKLM\...\{bcd8903c-570f-4324-977b-8d0efe79a922}) (Version: 18.0.0.98 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (Version: 18.05.00.0028 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Info Service (Version: 4.01.00.0077 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (Version: 3.01.00.0011 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware online banking (HKLM\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
mapserver 5 COM-Module (HKLM\...\{5C4AE262-DA69-4C68-BF71-7C2C935BE9C2}) (Version: - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.1.8 - )
NVIDIA 3D Vision Controller Driver (Version: 270.61 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 270.61 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 270.61 - NVIDIA Corporation)
NVIDIA Grafiktreiber 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 270.61 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.270.54.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.7061 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 270.61 (Version: 270.61 - NVIDIA Corporation) Hidden
NVIDIA Update 1.1.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.1.34 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.1.34 - NVIDIA Corporation) Hidden
PL-2303 Vista Driver Installer (HKLM\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.0.1.0 - Prolific)
Realtek HDMI Audio Driver for ATI (HKLM\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.8.8855 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Steuersoft EStPlus NX (HKLM\...\EstPlusNX) (Version: 19101 - Steuersoft GmbH)
Steuersoft Routenplaner (HKLM\...\Steuersoft Routenplaner) (Version: 3.0 - Steuersoft GmbH)
sv.net (HKLM\...\sv.net) (Version: 11.1 - ITSG GmbH)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
True Image 2013 (HKLM\...\{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}Visible) (Version: 16.0.5551 - Acronis)
True Image 2013 (Version: 16.0.5551 - Acronis) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
WinRAR 4.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
==================== Restore Points =========================
03-05-2014 10:44:18 Windows Update
06-05-2014 16:47:50 Windows Update
14-05-2014 05:05:58 Geplanter Prüfpunkt
14-05-2014 17:22:07 Windows Update
22-05-2014 06:04:01 Geplanter Prüfpunkt
29-05-2014 08:02:14 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 04:04 - 2012-09-25 10:21 - 00000857 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activation.acronis.com
==================== Scheduled Tasks (whitelisted) =============
Task: {4F9E05BA-732C-4DB5-9F19-D044F7C25590} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-05-04] () <==== ATTENTION
Task: {ABDF16C7-0CF6-4AFA-8E8B-071F9986BB3D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {C189F08F-E7CA-43B0-AF11-B88E28A53549} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-10-07 06:36 - 2013-06-06 08:24 - 00019448 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-05 20:47 - 2003-04-18 19:06 - 00008192 _____ () C:\Windows\system32\srvany.exe
2011-05-05 20:47 - 2010-04-10 09:03 - 00077824 _____ () C:\Windows\KMService.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-23 01:12 - 2012-08-23 01:12 - 00019840 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
2011-05-05 21:38 - 2011-03-02 12:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2012-08-23 00:42 - 2012-08-23 00:42 - 00435584 _____ () C:\Program Files\Common Files\Acronis\Home\ulxmlrpcpp.dll
2012-08-23 03:35 - 2012-08-23 03:35 - 13873200 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers.dll
2012-08-23 03:31 - 2012-08-23 03:31 - 01590656 _____ () C:\Program Files\Common Files\Acronis\Home\icudt38.dll
2012-07-24 14:48 - 2012-07-24 14:48 - 00012160 _____ () C:\Program Files\Common Files\Acronis\TibMounter\icudt38.dll
2013-09-26 13:20 - 2013-09-26 13:20 - 00176168 _____ () C:\Program Files\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 13:20 - 2013-09-26 13:20 - 00043048 _____ () C:\Program Files\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2011-07-07 23:44 - 2011-07-07 23:44 - 00243712 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: H:\
Description: Officejet Pro 85
