| |
| |||||||
Log-Analyse und Auswertung: Win Vista/ Avira geblockt, Onlinebanking geknacktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.06.2014, 20:51
| #1 |
| |  Win Vista/ Avira geblockt, Onlinebanking geknackt Liebes Team vom Trojaner-Board, auch ich habe mir einen Trojaner eingefangen, der hier schon von einigen anderen beschrieben wurde: - Ich wurde von der Sparkasse informiert, dass ich einen Trojaner auf meinem Rechner haben muss und dass mein Onlinebanking gesperrt wurde; nähere Infos habe ich nicht erhalten. - Habe daraufhin bemerkt, dass mein Avira (free antivirus) nicht mehr automatisch startet und dass ich es nicht mehr öffnen kann: es erscheint die Fehlermeldung „dieses Programm wurde durch eine Gruppenrichtlinie geblockt. Weitere Informationen erhalten Sie vom Systemadministrator. - Nutze Windows Vista Home Premium Es wäre klasse, wenn ihr mir helfen könntet, diesen Trojaner wieder loszuwerden. Bin leider in solchen PC-Fragen nicht erfahren… Beim gmer-scan kam immer wieder die Fehlermeldung hoch, dass ich einen Datenträger in Laufwerk \device\harddisk1\DR1 einlegen soll. Hoffe, die Datei hilft trotzdem weiter. VIELEN DANK! FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014 Ran by Kathinka (administrator) on UNI-PC on 06-06-2014 19:40:11 Running from C:\Users\Kathinka\Downloads Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Empolis GmbH) C:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe () C:\Windows\System32\PSIService.exe (Buhl Data Service GmbH) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE () C:\Program Files\XSManager\WTGService.exe (4G Systems GmbH & Co. KG) C:\Windows\service4g.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe () C:\Program Files\Launch Manager\LaunchAp.exe (Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe (Wistron) C:\Program Files\Launch Manager\WButton.exe (Creative Technology Ltd.) C:\Windows\V0330Mon.exe () C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE () C:\Program Files\XSManager\XSManager.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6025216 2008-04-01] (Realtek Semiconductor) HKLM\...\Run: [LaunchAp] => C:\Program Files\Launch Manager\LaunchAp.exe [32768 2007-09-01] () HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [188416 2007-09-06] (Wistron) HKLM\...\Run: [CtrlVol] => "C:\Program Files\Launch Manager\CtrlVol.exe" HKLM\...\Run: [LMgrOSD] => C:\Program Files\Launch Manager\OSD.exe [180224 2006-12-26] (Wistron Corp.) HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [86016 2007-09-07] (Wistron) HKLM\...\Run: [toolbar_eula_launcher] => C:\Program Files\GoogleEULA\EULALauncher.exe HKLM\...\Run: [V0330Mon.exe] => C:\Windows\V0330Mon.exe [32768 2007-04-30] (Creative Technology Ltd.) HKLM\...\Run: [Corel Photo Downloader] => "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup HKLM\...\Run: [Corel File Shell Monitor] => C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16200 2007-10-30] () HKLM\...\Run: [C:\Windows\system32\V0330Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0330Ext.ax HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-03] (CANON INC.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-24] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [starter4g] => C:\Windows\starter4g.exe [160424 2010-04-30] (4G Systems GmbH & Co. KG) HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-03-04] (Google Inc.) HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG) HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [AvaviRfodo] => regsvr32.exe "C:\ProgramData\AvaviRfodo.dat" HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\MountPoints2: {111c54ff-6441-11dd-8d1b-806e6f6e6963} - F:\start.exe HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\MountPoints2: {25dd7336-7595-11e1-ac80-000ae4ce131d} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\start.html ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.de/ips-opdata/uploadClients/fuji/jordan.cab DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\..\Interfaces\{6DC217A0-369C-408F-AAB1-EF67936B3CD0}: [NameServer]193.189.244.206 193.189.244.225 FireFox: ======== FF ProfilePath: C:\Users\Kathinka\AppData\Roaming\Mozilla\Firefox\Profiles\ajvq10vs.default FF Homepage: hxxp://login.rz.ruhr-uni-bochum.de/login.html FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @MagellanGPS.com/CommunicationPlugin - C:\Program Files\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: Microsoft .NET Framework Assistant - C:\Users\Kathinka\AppData\Roaming\Mozilla\Firefox\Profiles\ajvq10vs.