| |
| |||||||
Log-Analyse und Auswertung: Win Vista/ Avira geblockt, Onlinebanking geknacktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.06.2014, 20:51
| #1 |
| |  Win Vista/ Avira geblockt, Onlinebanking geknackt Liebes Team vom Trojaner-Board, auch ich habe mir einen Trojaner eingefangen, der hier schon von einigen anderen beschrieben wurde: - Ich wurde von der Sparkasse informiert, dass ich einen Trojaner auf meinem Rechner haben muss und dass mein Onlinebanking gesperrt wurde; nähere Infos habe ich nicht erhalten. - Habe daraufhin bemerkt, dass mein Avira (free antivirus) nicht mehr automatisch startet und dass ich es nicht mehr öffnen kann: es erscheint die Fehlermeldung „dieses Programm wurde durch eine Gruppenrichtlinie geblockt. Weitere Informationen erhalten Sie vom Systemadministrator. - Nutze Windows Vista Home Premium Es wäre klasse, wenn ihr mir helfen könntet, diesen Trojaner wieder loszuwerden. Bin leider in solchen PC-Fragen nicht erfahren… Beim gmer-scan kam immer wieder die Fehlermeldung hoch, dass ich einen Datenträger in Laufwerk \device\harddisk1\DR1 einlegen soll. Hoffe, die Datei hilft trotzdem weiter. VIELEN DANK! FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014 Ran by Kathinka (administrator) on UNI-PC on 06-06-2014 19:40:11 Running from C:\Users\Kathinka\Downloads Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Empolis GmbH) C:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe () C:\Windows\System32\PSIService.exe (Buhl Data Service GmbH) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE () C:\Program Files\XSManager\WTGService.exe (4G Systems GmbH & Co. KG) C:\Windows\service4g.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe () C:\Program Files\Launch Manager\LaunchAp.exe (Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron) C:\Program Files\Launch Manager\WButton.exe (Creative Technology Ltd.) C:\Windows\V0330Mon.exe () C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE () C:\Program Files\XSManager\XSManager.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6025216 2008-04-01] (Realtek Semiconductor) HKLM\...\Run: [LaunchAp] => C:\Program Files\Launch Manager\LaunchAp.exe [32768 2007-09-01] () HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [188416 2007-09-06] (Wistron) HKLM\...\Run: [CtrlVol] => "C:\Program Files\Launch Manager\CtrlVol.exe" HKLM\...\Run: [LMgrOSD] => C:\Program Files\Launch Manager\OSD.exe [180224 2006-12-26] (Wistron Corp.) HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [86016 2007-09-07] (Wistron) HKLM\...\Run: [toolbar_eula_launcher] => C:\Program Files\GoogleEULA\EULALauncher.exe HKLM\...\Run: [V0330Mon.exe] => C:\Windows\V0330Mon.exe [32768 2007-04-30] (Creative Technology Ltd.) HKLM\...\Run: [Corel Photo Downloader] => "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup HKLM\...\Run: [Corel File Shell Monitor] => C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16200 2007-10-30] () HKLM\...\Run: [C:\Windows\system32\V0330Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0330Ext.ax HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-03] (CANON INC.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-24] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [starter4g] => C:\Windows\starter4g.exe [160424 2010-04-30] (4G Systems GmbH & Co. KG) HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-03-04] (Google Inc.) HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG) HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [AvaviRfodo] => regsvr32.exe "C:\ProgramData\AvaviRfodo.dat" HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\MountPoints2: {111c54ff-6441-11dd-8d1b-806e6f6e6963} - F:\start.exe HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\MountPoints2: {25dd7336-7595-11e1-ac80-000ae4ce131d} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\start.html ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.de/ips-opdata/uploadClients/fuji/jordan.cab DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{6DC217A0-369C-408F-AAB1-EF67936B3CD0}: [NameServer]193.189.244.206 193.189.244.225 FireFox: ======== FF ProfilePath: C:\Users\Kathinka\AppData\Roaming\Mozilla\Firefox\Profiles\ajvq10vs.default FF Homepage: hxxp://login.rz.ruhr-uni-bochum.de/login.html FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @MagellanGPS.com/CommunicationPlugin - C:\Program Files\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: Microsoft .NET Framework Assistant - C:\Users\Kathinka\AppData\Roaming\Mozilla\Firefox\Profiles\ajvq10vs.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-01-17] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] ========================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-24] (Avira Operations GmbH & Co. KG) S4 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-08-29] (Cisco Systems, Inc.) S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-19] (Empolis GmbH) S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] () R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] () R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1801216 2008-02-28] (Buhl Data Service GmbH) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2006-06-14] (Ulead Systems, Inc.) S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2007-09-11] (Wistron Corp.) R2 WTGService; C:\Program Files\XSManager\WTGService.exe [329848 2013-05-06] () R2 XS Stick Service; C:\Windows\service4g.exe [145064 2010-04-30] (4G Systems GmbH & Co. KG) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-23] (Avira Operations GmbH & Co. KG) R3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2013-11-24] (Mobile Connector) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-08-29] (Cisco Systems, Inc.) R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.) R1 Hotkey; C:\Windows\system32\Drivers\Hotkey.sys [9867 2003-04-28] () R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210736 2007-06-01] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.) R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-05] (Avira GmbH) S3 V0330VID; C:\Windows\System32\DRIVERS\V0330Vid.sys [157696 2007-08-08] (Creative Technology Ltd.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-06 19:40 - 2014-06-06 19:40 - 00016396 _____ () C:\Users\Kathinka\Downloads\FRST.txt 2014-06-06 19:39 - 2014-06-06 19:40 - 00000000 ____D () C:\FRST 2014-06-06 19:39 - 2014-06-06 19:39 - 01063424 _____ (Farbar) C:\Users\Kathinka\Downloads\FRST.exe 2014-06-06 19:36 - 2014-06-06 19:36 - 00050477 _____ () C:\Users\Kathinka\Downloads\Defogger.exe 2014-06-06 19:36 - 2014-06-06 19:36 - 00000000 _____ () C:\Users\Kathinka\defogger_reenable 2014-06-05 19:23 - 2014-06-05 19:23 - 00000000 ____D () C:\test 2014-06-04 19:53 - 2014-06-04 19:55 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\XSManager 2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla 2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla 2014-06-04 18:00 - 2014-06-04 18:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Avira 2014-06-04 17:38 - 2014-06-04 17:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe 2014-06-04 17:38 - 2014-06-04 17:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2014-05-30 09:01 - 2014-05-30 09:01 - 02570453 _____ () C:\Users\Kathinka\Desktop\Documents\nils.pptx 2014-05-26 20:43 - 2014-05-26 20:43 - 00285841 _____ (Microsoft Corporation) C:\ProgramData\AvaviRfodo.dat 2014-05-13 19:53 - 2014-05-14 19:00 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird ==================== One Month Modified Files and Folders ======= 2014-06-06 19:40 - 2014-06-06 19:40 - 00016396 _____ () C:\Users\Kathinka\Downloads\FRST.txt 2014-06-06 19:40 - 2014-06-06 19:39 - 00000000 ____D () C:\FRST 2014-06-06 19:40 - 2009-08-15 22:58 - 00000394 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{158DDB20-B365-4628-993E-6DBF362FE748}.job 2014-06-06 19:40 - 2008-08-07 08:38 - 00000000 ____D () C:\Users\Kathinka\AppData\Local\Temp 2014-06-06 19:39 - 2014-06-06 19:39 - 01063424 _____ (Farbar) C:\Users\Kathinka\Downloads\FRST.exe 2014-06-06 19:38 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-06 19:38 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-06 19:36 - 2014-06-06 19:36 - 00050477 _____ () C:\Users\Kathinka\Downloads\Defogger.exe 2014-06-06 19:36 - 2014-06-06 19:36 - 00000000 _____ () C:\Users\Kathinka\defogger_reenable 2014-06-06 19:36 - 2008-08-07 09:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-06 19:36 - 2008-08-07 08:38 - 00000000 ____D () C:\Users\Kathinka 2014-06-06 19:26 - 2008-08-07 08:33 - 01472335 _____ () C:\Windows\WindowsUpdate.log 2014-06-06 19:26 - 2008-01-21 09:16 - 01541724 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-06 19:25 