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: HP
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
Name: 1_1GB
Description: Flash Disk
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/05/2014 04:53:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm EStPLUS.exe, Version 2014.5.26.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 11b8
Startzeit: 01cf80ca9def9e8a
Endzeit: 883
Anwendungspfad: C:\Program Files\Steuersoft\EstPlusNX\EStPLUS.exe
Berichts-ID: 082b525b-ecc1-11e3-a744-001d7d9b1189
Error: (06/05/2014 04:52:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LxUpdateManager.exe, Version: 4.0.0.77, Zeitstempel: 0x525ff7c1
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x531599f6
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000812f
ID des fehlerhaften Prozesses: 0xb68
Startzeit der fehlerhaften Anwendung: 0xLxUpdateManager.exe0
Pfad der fehlerhaften Anwendung: LxUpdateManager.exe1
Pfad des fehlerhaften Moduls: LxUpdateManager.exe2
Berichtskennung: LxUpdateManager.exe3
Error: (06/05/2014 04:52:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: LxUpdateManager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Reflection.TargetInvocationException
Stapel:
bei System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
bei System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
bei System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
bei System.RuntimeType.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[], System.Reflection.ParameterModifier[], System.Globalization.CultureInfo, System.String[])
bei Haufe.ServiceModel.Runtime.DuplexClientProxy`1+<>c__DisplayClass2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<InitializeKeepAliveBehavior>b__1(System.__Canon)
bei Haufe.ServiceModel.Runtime.DuplexClientProxy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].DoAction(System.Action`1<System.__Canon>, System.Nullable`1<System.TimeSpan>)
bei Haufe.ServiceModel.Runtime.DuplexClientProxy`1+<>c__DisplayClass2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<InitializeKeepAliveBehavior>b__0(System.Object)
bei System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.TimerQueueTimer.CallCallback()
bei System.Threading.TimerQueueTimer.Fire()
bei System.Threading.TimerQueue.FireNextTimers()
bei System.Threading.TimerQueue.AppDomainTimerCallback()
Error: (06/05/2014 04:00:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EStPLUS.exe, Version: 2014.5.26.0, Zeitstempel: 0x538305fb
Name des fehlerhaften Moduls: wPDFViewPlus03.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5363bf3d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0efb4830
ID des fehlerhaften Prozesses: 0x14b4
Startzeit der fehlerhaften Anwendung: 0xEStPLUS.exe0
Pfad der fehlerhaften Anwendung: EStPLUS.exe1
Pfad des fehlerhaften Moduls: EStPLUS.exe2
Berichtskennung: EStPLUS.exe3
Error: (06/04/2014 07:45:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EStPLUS.exe, Version: 2014.5.26.0, Zeitstempel: 0x538305fb
Name des fehlerhaften Moduls: wPDFViewPlus03.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5363bf3d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0eb34830
ID des fehlerhaften Prozesses: 0x9f4
Startzeit der fehlerhaften Anwendung: 0xEStPLUS.exe0
Pfad der fehlerhaften Anwendung: EStPLUS.exe1
Pfad des fehlerhaften Moduls: EStPLUS.exe2
Berichtskennung: EStPLUS.exe3
Error: (06/01/2014 02:58:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EStPLUS.exe, Version: 2014.5.26.0, Zeitstempel: 0x538305fb
Name des fehlerhaften Moduls: wPDFViewPlus03.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5363bf3d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x12404830
ID des fehlerhaften Prozesses: 0x1400
Startzeit der fehlerhaften Anwendung: 0xEStPLUS.exe0
Pfad der fehlerhaften Anwendung: EStPLUS.exe1
Pfad des fehlerhaften Moduls: EStPLUS.exe2
Berichtskennung: EStPLUS.exe3
Error: (05/31/2014 08:54:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: syncagentsrv.exe, Version: 16.0.0.6671, Zeitstempel: 0x502fcf12
Name des fehlerhaften Moduls: syncagentsrv.exe, Version: 16.0.0.6671, Zeitstempel: 0x502fcf12
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000129df
ID des fehlerhaften Prozesses: 0xd30
Startzeit der fehlerhaften Anwendung: 0xsyncagentsrv.exe0