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-01-17] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] ========================== Services (Whitelisted) ================= R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-24] (Avira Operations GmbH & Co. KG) S4 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-08-29] (Cisco Systems, Inc.) S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-19] (Empolis GmbH) S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] () R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] () R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1801216 2008-02-28] (Buhl Data Service GmbH) R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2006-06-14] (Ulead Systems, Inc.) S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation) R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2007-09-11] (Wistron Corp.) R2 WTGService; C:\Program Files\XSManager\WTGService.exe [329848 2013-05-06] () R2 XS Stick Service; C:\Windows\service4g.exe [145064 2010-04-30] (4G Systems GmbH & Co. KG) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-23] (Avira Operations GmbH & Co. KG) R3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2013-11-24] (Mobile Connector) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-08-29] (Cisco Systems, Inc.) R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.) R1 Hotkey; C:\Windows\system32\Drivers\Hotkey.sys [9867 2003-04-28] () R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210736 2007-06-01] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.) R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-05] (Avira GmbH) S3 V0330VID; C:\Windows\System32\DRIVERS\V0330Vid.sys [157696 2007-08-08] (Creative Technology Ltd.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-06 19:40 - 2014-06-06 19:40 - 00016396 _____ () C:\Users\Kathinka\Downloads\FRST.txt 2014-06-06 19:39 - 2014-06-06 19:40 - 00000000 ____D () C:\FRST 2014-06-06 19:39 - 2014-06-06 19:39 - 01063424 _____ (Farbar) C:\Users\Kathinka\Downloads\FRST.exe 2014-06-06 19:36 - 2014-06-06 19:36 - 00050477 _____ () C:\Users\Kathinka\Downloads\Defogger.exe 2014-06-06 19:36 - 2014-06-06 19:36 - 00000000 _____ () C:\Users\Kathinka\defogger_reenable 2014-06-05 19:23 - 2014-06-05 19:23 - 00000000 ____D () C:\test 2014-06-04 19:53 - 2014-06-04 19:55 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\XSManager 2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla 2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla 2014-06-04 18:00 - 2014-06-04 18:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Avira 2014-06-04 17:38 - 2014-06-04 17:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe 2014-06-04 17:38 - 2014-06-04 17:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2014-05-30 09:01 - 2014-05-30 09:01 - 02570453 _____ () C:\Users\Kathinka\Desktop\Documents\nils.pptx 2014-05-26 20:43 - 2014-05-26 20:43 - 00285841 _____ (Microsoft Corporation) C:\ProgramData\AvaviRfodo.dat 2014-05-13 19:53 - 2014-05-14 19:00 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird ==================== One Month Modified Files and Folders ======= 2014-06-06 19:40 - 2014-06-06 19:40 - 00016396 _____ () C:\Users\Kathinka\Downloads\FRST.txt 2014-06-06 19:40 - 2014-06-06 19:39 - 00000000 ____D () C:\FRST 2014-06-06 19:40 - 2009-08-15 22:58 - 00000394 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{158DDB20-B365-4628-993E-6DBF362FE748}.job 2014-06-06 19:40 - 2008-08-07 08:38 - 00000000 ____D () C:\Users\Kathinka\AppData\Local\Temp 2014-06-06 19:39 - 2014-06-06 19:39 - 01063424 _____ (Farbar) C:\Users\Kathinka\Downloads\FRST.exe 2014-06-06 19:38 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-06 19:38 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-06 19:36 - 2014-06-06 19:36 - 00050477 _____ () C:\Users\Kathinka\Downloads\Defogger.exe 2014-06-06 19:36 - 2014-06-06 19:36 - 00000000 _____ () C:\Users\Kathinka\defogger_reenable 2014-06-06 19:36 - 2008-08-07 09:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-06 19:36 - 2008-08-07 08:38 - 00000000 ____D () C:\Users\Kathinka 2014-06-06 19:26 - 2008-08-07 08:33 - 01472335 _____ () C:\Windows\WindowsUpdate.log 2014-06-06 19:26 - 2008-01-21 09:16 - 01541724 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-06 19:25 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\tracing 2014-06-06 19:11 - 2008-04-21 14:44 - 00002631 _____ () C:\Users\Kathinka\Desktop\Microsoft Office Word 2007.lnk 2014-06-06 19:05 - 2009-01-05 19:17 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-06-06 19:04 - 2010-02-03 08:02 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-06 19:04 - 2009-01-12 16:17 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-06-06 