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\tracing 2014-06-06 19:11 - 2008-04-21 14:44 - 00002631 _____ () C:\Users\Kathinka\Desktop\Microsoft Office Word 2007.lnk 2014-06-06 19:05 - 2009-01-05 19:17 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-06-06 19:04 - 2010-02-03 08:02 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-06 19:04 - 2009-01-12 16:17 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-06-06 19:04 - 2008-08-07 08:38 - 00000948 _____ () C:\Users\Kathinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-06-06 19:04 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-05 19:31 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-05 19:23 - 2014-06-05 19:23 - 00000000 ____D () C:\test 2014-06-05 19:05 - 2009-01-05 18:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Temp 2014-06-05 19:03 - 2010-02-03 08:02 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-04 19:55 - 2014-06-04 19:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\XSManager 2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla 2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla 2014-06-04 18:00 - 2014-06-04 18:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Avira 2014-06-04 17:38 - 2014-06-04 17:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe 2014-06-04 17:38 - 2014-06-04 17:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2014-06-04 17:38 - 2009-01-05 18:45 - 00104568 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-04 17:38 - 2009-01-05 18:45 - 00000953 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-04 17:38 - 2009-01-05 18:45 - 00000919 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2014-06-04 17:30 - 2008-08-11 20:24 - 00000000 ____D () C:\Users\Nils\AppData\Local\Temp 2014-06-04 17:15 - 2012-06-21 17:38 - 00000000 ____D () C:\Users\Kathinka\Desktop\Documents\Kostenrechner 2014-06-04 10:47 - 2008-08-11 20:25 - 00104568 _____ () C:\Users\Nils\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-04 10:46 - 2009-08-15 22:58 - 00000953 _____ () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-04 10:44 - 2011-01-30 17:09 - 00000000 ____D () C:\Users\Kathinka\Desktop\Documents\Steuerfälle 2014-06-04 10:44 - 2009-04-05 18:32 - 00000000 ____D () C:\Users\Kathinka\Desktop\Documents\Förmliches 2014-06-04 10:44 - 2008-08-07 14:43 - 00000000 ____D () C:\Users\Kathinka\Desktop\Documents\Bio 2014-05-30 09:01 - 2014-05-30 09:01 - 02570453 _____ () C:\Users\Kathinka\Desktop\Documents\nils.pptx 2014-05-26 20:43 - 2014-05-26 20:43 - 00285841 _____ (Microsoft Corporation) C:\ProgramData\AvaviRfodo.dat 2014-05-22 18:31 - 2012-02-14 16:35 - 00000682 _____ () C:\Users\Kathinka\Desktop\Documents\OuProxy.log 2014-05-17 10:38 - 2010-02-08 12:16 - 00000000 ____D () C:\SECentral 2014-05-14 22:23 - 2013-08-19 16:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-14 19:00 - 2014-05-13 19:53 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird Files to move or delete: ==================== C:\ProgramData\00etadpu.pad C:\ProgramData\AvaviRfodo.dat Some content of TEMP: ==================== C:\Users\Kathinka\AppData\Local\Temp\AskSLib.dll C:\Users\Kathinka\AppData\Local\Temp\AskSLib.exe C:\Users\Kathinka\AppData\Local\Temp\avgnt.exe C:\Users\Kathinka\AppData\Local\Temp\CTPBSEQ.EXE C:\Users\Kathinka\AppData\Local\Temp\DelayInst.exe C:\Users\Kathinka\AppData\Local\Temp\GDM3C15.exe C:\Users\Kathinka\AppData\Local\Temp\installservice.exe C:\Users\Kathinka\AppData\Local\Temp\instmsi.exe C:\Users\Kathinka\AppData\Local\Temp\instmsiw.exe C:\Users\Kathinka\AppData\Local\Temp\MSETUP4.EXE C:\Users\Kathinka\AppData\Local\Temp\NEW58F8.tmp.exe C:\Users\Kathinka\AppData\Local\Temp\SkypeSetup.exe C:\Users\Kathinka\AppData\Local\Temp\unwise.exe C:\Users\Kathinka\AppData\Local\Temp\vpnclient_setup.exe C:\Users\Kathinka\AppData\Local\Temp\WZCPlugin_VISTA.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-06-06 19:11 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-06-2014
Ran by Kathinka at 2014-06-06 19:40:40
Running from C:\Users\Kathinka\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
3531-W-D (HKLM\...\{BD1587F7-B8D0-4111-8F1F-3327628AB02F}) (Version: 1.5.18 - Silicon Image)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2 - Adobe Systems, Inc) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.62 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81200000003}_Adobe Reader 8.1.2 - Deutsch) (Version: - )
Adobe Shockwave Player 11 (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version: - )
Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Benutzerhandbuch für Creative WebCam Vista (Deutsch) (HKLM\...\Benutzerhandbuch für Creative WebCam Vista German) (Version: - )
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version: - )
Canon MP240 series Benutzerregistrierung (HKLM\...\Canon MP240 series Benutzerregistrierung) (Version: - )
Canon MP240 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
Cisco Systems VPN Client 5.0.04.0300 (HKLM\...\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}) (Version: 5.0.4 - Cisco Systems, Inc.)
Clone Manager 7 (HKLM\...\Clone Manager 7) (Version: - )
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel MediaOne (HKLM\...\{A062A15F-9CAC-4B88-98DF-87628A0BD721}) (Version: 2.00.0000 - Corel Corporation)
Corel Paint Shop Pro Photo X2 (HKLM\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.010.0000 - Corel Corporation)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang BR (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang ES (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang FR (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang IT (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang NL (Version: 14.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version: - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (Version: 1.0 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version: - Corel Corporation)
Creative Live! Cam Center (HKLM\...\Creative Live! Cam Center) (Version: - )
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: - )
Creative Systeminformationen (HKLM\...\SysInfo) (Version: - )
Creative WebCam Vista/Live! Cam Chat Driver (1.11.01.00) (HKLM\...\Creative VF0330) (Version: - )
DC++ 0.674 (HKLM\...\DC++) (Version: 0.674 - Jacek Sieka)
dm Digi Foto (HKLM\...\dm Digi Foto) (Version: 2.3.0.93 - Imaxel Lab S.L)
EndNote 9 (HKLM\...\{33CE9398-8C1A-11D9-8BDE-F66BAD1E3F3A}) (Version: 9.0.0.1425 - Thomson ResearchSoft)
Firebird SQL Server - MAGIX Edition (HKLM\...\Firebird SQL Server D) (Version: 2.0.1.8 - MAGIX AG)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Heidi Klum Butterfly MousePointer (HKLM\...\Heidi Klum Butterfly MousePointer) (Version: - )
Inkjet Printer/Scanner Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.385 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0-B9.385 - InterVideo Inc.) Hidden
ISI ResearchSoft - Export Helper (HKLM\...\ISI ResearchSoft - Export Helper) (Version: - )
Java(TM) 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Launch Manager V1.4.9 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.4.9 - Wistron Corp.)
Letstrade (HKLM\...\{E0091C29-DEE8-4B24-BF65-8C35B5940D77}) (Version: 1.00.0000 - Buhl Data Service)
Magellan Communicator (HKLM\...\InstallShield_{0FD5FD0B-4BA6-47A1-99C3-F8A964C3CCA5}) (Version: 1.15.020 - Magellan Navigation, Inc.)
Magellan Communicator (Version: 1.15.020 - Magellan Navigation, Inc.) Hidden
MEDION Fotos auf CD Nord (HKLM\...\MEDION Fotos auf CD Nord D) (Version: 6.0.2.0 - MAGIX AG)
Medion Media Center 0 (Version: 1.0.12.0 - Medion) Hidden
MEDIONbox (HKLM\...\{27FDF949-69CE-435A-8372-339F72336AC5}) (Version: 1.09.0000.00052 - Medion)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2742597) (HKLM\...\M2742597) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Move Networks Media Player for Internet Explorer (HKLM\...\Move Networks Player - IE) (Version: - )
Mozilla Firefox (3.0.7) (HKLM\...\Mozilla Firefox (3.0.7)) (Version: 3.0.7 (de) - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{47948554-90C6-4AAC-8CFA-D23CE11C1031}) (Version: 8.3.124 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.8 - Frank Heindörfer, Philip Chinery)
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Ralink Wireless LAN (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.00.0000 - RaLink)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5595 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Sceneo AbsolutTV (HKLM\...\{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}) (Version: - )
SecureW2 EAP Suite 1.1.2 for Windows (HKLM\...\SecureW2 EAP Suite) (Version: - )
Skype™ 5.10 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.114 - Skype Technologies S.A.)