Pfad der fehlerhaften Anwendung: syncagentsrv.exe1
Pfad des fehlerhaften Moduls: syncagentsrv.exe2
Berichtskennung: syncagentsrv.exe3
Error: (05/30/2014 01:20:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Lxoffice.exe, Version 18.3.0.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 14e8
Startzeit: 01cf7bf7354a1092
Endzeit: 35
Anwendungspfad: C:\Program Files\Lexware\financial office\2014\Lxoffice.exe
Berichts-ID: 661f61ce-e7ec-11e3-8cb2-001d7d9b1189
Error: (05/30/2014 01:05:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EStPLUS.exe, Version: 2014.5.26.0, Zeitstempel: 0x538305fb
Name des fehlerhaften Moduls: wPDFViewPlus03.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5363bf3d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0edf4830
ID des fehlerhaften Prozesses: 0xcb4
Startzeit der fehlerhaften Anwendung: 0xEStPLUS.exe0
Pfad der fehlerhaften Anwendung: EStPLUS.exe1
Pfad des fehlerhaften Moduls: EStPLUS.exe2
Berichtskennung: EStPLUS.exe3
Error: (05/30/2014 09:53:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EStPLUS.exe, Version: 2014.5.26.0, Zeitstempel: 0x538305fb
Name des fehlerhaften Moduls: OLMAPI32.DLL, Version: 14.0.7113.5005, Zeitstempel: 0x52b23e39
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001ad7b
ID des fehlerhaften Prozesses: 0xcb4
Startzeit der fehlerhaften Anwendung: 0xEStPLUS.exe0
Pfad der fehlerhaften Anwendung: EStPLUS.exe1
Pfad des fehlerhaften Moduls: EStPLUS.exe2
Berichtskennung: EStPLUS.exe3
System errors:
=============
Error: (06/05/2014 05:52:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (06/05/2014 05:52:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (06/05/2014 05:33:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (06/05/2014 05:33:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (06/05/2014 05:00:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 05.06.2014 um 16:58:52 unerwartet heruntergefahren.
Error: (06/05/2014 04:27:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 05.06.2014 um 16:26:43 unerwartet heruntergefahren.
Error: (06/05/2014 04:00:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (06/04/2014 07:46:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (06/04/2014 05:21:51 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (06/04/2014 05:21:49 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Microsoft Office Sessions:
=========================
Error: (06/05/2014 04:53:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: EStPLUS.exe2014.5.26.011b801cf80ca9def9e8a883C:\Program Files\Steuersoft\EstPlusNX\EStPLUS.exe082b525b-ecc1-11e3-a744-001d7d9b1189
Error: (06/05/2014 04:52:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LxUpdateManager.exe4.0.0.77525ff7c1KERNELBASE.dll6.1.7601.18409531599f6e04343520000812fb6801cf80ca64d421edC:\Program Files\Lexware\Update Manager\LxUpdateManager.exeC:\Windows\system32\KERNELBASE.dllfeea696a-ecc0-11e3-a744-001d7d9b1189
Error: (06/05/2014 04:52:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: LxUpdateManager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Reflection.TargetInvocationException
Stapel:
bei System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
bei System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
bei System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
bei System.RuntimeType.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[], System.Reflection.ParameterModifier[], System.Globalization.CultureInfo, System.String[])
bei Haufe.ServiceModel.Runtime.DuplexClientProxy`1+<>c__DisplayClass2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<InitializeKeepAliveBehavior>b__1(System.__Canon)
bei Haufe.ServiceModel.Runtime.DuplexClientProxy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].DoAction(System.Action`1<System.__Canon>, System.Nullable`1<System.TimeSpan>)
bei Haufe.ServiceModel.Runtime.DuplexClientProxy`1+<>c__DisplayClass2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<InitializeKeepAliveBehavior>b__0(System.Object)
bei System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.TimerQueueTimer.CallCallback()
bei System.Threading.TimerQueueTimer.Fire()
bei System.Threading.TimerQueue.FireNextTimers()