19:04 - 2008-08-07 08:38 - 00000948 _____ () C:\Users\Kathinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-06-06 19:04 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-05 19:31 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-05 19:23 - 2014-06-05 19:23 - 00000000 ____D () C:\test 2014-06-05 19:05 - 2009-01-05 18:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Temp 2014-06-05 19:03 - 2010-02-03 08:02 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-04 19:55 - 2014-06-04 19:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\XSManager 2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla 2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla 2014-06-04 18:00 - 2014-06-04 18:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Avira 2014-06-04 17:38 - 2014-06-04 17:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe 2014-06-04 17:38 - 2014-06-04 17:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2014-06-04 17:38 - 2009-01-05 18:45 - 00104568 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-04 17:38 - 2009-01-05 18:45 - 00000953 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-04 17:38 - 2009-01-05 18:45 - 00000919 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2014-06-04 17:30 - 2008-08-11 20:24 - 00000000 ____D () C:\Users\Nils\AppData\Local\Temp 2014-06-04 17:15 - 2012-06-21 17:38 - 00000000 ____D () C:\Users\Kathinka\Desktop\Documents\Kostenrechner 2014-06-04 10:47 - 2008-08-11 20:25 - 00104568 _____ () C:\Users\Nils\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-04 10:46 - 2009-08-15 22:58 - 00000953 _____ () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-04 10:44 - 2011-01-30 17:09 - 00000000 ____D () C:\Users\Kathinka\Desktop\Documents\Steuerfälle 2014-06-04 10:44 - 2009-04-05 18:32 - 00000000 ____D () C:\Users\Kathinka\Desktop\Documents\Förmliches 2014-06-04 10:44 - 2008-08-07 14:43 - 00000000 ____D () C:\Users\Kathinka\Desktop\Documents\Bio 2014-05-30 09:01 - 2014-05-30 09:01 - 02570453 _____ () C:\Users\Kathinka\Desktop\Documents\nils.pptx 2014-05-26 20:43 - 2014-05-26 20:43 - 00285841 _____ (Microsoft Corporation) C:\ProgramData\AvaviRfodo.dat 2014-05-22 18:31 - 2012-02-14 16:35 - 00000682 _____ () C:\Users\Kathinka\Desktop\Documents\OuProxy.log 2014-05-17 10:38 - 2010-02-08 12:16 - 00000000 ____D () C:\SECentral 2014-05-14 22:23 - 2013-08-19 16:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-14 19:00 - 2014-05-13 19:53 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird Files to move or delete: ==================== C:\ProgramData\00etadpu.pad C:\ProgramData\AvaviRfodo.dat Some content of TEMP: ==================== C:\Users\Kathinka\AppData\Local\Temp\AskSLib.dll C:\Users\Kathinka\AppData\Local\Temp\AskSLib.exe C:\Users\Kathinka\AppData\Local\Temp\avgnt.exe C:\Users\Kathinka\AppData\Local\Temp\CTPBSEQ.EXE C:\Users\Kathinka\AppData\Local\Temp\DelayInst.exe C:\Users\Kathinka\AppData\Local\Temp\GDM3C15.exe C:\Users\Kathinka\AppData\Local\Temp\installservice.exe C:\Users\Kathinka\AppData\Local\Temp\instmsi.exe C:\Users\Kathinka\AppData\Local\Temp\instmsiw.exe C:\Users\Kathinka\AppData\Local\Temp\MSETUP4.EXE C:\Users\Kathinka\AppData\Local\Temp\NEW58F8.tmp.exe C:\Users\Kathinka\AppData\Local\Temp\SkypeSetup.exe C:\Users\Kathinka\AppData\Local\Temp\unwise.exe C:\Users\Kathinka\AppData\Local\Temp\vpnclient_setup.exe C:\Users\Kathinka\AppData\Local\Temp\WZCPlugin_VISTA.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-06-06 19:11 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-06-2014
Ran by Kathinka at 2014-06-06 19:40:40
Running from C:\Users\Kathinka\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
3531-W-D (HKLM\...\{BD1587F7-B8D0-4111-8F1F-3327628AB02F}) (Version: 1.5.18 - Silicon Image)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2 - Adobe Systems, Inc) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.62 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81200000003}_Adobe Reader 8.1.2 - Deutsch) (Version: - )
Adobe Shockwave Player 11 (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version: - )
Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Benutzerhandbuch für Creative WebCam Vista (Deutsch) (HKLM\...\Benutzerhandbuch für Creative WebCam Vista German) (Version: - )
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version: - )
Canon MP240 series Benutzerregistrierung (HKLM\...\Canon MP240 series Benutzerregistrierung) (Version: - )
Canon MP240 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
Cisco Systems VPN Client 5.0.04.0300 (HKLM\...\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}) (Version: 5.0.4 - Cisco Systems, Inc.)
