| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Phisher aus Vodafone Mail will VR Bank abgreifenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.06.2014, 16:22
| #1 | ||
| |  Windows 7: Phisher aus Vodafone Mail will VR Bank abgreifen Hallo zusammen, eine Freundin hat vor einigen Tagen eine Mail von "Vodafone" bekommen mit einer angeblichen 300€ Rechnung. Leider hat sie als Vodafone Kundin getippt und nun haben wir den Salat, berichtet auch schon die VZ drüber... hxxp://www.vz-nrw.de/phishing Direkt zu Anfang: Der PC wird gewerblich genutzt, ich mache aber hier privaten Support ohne gewerblichen Hintergrund (außer vielleicht den Zehner den der arme Student am ende bekommt  ).Also darf ich es ausbaden und gib euch mal was ich habe: Befallene Datei war zu 99% folgender Link (ACHTUNG da ist halt was böses drin  )firstvoicemail[dot]com/wp-includes/pomo[slash]pdf-vodafone2014_06-de/2014_06rechnung_pdf_vodafone[dot]zip So sollte es keiner aus Versehen anklicken... Virustotal findet dazu auch nicht viel genau wie das installierte MacAffee: https://www.virustotal.com/de/url/75d4c4453bf3bf1d279aa3ef50bcd316c2cfb7ff30fedc3164a1ed0871e5b126/analysis/ Aber: Sobald man sich ins OnlineBanking der VR Bank einloggt kommt folgende Meldung: Zitat:
Aber da eine Neuinstallation extrem viel Arbeit bedeutet, würden wir den Rechner gerne manuell reinigen. Hier also mal ein paar Logs für euch: defogger_disable Zitat:
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02
Ran by Buro (administrator) on BUERO-PC on 13-06-2014 16:44:30
Running from D:\Eigene Dateien\Downloads
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(DATEV eG) C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [333416 2012-09-05] (McAfee, Inc.)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [ApnTBMon] => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\Run: [updateMgr] => C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\Run: [LiveSupport] => "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log
HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\Run: [uumconfig.exe] => C:\Users\Buro\AppData\Roaming\Microsoft\uumconfig.exe [196608 2009-07-14] (Qdumga)
HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1046610458-722662356-3371820042-1000\...\MountPoints2: {35856a6b-a7f8-11e2-9698-00237d21318e} - K:\Setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk
ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> C:\DATEV\PROGRAMM\BSoffice\service\OfficeDiag.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CleanupPrintJobs.lnk
ShortcutTarget: CleanupPrintJobs.lnk -> C:\DATEV\PROGRAMM\B0001401\CleanupPrintJobs.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk
ShortcutTarget: SkyUserDevmode-Update.lnk -> C:\DATEV\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG)
Startup: C:\Users\Buro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Buro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF6B508DFDF19CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e8ad60fc-b67a-794f-7ccc-7b383bf8a0ca&searchtype=ds&q={searchTerms}&installDate=22/10/2013
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130302162403.dll (McAfee, Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Buro\AppData\Roaming\Mozilla\Firefox\Profiles\n4u04gzo.default
FF SearchEngineOrder.1: Ask Search
FF Homepage: https://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Buro\AppData\Roaming\Mozilla\Firefox\Profiles\n4u04gzo.default\user.js
FF SearchPlugin: C:\Users\Buro\AppData\Roaming\Mozilla\Firefox\Profiles\n4u04gzo.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DAEMON Tools Toolbar - C:\Users\Buro\AppData\Roaming\Mozilla\Firefox\Profiles\n4u04gzo.default\Extensions\DTToolbar@toolbarnet.com [2013-04-19]
FF Extension: IDS_SS_NAME - C:\Program Files\Common Files\McAfee\SystemCore [2013-03-02]
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files\Common Files\McAfee\SystemCore [2013-03-02]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-04-09]
========================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-11] (Adobe Systems) [File not signed]
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-16] (APN LLC.)
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [1705280 2009-08-19] (WIBU-SYSTEMS AG)
S3 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [161320 2013-08-02] (DATEV eG)
S3 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)
R2 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)
R3 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)
S3 Datev.Irw.ServiceProvider.HostXcut.Server; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2013-12-05] (DATEV eG)
R2 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [185856 2013-09-02] (DATEV eG) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-04-18] (Macrovision Europe Ltd.) [File not signed]
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-05] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [167344 2013-03-02] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [159640 2013-03-02] (McAfee, Inc.)