Steuer-Software 2011 (HKLM\...\{923BC9EF-A7FC-4E6D-8056-F1534DFCE530}) (Version: 16.14 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Software 2012 (HKLM\...\{F19178B7-F232-4E97-8511-E4D37A339E9C}) (Version: 17.07 - Wolters Kluwer Deutschland GmbH)
Steuer-Software 2014 (HKLM\...\{77D53A25-9700-42C7-8305-8E469FEBEE30}) (Version: 19.09.86 - Akademische Arbeitsgemeinschaft)
Ulead DVD MovieFactory 5 (HKLM\...\{FF164702-AF8B-4F2F-8038-74A4C536866B}) (Version: 5.3 - Ulead Systems, Inc.)
Ulead PhotoImpact 12 (HKLM\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Live ID-Anmelde-Assistent (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
XSManager (HKLM\...\XSManager) (Version: 3.2 - XSManager)
==================== Restore Points =========================
07-01-2014 16:13:51 STEUEReasy 2014 wurde installiert.
11-01-2014 19:11:24 Geplanter Prüfpunkt
10-02-2014 17:11:51 Geplanter Prüfpunkt
25-02-2014 19:21:59 Geplanter Prüfpunkt
03-03-2014 06:17:50 Geplanter Prüfpunkt
14-03-2014 10:12:12 Geplanter Prüfpunkt
19-03-2014 17:34:35 Geplanter Prüfpunkt
29-04-2014 17:28:04 Geplanter Prüfpunkt
06-05-2014 17:06:54 Geplanter Prüfpunkt
15-05-2014 20:29:14 Geplanter Prüfpunkt
19-05-2014 17:11:43 Geplanter Prüfpunkt
22-05-2014 20:04:47 Geplanter Prüfpunkt
01-06-2014 14:30:39 Geplanter Prüfpunkt
04-06-2014 10:14:41 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1E14A5A3-F104-4344-9D42-1795BADC0687} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)
Task: {2D6C0954-2E17-4B6F-BB24-FF4731E04F2A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {856F9422-F39D-41C9-ACE1-C632E54EBEB9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)
Task: {A7202F29-CE92-40F4-BD57-58E21FD7F254} - System32\Tasks\{6D9B42A6-9A89-4A16-B4A6-D58A11A5BE75} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.114.259/de/abandoninstall?source=lightinstaller&page=tsBing
Task: {BD435F55-A8E7-4253-BEB5-1467339E24D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FA02C62A-F440-4BE7-B24B-88A95DD60786} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{158DDB20-B365-4628-993E-6DBF362FE748}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2009-10-25 21:29 - 2001-10-28 18:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-04-05 18:18 - 2013-04-05 18:05 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-04-06 16:45 - 2013-04-06 16:45 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6d2b0e45\mscorlib.dll
2013-04-06 16:45 - 2013-04-06 16:45 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_84aa44c9\system.dll
2013-04-06 16:45 - 2013-04-06 16:45 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_08158c44\system.windows.forms.dll
2013-04-06 16:45 - 2013-04-06 16:45 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_7ae0156b\system.xml.dll
2008-04-22 08:37 - 2007-04-19 12:11 - 00006656 _____ () c:\program files\medion\medionbox\program\structconverter.dll
2009-10-23 07:29 - 2009-04-11 08:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2008-04-22 08:30 - 2007-05-16 22:48 - 00421955 _____ () C:\Program Files\Sceneo\AbsolutTV\Services\PVR\tvtvRemote.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00329848 ____N () C:\Program Files\XSManager\WTGService.exe
2008-04-21 09:37 - 2007-09-01 14:03 - 00032768 _____ () C:\Program Files\Launch Manager\LaunchAp.exe
2007-10-30 19:52 - 2007-10-30 19:52 - 00016200 _____ () C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2011-10-05 04:52 - 2011-10-05 04:52 - 00756048 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-11-24 21:14 - 2013-05-06 15:45 - 01611896 ____N () C:\Program Files\XSManager\XSManager.exe
2013-11-24 21:14 - 2013-05-06 15:45 - 00018040 ____N () C:\Program Files\XSManager\WTGDebugs.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00399480 ____N () C:\Program Files\XSManager\WtgCore.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00049784 ____N () C:\Program Files\XSManager\WtgDriverInstall.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00231544 ____N () C:\Program Files\XSManager\WtgUtil.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00186488 ____N () C:\Program Files\XSManager\WtgDetection.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00092280 ____N () C:\Program Files\XSManager\WtgPorts.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00112760 ____N () C:\Program Files\XSManager\WtgDatabase.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00084088 ____N () C:\Program Files\XSManager\WtgDialup.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00145528 ____N () C:\Program Files\XSManager\WtgBluetooth.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00895096 ____N () C:\Program Files\XSManager\4GSystems_OneClickAssistantGer.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00604280 ____N () C:\Program Files\XSManager\WTGXMLUtil.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00202872 ____N () C:\Program Files\XSManager\WTGSMSPCClient.Dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00011896 ____N () C:\Program Files\XSManager\4GSystems_WTGSMSPCClientGer.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00018040 ____N () C:\Program Files\XSManager\WTGDriverInstallX.Dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00263288 ____N () C:\Program Files\XSManager\WtgMobileBroadband7.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00546936 ____N () C:\Program Files\XSManager\WtgNdisQmiUtil.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: CVPND => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk => C:\Windows\pss\VPN Client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Kathinka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: msnmsgr => "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/06/2014 07:10:58 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (06/06/2014 07:05:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 07:16:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 07:03:45 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy19,0xc0000000,0x00000003,...)". hr = 0x80070005.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (06/05/2014 06:55:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/04/2014 08:20:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/04/2014 08:11:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/04/2014 08:10:39 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (06/04/2014 08:03:29 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (06/04/2014 06:01:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/06/2014 07:26:00 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.
Error: (06/06/2014 07:25:53 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.
Error: (06/06/2014 07:05:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/05/2014 07:16:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/05/2014 07:06:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
Error: (06/05/2014 06:56:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058
Error: (06/05/2014 06:55:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/04/2014 08:21:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058
Error: (06/04/2014 08:20:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/04/2014 08:11:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: avipbb
avkmgr
Hotkey
spldr
ssmdrv
Wanarpv6
Microsoft Office Sessions:
=========================
Error: (05/25/2014 11:10:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3277 seconds with 3000 seconds of active time. This session ended with a crash.
Error: (04/14/2013 11:34:04 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash.