Clone Manager 7 (HKLM\...\Clone Manager 7) (Version: - )
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel MediaOne (HKLM\...\{A062A15F-9CAC-4B88-98DF-87628A0BD721}) (Version: 2.00.0000 - Corel Corporation)
Corel Paint Shop Pro Photo X2 (HKLM\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.010.0000 - Corel Corporation)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang BR (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang ES (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang FR (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang IT (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang NL (Version: 14.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version: - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (Version: 1.0 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version: - Corel Corporation)
Creative Live! Cam Center (HKLM\...\Creative Live! Cam Center) (Version: - )
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: - )
Creative Systeminformationen (HKLM\...\SysInfo) (Version: - )
Creative WebCam Vista/Live! Cam Chat Driver (1.11.01.00) (HKLM\...\Creative VF0330) (Version: - )
DC++ 0.674 (HKLM\...\DC++) (Version: 0.674 - Jacek Sieka)
dm Digi Foto (HKLM\...\dm Digi Foto) (Version: 2.3.0.93 - Imaxel Lab S.L)
EndNote 9 (HKLM\...\{33CE9398-8C1A-11D9-8BDE-F66BAD1E3F3A}) (Version: 9.0.0.1425 - Thomson ResearchSoft)
Firebird SQL Server - MAGIX Edition (HKLM\...\Firebird SQL Server D) (Version: 2.0.1.8 - MAGIX AG)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Heidi Klum Butterfly MousePointer (HKLM\...\Heidi Klum Butterfly MousePointer) (Version: - )
Inkjet Printer/Scanner Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.385 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0-B9.385 - InterVideo Inc.) Hidden
ISI ResearchSoft - Export Helper (HKLM\...\ISI ResearchSoft - Export Helper) (Version: - )
Java(TM) 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Launch Manager V1.4.9 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.4.9 - Wistron Corp.)
Letstrade (HKLM\...\{E0091C29-DEE8-4B24-BF65-8C35B5940D77}) (Version: 1.00.0000 - Buhl Data Service)
Magellan Communicator (HKLM\...\InstallShield_{0FD5FD0B-4BA6-47A1-99C3-F8A964C3CCA5}) (Version: 1.15.020 - Magellan Navigation, Inc.)
Magellan Communicator (Version: 1.15.020 - Magellan Navigation, Inc.) Hidden
MEDION Fotos auf CD Nord (HKLM\...\MEDION Fotos auf CD Nord D) (Version: 6.0.2.0 - MAGIX AG)
Medion Media Center 0 (Version: 1.0.12.0 - Medion) Hidden
MEDIONbox (HKLM\...\{27FDF949-69CE-435A-8372-339F72336AC5}) (Version: 1.09.0000.00052 - Medion)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2742597) (HKLM\...\M2742597) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Move Networks Media Player for Internet Explorer (HKLM\...\Move Networks Player - IE) (Version: - )
Mozilla Firefox (3.0.7) (HKLM\...\Mozilla Firefox (3.0.7)) (Version: 3.0.7 (de) - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{47948554-90C6-4AAC-8CFA-D23CE11C1031}) (Version: 8.3.124 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.8 - Frank Heindörfer, Philip Chinery)
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Ralink Wireless LAN (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.00.0000 - RaLink)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5595 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Sceneo AbsolutTV (HKLM\...\{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}) (Version: - )
SecureW2 EAP Suite 1.1.2 for Windows (HKLM\...\SecureW2 EAP Suite) (Version: - )
Skype™ 5.10 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.114 - Skype Technologies S.A.)