bei System.Threading.TimerQueue.AppDomainTimerCallback()
Error: (06/05/2014 04:00:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EStPLUS.exe2014.5.26.0538305fbwPDFViewPlus03.dll_unloaded0.0.0.05363bf3dc00000050efb483014b401cf80c5568cca4cC:\Program Files\Steuersoft\EstPlusNX\EStPLUS.exewPDFViewPlus03.dllb7897f6e-ecb9-11e3-8cbf-001d7d9b1189
Error: (06/04/2014 07:45:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EStPLUS.exe2014.5.26.0538305fbwPDFViewPlus03.dll_unloaded0.0.0.05363bf3dc00000050eb348309f401cf800e97a22f8dC:\Program Files\Steuersoft\EstPlusNX\EStPLUS.exewPDFViewPlus03.dll0b259b1e-ec10-11e3-8dd7-001d7d9b1189
Error: (06/01/2014 02:58:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EStPLUS.exe2014.5.26.0538305fbwPDFViewPlus03.dll_unloaded0.0.0.05363bf3dc000000512404830140001cf7d72083736e8C:\Program Files\Steuersoft\EstPlusNX\EStPLUS.exewPDFViewPlus03.dll7458723b-e98c-11e3-8834-001d7d9b1189
Error: (05/31/2014 08:54:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: syncagentsrv.exe16.0.0.6671502fcf12syncagentsrv.exe16.0.0.6671502fcf12c0000005000129dfd3001cf7c9d185fdc43C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exeC:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe6e3ad6c0-e890-11e3-8c84-001d7d9b1189
Error: (05/30/2014 01:20:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Lxoffice.exe18.3.0.214e801cf7bf7354a109235C:\Program Files\Lexware\financial office\2014\Lxoffice.exe661f61ce-e7ec-11e3-8cb2-001d7d9b1189
Error: (05/30/2014 01:05:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EStPLUS.exe2014.5.26.0538305fbwPDFViewPlus03.dll_unloaded0.0.0.05363bf3dc00000050edf4830cb401cf7bda922d4b2bC:\Program Files\Steuersoft\EstPlusNX\EStPLUS.exewPDFViewPlus03.dll5f0628ad-e7ea-11e3-8cb2-001d7d9b1189
Error: (05/30/2014 09:53:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: EStPLUS.exe2014.5.26.0538305fbOLMAPI32.DLL14.0.7113.500552b23e39c00000050001ad7bcb401cf7bda922d4b2bC:\Program Files\Steuersoft\EstPlusNX\EStPLUS.exeC:\PROGRA~1\MICROS~1\Office14\OLMAPI32.DLL850a39ad-e7cf-11e3-8cb2-001d7d9b1189
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 3582.49 MB
Available physical RAM: 2076.67 MB
Total Pagefile: 7163.27 MB
Available Pagefile: 5567.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.9 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.88 GB) (Free:138.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (MyDrive) (Fixed) (Total:232.88 GB) (Free:199.77 GB) NTFS
Drive g: (1_1GB) (Removable) (Total:0.98 GB) (Free:0.97 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E00A8154)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 437AE979)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1004 MB) (Disk ID: 0236C0CA)
Partition 1: (Active) - (Size=1003 MB) - (Type=0E)
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:23 on 05/06/2014
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-05 20:15:09
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 ST3250410AS rev.3.AAC 232,88GB
Running: Gmer-19357.exe; Driver: C:\Users\VIKTOR~1\AppData\Local\Temp\kxkyapow.sys
---- System - GMER 2.1 ----
SSDT 961F0496 ZwCreateSection
SSDT 961F04A0 ZwRequestWaitReplyPort
SSDT 961F049B ZwSetContextThread
SSDT 961F04A5 ZwSetSecurityObject
SSDT 961F04AA ZwSystemDebugControl
SSDT 961F0437 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83248A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83282212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 8328958C 4 Bytes [96, 04, 1F, 96] {XCHG ESI, EAX; ADD AL, 0x1f; XCHG ESI, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 832898E8 4 Bytes [A0, 04, 1F, 96]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 8328992C 4 Bytes [9B, 04, 1F, 96] {WAIT ; ADD AL, 0x1f; XCHG ESI, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 832899A8 4 Bytes [A5, 04, 1F, 96] {MOVSD ; ADD AL, 0x1f; XCHG ESI, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 832899FC 4 Bytes [AA, 04, 1F, 96] {STOSB ; ADD AL, 0x1f; XCHG ESI, EAX}
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x96C28000, 0x396C95, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\Dwm.exe[2288] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 0408EDF8