Error: (09/26/2010 06:29:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1344 seconds with 1080 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-04-05 21:24:58.292
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:57.980
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:57.652
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:57.340
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:56.966
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:56.654
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:56.326
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:56.014
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:55.624
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:55.312
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 3061.69 MB
Available physical RAM: 1595.73 MB
Total Pagefile: 6341.65 MB
Available Pagefile: 4872.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.97 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:207.5 GB) (Free:81.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:25.37 GB) (Free:12.93 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 4B64DFC2)
Partition 1: (Active) - (Size=207 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=25 GB) - (Type=OF Extended)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-06-06 21:07:11 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 232,89GB Running: q373ohiw.exe; Driver: C:\Users\Kathinka\AppData\Local\Temp\pfldapow.sys ---- System - GMER 2.1 ---- SSDT 8C926936 ZwCreateSection SSDT 8C926940 ZwRequestWaitReplyPort SSDT 8C92693B ZwSetContextThread SSDT 8C926945 ZwSetSecurityObject SSDT 8C92694A ZwSystemDebugControl SSDT 8C9268D7 ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 215 820AD8D8 4 Bytes [36, 69, 92, 8C] .text ntkrnlpa.exe!KeSetEvent + 539 820ADBFC 4 Bytes [40, 69, 92, 8C] .text ntkrnlpa.exe!KeSetEvent + 56D 820ADC30 4 Bytes [3B, 69, 92, 8C] .text ntkrnlpa.exe!KeSetEvent + 5D1 820ADC94 4 Bytes [45, 69, 92, 8C] .text ntkrnlpa.exe!KeSetEvent + 619 820ADCDC 4 Bytes [4A, 69, 92, 8C] .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Launch Manager\WButton.exe[1140] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 022F887E .text C:\Program Files\Launch Manager\WButton.exe[1140] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 022F8927 .text C:\Program Files\Launch Manager\WButton.exe[1140] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 022F8A78 .text C:\Program Files\Launch Manager\WButton.exe[1140] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 022F89CC .text C:\Program Files\Launch Manager\WButton.exe[1140] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 022F744E .text C:\Windows\RtHDVCpl.exe[1284] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 029C887E .text C:\Windows\RtHDVCpl.exe[1284] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 029C8927 .text C:\Windows\RtHDVCpl.exe[1284] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 029C8A78 .text C:\Windows\RtHDVCpl.exe[1284] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 029C89CC .text C:\Windows\RtHDVCpl.exe[1284] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 029C744E .text C:\Windows\System32\hkcmd.exe[1328] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 01BF887E .text C:\Windows\System32\hkcmd.exe[1328] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 01BF8927 .text C:\Windows\System32\hkcmd.exe[1328] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 01BF8A78 .text C:\Windows\System32\hkcmd.exe[1328] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 01BF89CC .text C:\Windows\System32\hkcmd.exe[1328] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 01BF744E .text C:\Program Files\Launch Manager\HotkeyApp.exe[1332] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 02FC887E .text C:\Program Files\Launch Manager\HotkeyApp.exe[1332] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02FC8927 .text C:\Program Files\Launch Manager\HotkeyApp.exe[1332] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02FC8A78 .text C:\Program Files\Launch Manager\HotkeyApp.exe[1332] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 02FC89CC .text C:\Program Files\Launch Manager\HotkeyApp.exe[1332] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 02FC744E .text C:\Windows\System32\igfxpers.exe[1344] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0235887E .text C:\Windows\System32\igfxpers.exe[1344] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02358927 .text C:\Windows\System32\igfxpers.exe[1344] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02358A78 .text C:\Windows\System32\igfxpers.exe[1344] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 023589CC .text C:\Windows\System32\igfxpers.exe[1344] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0235744E .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1408] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0207887E .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1408] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02078927 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1408] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02078A78 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1408] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 020789CC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1408] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0207744E .text C:\Program Files\Launch Manager\OSD.exe[1800] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 015A887E .text C:\Program Files\Launch Manager\OSD.exe[1800] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 015A8927 .text C:\Program Files\Launch Manager\OSD.exe[1800] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 015A8A78 .text C:\Program Files\Launch Manager\OSD.exe[1800] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 015A89CC .text C:\Program Files\Launch Manager\OSD.exe[1800] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 015A744E .text C:\Program Files\Launch Manager\LaunchAp.exe[1944] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 009F887E .text C:\Program Files\Launch Manager\LaunchAp.exe[1944] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 009F8927 .text C:\Program Files\Launch Manager\LaunchAp.exe[1944] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 009F8A78 .text C:\Program Files\Launch Manager\LaunchAp.exe[1944] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 009F89CC .text C:\Program Files\Launch Manager\LaunchAp.exe[1944] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 009F744E .text C:\Windows\Explorer.EXE[2092] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 054B887E .text C:\Windows\Explorer.EXE[2092] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 054B8927 .text C:\Windows\Explorer.EXE[2092] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 054B8A78 .text C:\Windows\Explorer.EXE[2092] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 054B89CC .text C:\Windows\Explorer.EXE[2092] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 054B744E .text C:\Windows\system32\taskeng.exe[2128] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 028E887E .text C:\Windows\system32\taskeng.exe[2128] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 028E8927 .text C:\Windows\system32\taskeng.exe[2128] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 028E8A78 .text C:\Windows\system32\taskeng.exe[2128] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 028E89CC .text C:\Windows\system32\taskeng.exe[2128] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 028E744E .text C:\Windows\V0330Mon.exe[2144] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0210887E .text C:\Windows\V0330Mon.exe[2144] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02108927 .text C:\Windows\V0330Mon.exe[2144] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02108A78 .text C:\Windows\V0330Mon.exe[2144] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 021089CC .text C:\Windows\V0330Mon.exe[2144] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0210744E .text C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe[2304] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 01AA887E .text C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe[2304] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 01AA8927 .text C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe[2304] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 01AA8A78 .text C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe[2304] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 01AA89CC .text C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe[2304] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 01AA744E .text C:\Windows\starter4g.exe[3196] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0190887E .text C:\Windows\starter4g.exe[3196] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 01908927 .text C:\Windows\starter4g.exe[3196] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 01908A78 .text C:\Windows\starter4g.exe[3196] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 019089CC .text C:\Windows\starter4g.exe[3196] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0190744E .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3332] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 01B9887E .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3332] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 01B98927 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3332] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 01B98A78 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3332] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 01B989CC .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3332] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 01B9744E .text C:\Windows\system32\wbem\unsecapp.exe[3400] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 01AD887E .text C:\Windows\system32\wbem\unsecapp.exe[3400] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 01AD8927 .text C:\Windows\system32\wbem\unsecapp.exe[3400] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 01AD8A78 .text C:\Windows\system32\wbem\unsecapp.exe[3400] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 01AD89CC .text C:\Windows\system32\wbem\unsecapp.exe[3400] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 01AD744E .text C:\Windows\ehome\ehtray.exe[3536] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 008F887E .text C:\Windows\ehome\ehtray.exe[3536] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 008F8927 .text C:\Windows\ehome\ehtray.exe[3536] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 008F8A78 .text C:\Windows\ehome\ehtray.exe[3536] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 008F89CC .text C:\Windows\ehome\ehtray.exe[3536] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 008F744E .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3556] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0232887E .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3556] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02328927 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3556] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02328A78 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3556] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 023289CC .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3556] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0232744E .text C:\Program Files\Windows Sidebar\sidebar.exe[3564] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 02BA887E .text C:\Program Files\Windows Sidebar\sidebar.exe[3564] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02BA8927 .text C:\Program Files\Windows Sidebar\sidebar.exe[3564] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02BA8A78 .text C:\Program Files\Windows Sidebar\sidebar.exe[3564] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 02BA89CC .text C:\Program Files\Windows Sidebar\sidebar.exe[3564] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 02BA744E .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3572] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0240887E .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3572] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02408927 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3572] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02408A78 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3572] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 024089CC .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3572] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0240744E .text C:\Windows\ehome\ehmsas.exe[3808] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 00D3887E .text C:\Windows\ehome\ehmsas.exe[3808] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 00D38927 .text C:\Windows\ehome\ehmsas.exe[3808] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 00D38A78 .text C:\Windows\ehome\ehmsas.exe[3808] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 00D389CC .text C:\Windows\ehome\ehmsas.exe[3808] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 00D3744E .text C:\Windows\system32\igfxsrvc.exe[3856] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0287887E .text C:\Windows\system32\igfxsrvc.exe[3856] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02878927 .text C:\Windows\system32\igfxsrvc.exe[3856] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02878A78 .text C:\Windows\system32\igfxsrvc.exe[3856] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 028789CC .text C:\Windows\system32\igfxsrvc.exe[3856] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0287744E ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@y!s!\24!r!s!`!\30!y!\24!\24!t!\30!c!y!s!d! 19583823 ---- EOF - GMER 2.1 ---- |
|
06.06.2014, 23:03
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Win Vista/ Avira geblockt, Onlinebanking geknackt Keine sensiblen Logins (paypal, ebay etc.) von diesem PC bis zum clean. Passwortänderungen von einem sauberen PC aus für selbige sehr empfehlenswert.  Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Schritt 1   Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
Du solltest jetzt wieder Zugriff auf Avira bekommen. Deaktiviere den Echtzeitscanner (siehe Bild) für den nächsten Schritt: Schritt 2 Scan mit Combofix
__________________ |
|
07.06.2014, 09:01
| #3 |
| | Win Vista/ Avira geblockt, Onlinebanking geknackt Hallo Jürgen,
__________________vielen Dank für Deine schnelle Antwort und die prompte Hilfe! hier kommt die fixlog Datei: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:06-06-2014
Ran by Kathinka at 2014-06-07 09:16:35 Run:1
Running from C:\Users\Kathinka\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
*****************
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
==== End of Fixlog ====
combofix: Code:
ATTFilter ComboFix 14-06-04.01 - Kathinka 07.06.2014 9:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3062.1924 [GMT 2:00]
ausgeführt von:: c:\users\Kathinka\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SecureW2
c:\program files\SecureW2\Uninstall.exe
c:\programdata\00etadpu.pad
c:\programdata\AvaviRfodo.dat
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\Kathinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-05-07 bis 2014-06-07 ))))))))))))))))))))))))))))))
.