Steuer-Software 2011 (HKLM\...\{923BC9EF-A7FC-4E6D-8056-F1534DFCE530}) (Version: 16.14 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Software 2012 (HKLM\...\{F19178B7-F232-4E97-8511-E4D37A339E9C}) (Version: 17.07 - Wolters Kluwer Deutschland GmbH)
Steuer-Software 2014 (HKLM\...\{77D53A25-9700-42C7-8305-8E469FEBEE30}) (Version: 19.09.86 - Akademische Arbeitsgemeinschaft)
Ulead DVD MovieFactory 5 (HKLM\...\{FF164702-AF8B-4F2F-8038-74A4C536866B}) (Version: 5.3 - Ulead Systems, Inc.)
Ulead PhotoImpact 12 (HKLM\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Live ID-Anmelde-Assistent (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
XSManager (HKLM\...\XSManager) (Version: 3.2 - XSManager)
==================== Restore Points =========================
07-01-2014 16:13:51 STEUEReasy 2014 wurde installiert.
11-01-2014 19:11:24 Geplanter Prüfpunkt
10-02-2014 17:11:51 Geplanter Prüfpunkt
25-02-2014 19:21:59 Geplanter Prüfpunkt
03-03-2014 06:17:50 Geplanter Prüfpunkt
14-03-2014 10:12:12 Geplanter Prüfpunkt
19-03-2014 17:34:35 Geplanter Prüfpunkt
29-04-2014 17:28:04 Geplanter Prüfpunkt
06-05-2014 17:06:54 Geplanter Prüfpunkt
15-05-2014 20:29:14 Geplanter Prüfpunkt
19-05-2014 17:11:43 Geplanter Prüfpunkt
22-05-2014 20:04:47 Geplanter Prüfpunkt
01-06-2014 14:30:39 Geplanter Prüfpunkt
04-06-2014 10:14:41 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1E14A5A3-F104-4344-9D42-1795BADC0687} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)
Task: {2D6C0954-2E17-4B6F-BB24-FF4731E04F2A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {856F9422-F39D-41C9-ACE1-C632E54EBEB9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)
Task: {A7202F29-CE92-40F4-BD57-58E21FD7F254} - System32\Tasks\{6D9B42A6-9A89-4A16-B4A6-D58A11A5BE75} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.114.259/de/abandoninstall?source=lightinstaller&page=tsBing
Task: {BD435F55-A8E7-4253-BEB5-1467339E24D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FA02C62A-F440-4BE7-B24B-88A95DD60786} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{158DDB20-B365-4628-993E-6DBF362FE748}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2009-10-25 21:29 - 2001-10-28 18:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-04-05 18:18 - 2013-04-05 18:05 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-04-06 16:45 - 2013-04-06 16:45 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6d2b0e45\mscorlib.dll
2013-04-06 16:45 - 2013-04-06 16:45 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_84aa44c9\system.dll
2013-04-06 16:45 - 2013-04-06 16:45 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_08158c44\system.windows.forms.dll
2013-04-06 16:45 - 2013-04-06 16:45 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_7ae0156b\system.xml.dll
2008-04-22 08:37 - 2007-04-19 12:11 - 00006656 _____ () c:\program files\medion\medionbox\program\structconverter.dll
2009-10-23 07:29 - 2009-04-11 08:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2008-04-22 08:30 - 2007-05-16 22:48 - 00421955 _____ () C:\Program Files\Sceneo\AbsolutTV\Services\PVR\tvtvRemote.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00329848 ____N () C:\Program Files\XSManager\WTGService.exe
2008-04-21 09:37 - 2007-09-01 14:03 - 00032768 _____ () C:\Program Files\Launch Manager\LaunchAp.exe
2007-10-30 19:52 - 2007-10-30 19:52 - 00016200 _____ () C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2011-10-05 04:52 - 2011-10-05 04:52 - 00756048 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-11-24 21:14 - 2013-05-06 15:45 - 01611896 ____N () C:\Program Files\XSManager\XSManager.exe