.text C:\Windows\system32\Dwm.exe[2288] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 040A1AE0
.text C:\Windows\Explorer.EXE[2340] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 0278EDF8
.text C:\Windows\Explorer.EXE[2340] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 027B1AE0
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[2860] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 0022EDF8
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[2860] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 00241AE0
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2872] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 022DEDF8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2872] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 022F1AE0
.text C:\Program Files\Ask.com\Updater\Updater.exe[2888] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 020BEDF8
.text C:\Program Files\Ask.com\Updater\Updater.exe[2888] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 020D1AE0
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2896] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 004DEDF8
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2896] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 006B1AE0
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2896] WS2_32.dll!closesocket 76D93918 5 Bytes JMP 006BBF80
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2896] WS2_32.dll!WSASend 76D94406 5 Bytes JMP 006BBEA0
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2896] WS2_32.dll!connect 76D96BDD 5 Bytes JMP 006BBE50
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2896] WS2_32.dll!send 76D96F01 5 Bytes JMP 006BBF20
.text C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[2904] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 021DEDF8
.text C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe[2904] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 01BC1AE0
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[2912] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 002FEDF8
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[2912] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 00361AE0
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2920] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 01DFEDF8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2920] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 01E11AE0
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 009EEDF8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2948] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 03B31AE0
.text C:\Windows\system32\taskhost.exe[3108] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 018AEDF8
.text C:\Windows\system32\taskhost.exe[3108] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 018C1AE0
.text C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe[3352] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 03DEEDF8
.text C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe[3352] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 03E01AE0
.text C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe[3352] ws2_32.dll!closesocket 76D93918 5 Bytes JMP 03E0BF80
.text C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe[3352] ws2_32.dll!WSASend 76D94406 5 Bytes JMP 03E0BEA0
.text C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe[3352] ws2_32.dll!connect 76D96BDD 5 Bytes JMP 03E0BE50
.text C:\Program Files\Lexware\Update Manager\LxUpdateManager.exe[3352] ws2_32.dll!send 76D96F01 5 Bytes JMP 03E0BF20
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4196] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 0038EDF8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4196] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 003A1AE0
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4244] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 03F1EDF8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4244] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 03F31AE0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 014CEDF8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 014E1AE0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] WS2_32.dll!closesocket 76D93918 5 Bytes JMP 014EBF80