.
2014-06-07 07:32 . 2014-06-07 07:34 -------- d-----w- c:\users\Kathinka\AppData\Local\temp
2014-06-07 07:32 . 2014-06-07 07:32 -------- d-----w- c:\users\Nils\AppData\Local\temp
2014-06-07 07:32 . 2014-06-07 07:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-07 07:32 . 2014-06-07 07:32 -------- d-----w- c:\users\Admin\AppData\Local\temp
2014-06-06 17:39 . 2014-06-07 07:16 -------- d-----w- C:\FRST
2014-06-05 17:23 . 2014-06-05 17:23 -------- d-----w- C:\test
2014-06-04 17:53 . 2014-06-04 17:55 -------- d-----w- c:\users\Admin\AppData\Roaming\XSManager
2014-06-04 16:09 . 2014-06-04 16:09 -------- d-----w- c:\users\Admin\AppData\Local\Mozilla
2014-06-04 16:00 . 2014-06-04 16:00 -------- d-----w- c:\users\Admin\AppData\Roaming\Avira
2014-06-04 15:38 . 2014-06-04 15:38 -------- d-----w- c:\users\Admin\AppData\Local\Adobe
2014-05-13 17:53 . 2014-05-14 17:00 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-07 07:12 . 2013-04-05 16:18 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-06-07 07:12 . 2013-04-05 16:18 93528 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2007-03-12 17:59 . 2007-03-12 17:59 299008 ----a-w- c:\program files\navigram_register.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-04 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0330Ext.ax"="c:\windows\system32\V0330Ext.ax" [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-01 6025216]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 16200]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-06-07 737872]
"starter4g"="c:\windows\starter4g.exe" [2010-04-30 160424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Kathinka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Kathinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 10:55 5674352 ----a-w- c:\progra~1\MSNMES~1\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3867355369-645538684-1367898025-1003]
"EnableNotificationsRef"=dword:00000003
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 06:02]
.
2014-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 06:02]
.
2014-06-07 c:\windows\Tasks\User_Feed_Synchronization-{158DDB20-B365-4628-993E-6DBF362FE748}.job
- c:\windows\system32\msfeedssync.exe [2012-04-10 15:28]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {{9FB232C5-6909-4F81-99B4-BAB4998940F2}
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.de/ips-opdata/uploadClients/fuji/jordan.cab
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\Kathinka\AppData\Roaming\Mozilla\Firefox\Profiles\ajvq10vs.default\
FF - prefs.js: browser.startup.homepage - hxxp://login.rz.ruhr-uni-bochum.de/login.html
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AvaviRfodo - c:\programdata\AvaviRfodo.dat
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-toolbar_eula_launcher - c:\program files\GoogleEULA\EULALauncher.exe
HKLM-Run-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe
AddRemove-Benutzerhandbuch für Creative WebCam Vista German - c:\windows\IsUn0407.exe
AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-06-07 09:34
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2014-06-07 09:36:50
ComboFix-quarantined-files.txt 2014-06-07 07:36
.
Vor Suchlauf: 10 Verzeichnis(se), 89.147.420.672 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 89.523.777.536 Bytes frei
.
- - End Of File - - 440DD0A2C0D675CDAE4D5CFE61E09C98
5C616939100B85E558DA92B899A0FC36
Vielen Dank schon mal soweit!!! |
|
07.06.2014, 09:43
| #4 | |
| /// TB-Ausbilder /// Anleitungs-Guru | Win Vista/ Avira geblockt, Onlinebanking geknacktZitat:
 Machen wir erstmal so weiter: Schritt 1  Malwarebytes Antimalware
Schritt 2 ESET Online Scanner
Schritt 3  Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan. Bitte poste mir die beiden Logs.
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
09.06.2014, 12:21
| #5 |
| | Win Vista/ Avira geblockt, Onlinebanking geknackt Hallo Jürgen, ...weiter gehts  Mbam hat keinen Fund gemeldet: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 09.06.2014 Suchlauf-Zeit: 10:03:46 Logdatei: Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.09.02 Rootkit Datenbank: v2014.06.02.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: Kathinka Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 344809 Verstrichene Zeit: 33 Min, 59 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=169d11cdda996b499647c513bcb1f5ec
# engine=18627
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-09 10:53:44
# local_time=2014-06-09 12:53:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 11247 146863402 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 226584 239843952 0 0
# scanned=200680
# found=1
# cleaned=0
# scan_time=5592
sh=9967EB41E6EB86F937692B4839DFF17A6EE72E05 ft=1 fh=7d9afe70c2a426a6 vn="Win32/PSW.Papras.DC Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\AvaviRfodo.dat.vir"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-06-2014 01 Ran by Kathinka (administrator) on UNI-PC on 09-06-2014 13:01:50 Running from C:\Users\Kathinka\Downloads Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Empolis GmbH) C:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe () C:\Windows\System32\PSIService.exe (Buhl Data Service GmbH) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE () C:\Program Files\XSManager\WTGService.exe (4G Systems GmbH & Co. KG) C:\Windows\service4g.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe () C:\Program Files\Launch Manager\LaunchAp.exe (Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron) C:\Program Files\Launch Manager\WButton.exe (Creative Technology Ltd.) C:\Windows\V0330Mon.exe () C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6025216 2008-04-01] (Realtek Semiconductor) HKLM\...\Run: [LaunchAp] => C:\Program Files\Launch Manager\LaunchAp.exe [32768 2007-09-01] () HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [188416 2007-09-06] (Wistron) HKLM\...\Run: [LMgrOSD] => C:\Program Files\Launch Manager\OSD.exe [180224 2006-12-26] (Wistron Corp.) HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [86016 2007-09-07] (Wistron) HKLM\...\Run: [V0330Mon.exe] => C:\Windows\V0330Mon.exe [32768 2007-04-30] (Creative Technology Ltd.) HKLM\...\Run: [Corel File Shell Monitor] => C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16200 2007-10-30] () HKLM\...\Run: [C:\Windows\system32\V0330Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0330Ext.ax HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-03] (CANON INC.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-07] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [starter4g] => C:\Windows\starter4g.exe [160424 2010-04-30] (4G Systems GmbH & Co. KG) HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-03-04] (Google Inc.) HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG) HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3867355369-645538684-1367898025-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3867355369-645538684-1367898025-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-03-04] (Google Inc.) HKU\S-1-5-21-3867355369-645538684-1367898025-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG) HKU\S-1-5-21-3867355369-645538684-1367898025-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3867355369-645538684-1367898025-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3867355369-645538684-1367898025-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-03-04] (Google Inc.) HKU\S-1-5-21-3867355369-645538684-1367898025-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.) HKU\S-1-5-21-3867355369-645538684-1367898025-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3867355369-645538684-1367898025-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG) HKU\S-1-5-21-3867355369-645538684-1367898025-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c9230ada-7dcc-11dd-bdcc-000ae4ce131d} - 2u.com ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.de/ips-opdata/uploadClients/fuji/jordan.cab DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Kathinka\AppData\Roaming\Mozilla\Firefox\Profiles\ajvq10vs.default FF Homepage: hxxp://login.rz.ruhr-uni-bochum.de/login.html FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @MagellanGPS.com/CommunicationPlugin - C:\Program Files\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: Microsoft .NET Framework Assistant - C:\Users\Kathinka\AppData\Roaming\Mozilla\Firefox\Profiles\ajvq10vs.