2013-11-24 21:14 - 2013-05-06 15:45 - 00018040 ____N () C:\Program Files\XSManager\WTGDebugs.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00399480 ____N () C:\Program Files\XSManager\WtgCore.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00049784 ____N () C:\Program Files\XSManager\WtgDriverInstall.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00231544 ____N () C:\Program Files\XSManager\WtgUtil.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00186488 ____N () C:\Program Files\XSManager\WtgDetection.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00092280 ____N () C:\Program Files\XSManager\WtgPorts.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00112760 ____N () C:\Program Files\XSManager\WtgDatabase.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00084088 ____N () C:\Program Files\XSManager\WtgDialup.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00145528 ____N () C:\Program Files\XSManager\WtgBluetooth.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00895096 ____N () C:\Program Files\XSManager\4GSystems_OneClickAssistantGer.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00604280 ____N () C:\Program Files\XSManager\WTGXMLUtil.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00202872 ____N () C:\Program Files\XSManager\WTGSMSPCClient.Dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00011896 ____N () C:\Program Files\XSManager\4GSystems_WTGSMSPCClientGer.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00018040 ____N () C:\Program Files\XSManager\WTGDriverInstallX.Dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00263288 ____N () C:\Program Files\XSManager\WtgMobileBroadband7.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00546936 ____N () C:\Program Files\XSManager\WtgNdisQmiUtil.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: CVPND => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk => C:\Windows\pss\VPN Client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Kathinka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: msnmsgr => "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/06/2014 07:10:58 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (06/06/2014 07:05:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 07:16:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 07:03:45 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy19,0xc0000000,0x00000003,...)". hr = 0x80070005.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (06/05/2014 06:55:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/04/2014 08:20:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/04/2014 08:11:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/04/2014 08:10:39 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (06/04/2014 08:03:29 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (06/04/2014 06:01:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/06/2014 07:26:00 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.
Error: (06/06/2014 07:25:53 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.
Error: (06/06/2014 07:05:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/05/2014 07:16:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/05/2014 07:06:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
Error: (06/05/2014 06:56:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058
Error: (06/05/2014 06:55:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/04/2014 08:21:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058
Error: (06/04/2014 08:20:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/04/2014 08:11:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: avipbb
avkmgr
Hotkey
spldr
ssmdrv
Wanarpv6
Microsoft Office Sessions:
=========================
Error: (05/25/2014 11:10:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3277 seconds with 3000 seconds of active time. This session ended with a crash.
Error: (04/14/2013 11:34:04 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash.