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] WS2_32.dll!WSASend 76D94406 5 Bytes JMP 014EBEA0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] WS2_32.dll!connect 76D96BDD 5 Bytes JMP 014EBE50
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] WS2_32.dll!send 76D96F01 5 Bytes JMP 014EBF20
.text C:\Program Files\avmwlanstick\FRITZWLANMini.exe[4412] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 001DEDF8
.text C:\Program Files\avmwlanstick\FRITZWLANMini.exe[4412] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 00621AE0
.text C:\Program Files\iTunes\iTunesHelper.exe[4616] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 012DEDF8
.text C:\Program Files\iTunes\iTunesHelper.exe[4616] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 012F1AE0
.text C:\Program Files\iTunes\iTunesHelper.exe[4616] WS2_32.dll!closesocket 76D93918 5 Bytes JMP 012FBF80
.text C:\Program Files\iTunes\iTunesHelper.exe[4616] WS2_32.dll!WSASend 76D94406 5 Bytes JMP 012FBEA0
.text C:\Program Files\iTunes\iTunesHelper.exe[4616] WS2_32.dll!connect 76D96BDD 5 Bytes JMP 012FBE50
.text C:\Program Files\iTunes\iTunesHelper.exe[4616] WS2_32.dll!send 76D96F01 5 Bytes JMP 012FBF20
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe[4780] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 0072EDF8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe[4780] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 00371AE0
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[5052] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 013FEDF8
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[5052] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 01411AE0
.text C:\Users\XXX\Desktop\Gmer-19357.exe[5688] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 0016EDF8
.text C:\Users\XXX\Desktop\Gmer-19357.exe[5688] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 002D1AE0
.text C:\Program Files\TeamViewer\Version8\TeamViewer.exe[6064] ntdll.dll!NtResumeThread 77DA64E8 5 Bytes JMP 0371EDF8
.text C:\Program Files\TeamViewer\Version8\TeamViewer.exe[6064] ntdll.dll!LdrLoadDll 77DC22AE 5 Bytes JMP 03731AE0
.text C:\Program Files\TeamViewer\Version8\TeamViewer.exe[6064] WS2_32.dll!closesocket 76D93918 5 Bytes JMP 0373BF80
.text C:\Program Files\TeamViewer\Version8\TeamViewer.exe[6064] WS2_32.dll!WSASend 76D94406 5 Bytes JMP 0373BEA0
.text C:\Program Files\TeamViewer\Version8\TeamViewer.exe[6064] WS2_32.dll!connect 76D96BDD 5 Bytes JMP 0373BE50
.text C:\Program Files\TeamViewer\Version8\TeamViewer.exe[6064] WS2_32.dll!send 76D96F01 5 Bytes JMP 0373BF20
---- Devices - GMER 2.1 ----
Device Ntfs.sys
AttachedDevice tdrpman.sys
Device fastfat.SYS
Device \Driver\volmgr \Device\VolMgrControl fltsrv.sys
Device \Driver\volmgr \Device\HarddiskVolume1 fltsrv.sys
Device \Driver\volmgr \Device\HarddiskVolume2 fltsrv.sys
Device \Driver\volmgr \Device\HarddiskVolume3 fltsrv.sys
Device \Driver\volmgr \Device\HarddiskVolume5 fltsrv.sys
Device \Driver\partmgr \Device\PartmgrControl fltsrv.sys
Device \Driver\Disk \Device\Harddisk0\DR0 fltsrv.sys
Device \Driver\Disk \Device\Harddisk1\DR1 fltsrv.sys
Device \Driver\Disk \Device\Harddisk2\DR2 fltsrv.sys
Device \Driver\Disk \Device\Harddisk3\DR4 fltsrv.sys
Device \Driver\rdyboost \Device\RdyBoost fltsrv.sys
AttachedDevice fltmgr.sys
Device cdfs.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0050f2ea7ed3
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0050f2ea7ed3 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlId 1457
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@NewCrawlNumber 1458
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@NewClientID 2488
---- EOF - GMER 2.1 ----
|
|
05.06.2014, 20:08
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Telekom - Virus/Trojaner Hi und
__________________ Zitat:
Zitat:
 Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ |
|
| Themen zu Telekom - Virus/Trojaner |
| adobe, antivir, antivirus, association, avira, bonjour, branding, browser, defender, e-mail, excel, failed, flash player, lightning, link geklickt, mozilla, officejet, realtek, registry, rundll, secur, security, services.exe, software, stick, svchost.exe, system, usb, vista, windows |
Linear-Darstellung