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-01-17] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] ========================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-07] (Avira Operations GmbH & Co. KG) S4 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-08-29] (Cisco Systems, Inc.) S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed] R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-19] (Empolis GmbH) [File not signed] S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] () R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] () R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1801216 2008-02-28] (Buhl Data Service GmbH) [File not signed] R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2006-06-14] (Ulead Systems, Inc.) [File not signed] S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2007-09-11] (Wistron Corp.) [File not signed] R2 WTGService; C:\Program Files\XSManager\WTGService.exe [329848 2013-05-06] () R2 XS Stick Service; C:\Windows\service4g.exe [145064 2010-04-30] (4G Systems GmbH & Co. KG) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-23] (Avira Operations GmbH & Co. KG) S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2013-11-24] (Mobile Connector) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) [File not signed] R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-08-29] (Cisco Systems, Inc.) [File not signed] R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.) R1 Hotkey; C:\Windows\system32\Drivers\Hotkey.sys [9867 2003-04-28] () [File not signed] R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210736 2007-06-01] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.) R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-05] (Avira GmbH) S3 V0330VID; C:\Windows\System32\DRIVERS\V0330Vid.sys [157696 2007-08-08] (Creative Technology Ltd.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\Users\Kathinka\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-09 13:01 - 2014-06-09 13:01 - 00000000 ____D () C:\Users\Kathinka\Downloads\FRST-OlderVersion 2014-06-09 10:56 - 2014-06-09 10:56 - 00000000 ____D () C:\Program Files\ESET 2014-06-09 10:54 - 2014-06-09 10:55 - 02347384 _____ (ESET) C:\Users\Kathinka\Desktop\esetsmartinstaller_deu.exe 2014-06-09 09:56 - 2014-06-09 10:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-09 09:56 - 2014-06-09 09:56 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-09 09:56 - 2014-06-09 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-09 09:56 - 2014-06-09 09:56 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-09 09:56 - 2014-06-09 09:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-06-09 09:56 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-09 09:56 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-09 09:56 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-09 09:46 - 2014-06-09 09:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kathinka\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-07 09:36 - 2014-06-07 09:36 - 00009408 _____ () C:\ComboFix.txt 2014-06-07 09:36 - 2014-06-07 09:36 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-07 09:36 - 2014-06-07 09:36 - 00000000 ____D () C:\Users\Nils\AppData\Local\temp 2014-06-07 09:36 - 2014-06-07 09:36 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-07 09:36 - 2014-06-07 09:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-07 09:36 - 2014-06-07 09:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp 2014-06-07 09:36 - 2014-06-07 09:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\temp 2014-06-07 09:32 - 2014-06-09 13:02 - 00000000 ____D () C:\Users\Kathinka\AppData\Local\temp 2014-06-07 09:22 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-06-07 09:22 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-06-07 09:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-06-07 09:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-06-07 09:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-06-07 09:22 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-06-07 09:22 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-06-07 09:22 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-06-07 09:21 - 2014-06-07 09:36 - 00000000 ____D () C:\Qoobox 2014-06-07 09:21 - 2014-06-07 09:36 - 00000000 ____D () C:\ComboFix 2014-06-07 09:21 - 2014-06-07 09:35 - 00000000 ____D () C:\Windows\erdnt 2014-06-07 09:18 - 2014-06-07 09:18 - 05205146 ____R (Swearware) C:\Users\Kathinka\Downloads\ComboFix.exe 2014-06-06 21:07 - 2014-06-06 21:07 - 00019781 _____ () C:\Users\Kathinka\Desktop\gmer.log 2014-06-06 20:34 - 2014-06-06 20:34 - 00138968 _____ () C:\Windows\Minidump\Mini060614-01.dmp 2014-06-06 20:34 - 2014-06-06 20:34 - 00000000 ____D () C:\Windows\Minidump 2014-06-06 20:33 - 2014-06-06 20:33 - 304437492 _____ () C:\Windows\MEMORY.DMP 2014-06-06 19:44 - 2014-06-06 19:44 - 00380416 _____ () C:\Users\Kathinka\Downloads\q373ohiw.exe 2014-06-06 19:43 - 2014-06-06 19:43 - 00034805 _____ () C:\Users\Kathinka\Desktop\Addition.txt 2014-06-06 19:43 - 2014-06-06 19:43 - 00024190 _____ () C:\Users\Kathinka\Desktop\FRST.txt 2014-06-06 19:40 - 2014-06-09 13:02 - 00017375 _____ () C:\Users\Kathinka\Downloads\FRST.txt 2014-06-06 19:40 - 2014-06-06 19:42 - 00034805 _____ () C:\Users\Kathinka\Downloads\Addition.txt 2014-06-06 19:39 - 2014-06-09 13:01 - 01072128 _____ (Farbar) C:\Users\Kathinka\Downloads\FRST.exe 2014-06-06 19:39 - 2014-06-09 13:01 - 00000000 ____D () C:\FRST 2014-06-06 19:36 - 2014-06-06 19:36 - 00050477 _____ () C:\Users\Kathinka\Downloads\Defogger.exe 2014-06-06 19:36 - 2014-06-06 19:36 - 00000000 _____ () C:\Users\Kathinka\defogger_reenable 2014-06-05 19:23 - 2014-06-05 19:23 - 00000000 ____D () C:\test 2014-06-04 19:53 - 2014-06-04 19:55 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\XSManager 2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla 2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla 2014-06-04 18:00 - 2014-06-04 18:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Avira 2014-06-04 17:38 - 2014-06-04 17:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe 2014-06-04 17:38 - 2014-06-04 17:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2014-05-30 09:01 - 2014-05-30 09:01 - 02570453 _____ () C:\Users\Kathinka\Desktop\Documents\nils.pptx 2014-05-13 19:53 - 2014-05-14 19:00 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird ==================== One Month Modified Files and Folders ======= 2014-06-09 13:02 - 2014-06-07 09:32 - 00000000 ____D () C:\Users\Kathinka\AppData\Local\temp 2014-06-09 13:02 - 2014-06-06 19:40 - 00017375 _____ () C:\Users\Kathinka\Downloads\FRST.txt 2014-06-09 13:02 - 2010-02-03 08:02 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-09 13:01 - 2014-06-09 13:01 - 00000000 ____D () C:\Users\Kathinka\Downloads\FRST-OlderVersion 2014-06-09 13:01 - 2014-06-06 19:39 - 01072128 _____ (Farbar) C:\Users\Kathinka\Downloads\FRST.exe 2014-06-09 13:01 - 2014-06-06 19:39 - 00000000 ____D () C:\FRST 2014-06-09 13:00 - 2009-08-15 22:58 - 00000394 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{158DDB20-B365-4628-993E-6DBF362FE748}.job 2014-06-09 12:56 - 2008-04-21 14:44 - 00002631 _____ () C:\Users\Kathinka\Desktop\Microsoft Office Word 2007.lnk 2014-06-09 11:40 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-09 11:40 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-09 11:05 - 2009-01-05 19:17 - 00000432 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-06-09 11:05 - 2008-08-07 08:33 - 01482862 _____ () C:\Windows\WindowsUpdate.log 2014-06-09 10:56 - 2014-06-09 10:56 - 00000000 ____D () C:\Program Files\ESET 2014-06-09 10:55 - 2014-06-09 10:54 - 02347384 _____ (ESET) C:\Users\Kathinka\Desktop\esetsmartinstaller_deu.exe 2014-06-09 10:08 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\tracing 2014-06-09 10:03 - 2014-06-09 09:56 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-09 09:56 - 2014-06-09 09:56 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-09 09:56 - 2014-06-09 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-09 09:56 - 2014-06-09 09:56 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-09 09:56 - 2014-06-09 09:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-06-09 09:53 - 2014-06-09 09:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kathinka\Downloads\mbam-setup-2.0.2.1012.exe 2014-06-09 09:45 - 2008-01-21 09:16 - 01541724 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-09 09:40 - 2010-02-03 08:02 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-09 09:40 - 2009-01-12 16:17 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-06-09 09:40 - 2008-01-21 04:47 - 00069898 _____ () C:\Windows\PFRO.log 2014-06-09 09:40 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-07 10:29 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-07 09:50 - 2008-08-07 09:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-07 09:36 - 2014-06-07 09:36 - 00009408 _____ () C:\ComboFix.txt 2014-06-07 09:36 - 2014-06-07 09:36 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-07 09:36 - 2014-06-07 09:36 - 00000000 ____D () C:\Users\Nils\AppData\Local\temp 2014-06-07 09:36 - 2014-06-07 09:36 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-07 09:36 - 2014-06-07 09:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-07 09:36 - 2014-06-07 09:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp 2014-06-07 09:36 - 2014-06-07 09:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\temp 