Error: (09/26/2010 06:29:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1344 seconds with 1080 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-04-05 21:24:58.292
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:57.980
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:57.652
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:57.340
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:56.966
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:56.654
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:56.326
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:56.014
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:55.624
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:55.312
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 3061.69 MB
Available physical RAM: 1595.73 MB
Total Pagefile: 6341.65 MB
Available Pagefile: 4872.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.97 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:207.5 GB) (Free:81.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:25.37 GB) (Free:12.93 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 4B64DFC2)
Partition 1: (Active) - (Size=207 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=25 GB) - (Type=OF Extended)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-06-06 21:07:11 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 232,89GB Running: q373ohiw.exe; Driver: C:\Users\Kathinka\AppData\Local\Temp\pfldapow.sys ---- System - GMER 2.1 ---- SSDT 8C926936 ZwCreateSection SSDT 8C926940 ZwRequestWaitReplyPort SSDT 8C92693B ZwSetContextThread SSDT 8C926945 ZwSetSecurityObject SSDT 8C92694A ZwSystemDebugControl SSDT 8C9268D7 ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 215 820AD8D8 4 Bytes [36, 69, 92, 8C] .text ntkrnlpa.exe!KeSetEvent + 539 820ADBFC 4 Bytes [40, 69, 92, 8C] .text ntkrnlpa.exe!KeSetEvent + 56D 820ADC30 4 Bytes [3B, 69, 92, 8C] .text ntkrnlpa.exe!KeSetEvent + 5D1 820ADC94 4 Bytes [45, 69, 92, 8C] .text ntkrnlpa.exe!KeSetEvent + 619 820ADCDC 4 Bytes [4A, 69, 92, 8C] .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Launch Manager\WButton.exe[1140] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 022F887E .text C:\Program Files\Launch Manager\WButton.exe[1140] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 022F8927 .text C:\Program Files\Launch Manager\WButton.exe[1140] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 022F8A78 .text C:\Program Files\Launch Manager\WButton.exe[1140] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 022F89CC .text C:\Program Files\Launch Manager\WButton.exe[1140] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 022F744E .text C:\Windows\RtHDVCpl.exe[1284] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 029C887E .text C:\Windows\RtHDVCpl.exe[1284] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 029C8927 .text C:\Windows\RtHDVCpl.exe[1284] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 029C8A78 .text C:\Windows\RtHDVCpl.exe[1284] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 029C89CC .text C:\Windows\RtHDVCpl.exe[1284] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 029C744E .text C:\Windows\System32\hkcmd.exe[1328] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 01BF887E .text C:\Windows\System32\hkcmd.exe[1328] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 01BF8927 .text C:\Windows\System32\hkcmd.exe[1328] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 01BF8A78 .text C:\Windows\System32\hkcmd.exe[1328] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 01BF89CC .text C:\Windows\System32\hkcmd.exe[1328] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 01BF744E .text C:\Program Files\Launch Manager\HotkeyApp.exe[1332] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 02FC887E .text C:\Program Files\Launch Manager\HotkeyApp.exe[1332] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02FC8927 .text C:\Program Files\Launch Manager\HotkeyApp.exe[1332] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02FC8A78 .text C:\Program Files\Launch Manager\HotkeyApp.exe[1332] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 02FC89CC .text C:\Program Files\Launch Manager\HotkeyApp.exe[1332] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 02FC744E .text C:\Windows\System32\igfxpers.exe[1344] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0235887E .text C:\Windows\System32\igfxpers.exe[1344] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02358927 .text C:\Windows\System32\igfxpers.exe[1344] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02358A78 .text C:\Windows\System32\igfxpers.exe[1344] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 023589CC .text C:\Windows\System32\igfxpers.exe[1344] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0235744E .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1408] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0207887E .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1408] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02078927 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1408] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02078A78 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1408] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 020789CC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1408] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0207744E .text C:\Program Files\Launch Manager\OSD.exe[1800] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 015A887E .text C:\Program Files\Launch Manager\OSD.exe[1800] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 015A8927 .text C:\Program Files\Launch Manager\OSD.exe[1800] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 015A8A78 .text C:\Program Files\Launch Manager\OSD.exe[1800] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 015A89CC .text C:\Program Files\Launch Manager\OSD.exe[1800] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 015A744E .text C:\Program Files\Launch Manager\LaunchAp.exe[1944] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 009F887E .text C:\Program Files\Launch Manager\LaunchAp.exe[1944] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 009F8927 .text C:\Program Files\Launch Manager\LaunchAp.exe[1944] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 009F8A78 .text C:\Program Files\Launch Manager\LaunchAp.exe[1944] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 009F89CC .text C:\Program Files\Launch Manager\LaunchAp.exe[1944] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 009F744E .text C:\Windows\Explorer.EXE[2092] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 054B887E .text C:\Windows\Explorer.EXE[2092] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 054B8927 .text C:\Windows\Explorer.EXE[2092] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 054B8A78 .text C:\Windows\Explorer.EXE[2092] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 054B89CC .text C:\Windows\Explorer.EXE[2092] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 054B744E .text C:\Windows\system32\taskeng.exe[2128] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 