2014-06-07 09:36 - 2014-06-07 09:21 - 00000000 ____D () C:\Qoobox 2014-06-07 09:36 - 2014-06-07 09:21 - 00000000 ____D () C:\ComboFix 2014-06-07 09:36 - 2009-01-13 22:58 - 00000000 ____D () C:\Users\Administrator 2014-06-07 09:36 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default 2014-06-07 09:36 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public 2014-06-07 09:35 - 2014-06-07 09:21 - 00000000 ____D () C:\Windows\erdnt 2014-06-07 09:34 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini 2014-06-07 09:18 - 2014-06-07 09:18 - 05205146 ____R (Swearware) C:\Users\Kathinka\Downloads\ComboFix.exe 2014-06-07 09:12 - 2013-04-05 18:18 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-06-07 09:12 - 2013-04-05 18:18 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-06-06 21:07 - 2014-06-06 21:07 - 00019781 _____ () C:\Users\Kathinka\Desktop\gmer.log 2014-06-06 20:36 - 2008-08-07 08:38 - 00000948 _____ () C:\Users\Kathinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-06-06 20:34 - 2014-06-06 20:34 - 00138968 _____ () C:\Windows\Minidump\Mini060614-01.dmp 2014-06-06 20:34 - 2014-06-06 20:34 - 00000000 ____D () C:\Windows\Minidump 2014-06-06 20:33 - 2014-06-06 20:33 - 304437492 _____ () C:\Windows\MEMORY.DMP 2014-06-06 19:44 - 2014-06-06 19:44 - 00380416 _____ () C:\Users\Kathinka\Downloads\q373ohiw.exe 2014-06-06 19:43 - 2014-06-06 19:43 - 00034805 _____ () C:\Users\Kathinka\Desktop\Addition.txt 2014-06-06 19:43 - 2014-06-06 19:43 - 00024190 _____ () C:\Users\Kathinka\Desktop\FRST.txt 2014-06-06 19:42 - 2014-06-06 19:40 - 00034805 _____ () C:\Users\Kathinka\Downloads\Addition.txt 2014-06-06 19:36 - 2014-06-06 19:36 - 00050477 _____ () C:\Users\Kathinka\Downloads\Defogger.exe 2014-06-06 19:36 - 2014-06-06 19:36 - 00000000 _____ () C:\Users\Kathinka\defogger_reenable 2014-06-06 19:36 - 2008-08-07 08:38 - 00000000 ____D () C:\Users\Kathinka 2014-06-05 19:23 - 2014-06-05 19:23 - 00000000 ____D () C:\test 2014-06-04 19:55 - 2014-06-04 19:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\XSManager 2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla 2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla 2014-06-04 18:00 - 2014-06-04 18:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Avira 2014-06-04 17:38 - 2014-06-04 17:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe 2014-06-04 17:38 - 2014-06-04 17:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2014-06-04 17:38 - 2009-01-05 18:45 - 00104568 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-04 17:38 - 2009-01-05 18:45 - 00000953 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-04 17:38 - 2009-01-05 18:45 - 00000919 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2014-06-04 17:15 - 2012-06-21 17:38 - 00000000 ____D () C:\Users\Kathinka\Desktop\Documents\Kostenrechner 2014-06-04 10:47 - 2008-08-11 20:25 - 00104568 _____ () C:\Users\Nils\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-04 10:46 - 2009-08-15 22:58 - 00000953 _____ () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-04 10:44 - 2011-01-30 17:09 - 00000000 ____D () C:\Users\Kathinka\Desktop\Documents\Steuerfälle 2014-06-04 10:44 - 2009-04-05 18:32 - 00000000 ____D () C:\Users\Kathinka\Desktop\Documents\Förmliches 2014-06-04 10:44 - 2008-08-07 14:43 - 00000000 ____D () C:\Users\Kathinka\Desktop\Documents\Bio 2014-05-30 09:01 - 2014-05-30 09:01 - 02570453 _____ () C:\Users\Kathinka\Desktop\Documents\nils.pptx 2014-05-22 18:31 - 2012-02-14 16:35 - 00000682 _____ () C:\Users\Kathinka\Desktop\Documents\OuProxy.log 2014-05-17 10:38 - 2010-02-08 12:16 - 00000000 ____D () C:\SECentral 2014-05-14 22:23 - 2013-08-19 16:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-14 19:00 - 2014-05-13 19:53 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-05-12 07:26 - 2014-06-09 09:56 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-06-09 09:56 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:25 - 2014-06-09 09:56 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Some content of TEMP: ==================== C:\Users\Kathinka\AppData\Local\temp\avgnt.exe C:\Users\Kathinka\AppData\Local\temp\catchme.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-09 09:46 ==================== End Of Log ============================ --- --- --- und addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-06-2014 01
Ran by Kathinka at 2014-06-09 13:02:52
Running from C:\Users\Kathinka\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
3531-W-D (HKLM\...\{BD1587F7-B8D0-4111-8F1F-3327628AB02F}) (Version: 1.5.18 - Silicon Image)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2 - Adobe Systems, Inc) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.62 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81200000003}_Adobe Reader 8.1.2 - Deutsch) (Version: - )
Adobe Shockwave Player 11 (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version: - )
Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version: - )
Canon MP240 series Benutzerregistrierung (HKLM\...\Canon MP240 series Benutzerregistrierung) (Version: - )
Canon MP240 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
Cisco Systems VPN Client 5.0.04.0300 (HKLM\...\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}) (Version: 5.0.4 - Cisco Systems, Inc.)
Clone Manager 7 (HKLM\...\Clone Manager 7) (Version: - )
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel MediaOne (HKLM\...\{A062A15F-9CAC-4B88-98DF-87628A0BD721}) (Version: 2.00.0000 - Corel Corporation)
Corel Paint Shop Pro Photo X2 (HKLM\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.010.0000 - Corel Corporation)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang BR (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang ES (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang FR (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang IT (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang NL (Version: 14.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version: - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (Version: 1.0 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version: - Corel Corporation)
Creative Live! Cam Center (HKLM\...\Creative Live! Cam Center) (Version: - )
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: - )
Creative Systeminformationen (HKLM\...\SysInfo) (Version: - )
Creative WebCam Vista/Live! Cam Chat Driver (1.11.01.00) (HKLM\...\Creative VF0330) (Version: - )
DC++ 0.674 (HKLM\...\DC++) (Version: 0.674 - Jacek Sieka)
dm Digi Foto (HKLM\...\dm Digi Foto) (Version: 2.3.0.93 - Imaxel Lab S.L)
EndNote 9 (HKLM\...\{33CE9398-8C1A-11D9-8BDE-F66BAD1E3F3A}) (Version: 9.0.0.1425 - Thomson ResearchSoft)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Firebird SQL Server - MAGIX Edition (HKLM\...\Firebird SQL Server D) (Version: 2.0.1.8 - MAGIX AG)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Heidi Klum Butterfly MousePointer (HKLM\...\Heidi Klum Butterfly MousePointer) (Version: - )
Inkjet Printer/Scanner Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.385 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0-B9.385 - InterVideo Inc.) Hidden
ISI ResearchSoft - Export Helper (HKLM\...\ISI ResearchSoft - Export Helper) (Version: - )
Java(TM) 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Launch Manager V1.4.9 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.4.9 - Wistron Corp.)
Letstrade (HKLM\...\{E0091C29-DEE8-4B24-BF65-8C35B5940D77}) (Version: 1.00.0000 - Buhl Data Service)
Magellan Communicator (HKLM\...\InstallShield_{0FD5FD0B-4BA6-47A1-99C3-F8A964C3CCA5}) (Version: 1.15.020 - Magellan Navigation, Inc.)
Magellan Communicator (Version: 1.15.020 - Magellan Navigation, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MEDION Fotos auf CD Nord (HKLM\...\MEDION Fotos auf CD Nord D) (Version: 6.0.2.0 - MAGIX AG)
Medion Media Center 0 (Version: 1.0.12.0 - Medion) Hidden
MEDIONbox (HKLM\...\{27FDF949-69CE-435A-8372-339F72336AC5}) (Version: 1.09.0000.00052 - Medion)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2742597) (HKLM\...\M2742597) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Move Networks Media Player for Internet Explorer (HKLM\...\Move Networks Player - IE) (Version: - )
Mozilla Firefox (3.0.7) (HKLM\...\Mozilla Firefox (3.0.7)) (Version: 3.0.7 (de) - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{47948554-90C6-4AAC-8CFA-D23CE11C1031}) (Version: 8.3.124 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.8 - Frank Heindörfer, Philip Chinery)
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Ralink Wireless LAN (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.00.0000 - RaLink)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5595 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Sceneo AbsolutTV (HKLM\...\{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}) (Version: - )
Skype™ 5.10 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.114 - Skype Technologies S.A.)