028E887E .text C:\Windows\system32\taskeng.exe[2128] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 028E8927 .text C:\Windows\system32\taskeng.exe[2128] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 028E8A78 .text C:\Windows\system32\taskeng.exe[2128] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 028E89CC .text C:\Windows\system32\taskeng.exe[2128] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 028E744E .text C:\Windows\V0330Mon.exe[2144] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0210887E .text C:\Windows\V0330Mon.exe[2144] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02108927 .text C:\Windows\V0330Mon.exe[2144] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02108A78 .text C:\Windows\V0330Mon.exe[2144] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 021089CC .text C:\Windows\V0330Mon.exe[2144] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0210744E .text C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe[2304] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 01AA887E .text C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe[2304] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 01AA8927 .text C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe[2304] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 01AA8A78 .text C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe[2304] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 01AA89CC .text C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe[2304] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 01AA744E .text C:\Windows\starter4g.exe[3196] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0190887E .text C:\Windows\starter4g.exe[3196] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 01908927 .text C:\Windows\starter4g.exe[3196] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 01908A78 .text C:\Windows\starter4g.exe[3196] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 019089CC .text C:\Windows\starter4g.exe[3196] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0190744E .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3332] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 01B9887E .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3332] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 01B98927 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3332] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 01B98A78 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3332] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 01B989CC .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3332] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 01B9744E .text C:\Windows\system32\wbem\unsecapp.exe[3400] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 01AD887E .text C:\Windows\system32\wbem\unsecapp.exe[3400] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 01AD8927 .text C:\Windows\system32\wbem\unsecapp.exe[3400] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 01AD8A78 .text C:\Windows\system32\wbem\unsecapp.exe[3400] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 01AD89CC .text C:\Windows\system32\wbem\unsecapp.exe[3400] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 01AD744E .text C:\Windows\ehome\ehtray.exe[3536] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 008F887E .text C:\Windows\ehome\ehtray.exe[3536] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 008F8927 .text C:\Windows\ehome\ehtray.exe[3536] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 008F8A78 .text C:\Windows\ehome\ehtray.exe[3536] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 008F89CC .text C:\Windows\ehome\ehtray.exe[3536] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 008F744E .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3556] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0232887E .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3556] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02328927 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3556] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02328A78 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3556] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 023289CC .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3556] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0232744E .text C:\Program Files\Windows Sidebar\sidebar.exe[3564] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 02BA887E .text C:\Program Files\Windows Sidebar\sidebar.exe[3564] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02BA8927 .text C:\Program Files\Windows Sidebar\sidebar.exe[3564] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02BA8A78 .text C:\Program Files\Windows Sidebar\sidebar.exe[3564] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 02BA89CC .text C:\Program Files\Windows Sidebar\sidebar.exe[3564] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 02BA744E .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3572] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0240887E .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3572] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02408927 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3572] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02408A78 .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3572] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 024089CC .text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3572] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0240744E .text C:\Windows\ehome\ehmsas.exe[3808] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 00D3887E .text C:\Windows\ehome\ehmsas.exe[3808] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 00D38927 .text C:\Windows\ehome\ehmsas.exe[3808] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 00D38A78 .text C:\Windows\ehome\ehmsas.exe[3808] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 00D389CC .text C:\Windows\ehome\ehmsas.exe[3808] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 00D3744E .text C:\Windows\system32\igfxsrvc.exe[3856] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0287887E .text C:\Windows\system32\igfxsrvc.exe[3856] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02878927 .text C:\Windows\system32\igfxsrvc.exe[3856] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02878A78 .text C:\Windows\system32\igfxsrvc.exe[3856] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 028789CC .text C:\Windows\system32\igfxsrvc.exe[3856] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0287744E ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@y!s!\24!r!s!`!\30!y!\24!\24!t!\30!c!y!s!d! 19583823 ---- EOF - GMER 2.1 ---- |
| Themen zu Win Vista/ Avira geblockt, Onlinebanking geknackt |
| antivirus, association, avira, canon, desktop, downloader, ebanking, excel, fehlermeldung, firefox, flash player, google, home, homepage, iexplore.exe, launch, mozilla, programm, realtek, registry, rundll, security, services.exe, software, starten, stick, svchost.exe, vista, windows |
Baum-Darstellung