Steuer-Software 2011 (HKLM\...\{923BC9EF-A7FC-4E6D-8056-F1534DFCE530}) (Version: 16.14 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Software 2012 (HKLM\...\{F19178B7-F232-4E97-8511-E4D37A339E9C}) (Version: 17.07 - Wolters Kluwer Deutschland GmbH)
Steuer-Software 2014 (HKLM\...\{77D53A25-9700-42C7-8305-8E469FEBEE30}) (Version: 19.09.86 - Akademische Arbeitsgemeinschaft)
Ulead DVD MovieFactory 5 (HKLM\...\{FF164702-AF8B-4F2F-8038-74A4C536866B}) (Version: 5.3 - Ulead Systems, Inc.)
Ulead PhotoImpact 12 (HKLM\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Live ID-Anmelde-Assistent (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
XSManager (HKLM\...\XSManager) (Version: 3.2 - XSManager)
==================== Restore Points =========================
11-01-2014 19:11:24 Geplanter Prüfpunkt
10-02-2014 17:11:51 Geplanter Prüfpunkt
25-02-2014 19:21:59 Geplanter Prüfpunkt
03-03-2014 06:17:50 Geplanter Prüfpunkt
14-03-2014 10:12:12 Geplanter Prüfpunkt
19-03-2014 17:34:35 Geplanter Prüfpunkt
29-04-2014 17:28:04 Geplanter Prüfpunkt
06-05-2014 17:06:54 Geplanter Prüfpunkt
15-05-2014 20:29:14 Geplanter Prüfpunkt
19-05-2014 17:11:43 Geplanter Prüfpunkt
22-05-2014 20:04:47 Geplanter Prüfpunkt
01-06-2014 14:30:39 Geplanter Prüfpunkt
04-06-2014 10:14:41 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2006-11-02 12:23 - 2014-06-07 09:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1E14A5A3-F104-4344-9D42-1795BADC0687} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)
Task: {2D6C0954-2E17-4B6F-BB24-FF4731E04F2A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {5E26E14C-EFA0-48E3-A328-C7B290EEC659} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {856F9422-F39D-41C9-ACE1-C632E54EBEB9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)
Task: {A7202F29-CE92-40F4-BD57-58E21FD7F254} - System32\Tasks\{6D9B42A6-9A89-4A16-B4A6-D58A11A5BE75} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.114.259/de/abandoninstall?source=lightinstaller&page=tsBing
Task: {BD435F55-A8E7-4253-BEB5-1467339E24D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{158DDB20-B365-4628-993E-6DBF362FE748}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2009-10-25 21:29 - 2001-10-28 18:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-04-06 16:45 - 2013-04-06 16:45 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6d2b0e45\mscorlib.dll
2013-04-06 16:45 - 2013-04-06 16:45 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_84aa44c9\system.dll
2013-04-06 16:45 - 2013-04-06 16:45 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_08158c44\system.windows.forms.dll
2013-04-06 16:45 - 2013-04-06 16:45 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_7ae0156b\system.xml.dll
2008-04-22 08:37 - 2007-04-19 12:11 - 00006656 _____ () c:\program files\medion\medionbox\program\structconverter.dll
2009-10-23 07:29 - 2009-04-11 08:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2008-04-22 08:30 - 2007-05-16 22:48 - 00421955 _____ () C:\Program Files\Sceneo\AbsolutTV\Services\PVR\tvtvRemote.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00329848 ____N () C:\Program Files\XSManager\WTGService.exe
2008-04-21 09:37 - 2007-09-01 14:03 - 00032768 _____ () C:\Program Files\Launch Manager\LaunchAp.exe
2007-10-30 19:52 - 2007-10-30 19:52 - 00016200 _____ () C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2011-10-05 04:52 - 2011-10-05 04:52 - 00756048 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: CVPND => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk => C:\Windows\pss\VPN Client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Kathinka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: msnmsgr => "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/09/2014 09:40:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/07/2014 09:49:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung XSManager.exe, Version 0.0.0.0, Zeitstempel 0x5167e4a4, fehlerhaftes Modul MSVCR80.dll, Version 8.0.50727.6195, Zeitstempel 0x4dcddbf3, Ausnahmecode 0x40000015, Fehleroffset 0x000046b4,
Prozess-ID 0x1124, Anwendungsstartzeit XSManager.exe0.
Error: (06/07/2014 09:06:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/06/2014 08:35:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/06/2014 08:02:08 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (06/06/2014 07:10:58 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (06/06/2014 07:05:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 07:16:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 07:03:45 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy19,0xc0000000,0x00000003,...)". hr = 0x80070005.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (06/05/2014 06:55:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/09/2014 11:05:54 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.178.22 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error: (06/09/2014 10:42:12 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.178.22 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error: (06/09/2014 09:41:57 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.
Error: (06/09/2014 09:41:54 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.178.22 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error: (06/09/2014 09:41:53 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.
Error: (06/09/2014 09:40:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/07/2014 09:34:15 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (06/07/2014 09:29:16 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (06/07/2014 09:24:55 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (06/07/2014 09:08:36 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.
Microsoft Office Sessions:
=========================
Error: (05/25/2014 11:10:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3277 seconds with 3000 seconds of active time. This session ended with a crash.
Error: (04/14/2013 11:34:04 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash.
Error: (09/26/2010 06:29:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1344 seconds with 1080 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-06-09 13:02:45.460
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-09 13:02:45.054
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-09 13:02:44.680
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-09 13:02:44.321
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-09 13:02:43.947
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-09 13:02:43.526
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-09 13:02:43.089
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-09 13:02:42.714
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-09 13:02:42.122
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-09 13:02:41.685
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 49%
Total physical RAM: 3061.69 MB
Available physical RAM: 1550.75 MB
Total Pagefile: 6343.65 MB
Available Pagefile: 4947.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.25 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:207.5 GB) (Free:82.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:25.37 GB) (Free:12.93 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 4B64DFC2)
Partition 1: (Active) - (Size=207 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=25 GB) - (Type=OF Extended)
==================== End Of Log ============================
Herzliche Grüße aus dem brütend heißen Hessen! |
|
09.06.2014, 17:22
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru | Win Vista/ Avira geblockt, Onlinebanking geknackt Gute Arbeit! Wir sind praktisch fertig. Einige Anmerkungen habe ich noch. Bitte deinstalliere dringend veraltete Software. Konkret: Java: Dein Java(TM) 6 Update 5 deinstallieren. Weiter unten bei den Tipps ist der Link zum Java-Update. Ebenso muss Flash aktualisiert werden: Dazu mit dem Internetexplorer den Link zu Flash anklicken und den neuesten Flashplayer installieren. (Optionales Angebot ablehnen) Mozilla Firefox (3.0.7): Deinstallieren. Download-Link der aktuellen Version auch bei den Tipps. Defogger: Falls benutzt worden, Defogger nochmal starten und auf re-enable klicken. Anschließend: Schritt 1  Combofix-Deinstallation.
 Gibts jetzt noch Probleme mit Deinem Rechner? Oder hast Du noch Fragen? NEIN? Alle Logs gepostet? Ja! Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. >>clean<< Wir haben es geschafft! Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. Epilog: Tipps, Dos & Don'ts Aktualität von System und SoftwareDas Betriebsystem  Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die  automatischen Updates aktiviert sind.Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für die Browser  , Java  , Flash-Player  und PDF-Reader  , denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine infizierte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox  einsetzen, für welchen es zwei nützliche Addons als Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschließend noch ein paar grundsätzliche Bemerkungen:
__________________ --> Win Vista/ Avira geblockt, Onlinebanking geknackt Geändert von deeprybka (09.06.2014 um 17:47 Uhr) |
|
10.06.2014, 19:09
| #7 |
| | Win Vista/ Avira geblockt, Onlinebanking geknackt Lieber Jürgen, vielen Dank für Deine Hilfe!! |
|
10.06.2014, 19:10
| #8 |
| /// TB-Ausbilder /// Anleitungs-Guru | Win Vista/ Avira geblockt, Onlinebanking geknacktGerne! Alles Gute!
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
| Themen zu Win Vista/ Avira geblockt, Onlinebanking geknackt |
| antivirus, association, avira, canon, desktop, downloader, ebanking, excel, fehlermeldung, firefox, flash player, google, home, homepage, iexplore.exe, launch, mozilla, programm, realtek, registry, rundll, security, services.exe, software, starten, stick, svchost.exe, vista, windows |
Avast! Free Antivirus
Firewall. Die in Windows integrierte genügt im Normalfall völlig.
NoScript
Adblock Plus
Linear-Darstellung