R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation)
R3 MSSQLFDLauncher$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe [37832 2012-06-29] (Microsoft Corporation)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation)
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [X]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn [X]
==================== Drivers (Whitelisted) ====================
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218176 2013-04-18] (DT Soft Ltd)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2013-05-23] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2013-05-23] (Logitech, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2013-03-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [215024 2013-03-02] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59616 2013-03-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [477584 2013-03-02] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87816 2013-03-02] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [180720 2013-03-02] (McAfee, Inc.)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [249288 2012-06-29] (Microsoft Corporation)
U0 dmboot;
U3 mfeavfk01; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-13 16:41 - 2014-06-13 16:44 - 00000000 ____D () C:\FRST
2014-06-13 16:38 - 2014-06-13 16:38 - 00000156 _____ () C:\Users\Buro\defogger_reenable
2014-06-13 11:28 - 2014-06-13 11:28 - 00000000 ____D () C:\ProgramData\Logitech
2014-06-12 08:18 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 08:18 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-05-19 08:38 - 2014-05-19 08:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-16 12:17 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 12:17 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 12:17 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 12:15 - 2014-05-16 12:15 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 09:08 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-16 09:08 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-16 09:07 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-16 09:07 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-16 09:07 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-16 09:07 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-16 09:07 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-16 09:07 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-16 09:07 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-16 09:07 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-16 09:07 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-16 09:07 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-16 09:07 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-16 09:07 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-16 09:07 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-16 09:07 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-16 09:07 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-16 09:07 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-16 09:07 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-16 09:07 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-16 09:07 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-16 09:07 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-16 09:07 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-16 09:07 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-16 09:07 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-16 09:07 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-16 09:07 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
==================== One Month Modified Files and Folders =======
2014-06-13 16:44 - 2014-06-13 16:41 - 00000000 ____D () C:\FRST
2014-06-13 16:44 - 2013-03-02 16:05 - 00000000 ____D () C:\Users\Buro\AppData\Local\Temp
2014-06-13 16:43 - 2009-07-14 06:34 - 00017504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-13 16:43 - 2009-07-14 06:34 - 00017504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-13 16:38 - 2014-06-13 16:38 - 00000156 _____ () C:\Users\Buro\defogger_reenable
2014-06-13 16:38 - 2013-03-07 15:46 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-13 16:38 - 2013-03-02 16:05 - 00000000 ____D () C:\Users\Buro
2014-06-13 16:14 - 2013-03-06 23:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-13 11:36 - 2013-06-15 16:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-13 11:36 - 2013-03-07 15:46 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-13 11:36 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-13 11:36 - 2009-07-14 06:39 - 00054281 _____ () C:\Windows\setupact.log
2014-06-13 11:34 - 2013-03-02 15:52 - 01742757 _____ () C:\Windows\WindowsUpdate.log
2014-06-13 11:28 - 2014-06-13 11:28 - 00000000 ____D () C:\ProgramData\Logitech
2014-06-13 11:28 - 2014-04-09 16:19 - 00000888 _____ () C:\Windows\LkmdfCoInst.log
2014-06-13 11:27 - 2014-04-09 16:19 - 00016400 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-06-13 11:17 - 2013-03-02 16:09 - 01807850 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-12 12:04 - 2013-08-05 11:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 12:04 - 2013-03-02 17:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 12:02 - 2013-03-02 16:55 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 11:50 - 2013-03-02 18:39 - 00000000 ____D () C:\Users\Buro\Graphisoft
2014-05-20 08:08 - 2013-03-02 17:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-19 08:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-19 08:38 - 2014-05-19 08:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-19 08:30 - 2014-05-06 12:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-19 08:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-16 12:15 - 2014-05-16 12:15 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 09:08 - 2013-03-02 17:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 12:14 - 2013-03-06 23:38 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-15 12:14 - 2013-03-06 23:38 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Buro\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe
C:\Users\Buro\AppData\Local\Temp\APNSetup.exe
C:\Users\Buro\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Buro\AppData\Local\Temp\bi_cleaner.exe
C:\Users\Buro\AppData\Local\Temp\DiVapton_sm.exe
C:\Users\Buro\AppData\Local\Temp\Installer.exe
C:\Users\Buro\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Buro\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Buro\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Buro\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Buro\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Buro\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Buro\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Buro\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Buro\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Buro\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Buro\AppData\Local\Temp\ose00000.exe
C:\Users\Buro\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Buro\AppData\Local\Temp\wajam_download.exe
C:\Users\Buro\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-05-12 09:32
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-06-2014 02
Ran by Buro at 2014-06-13 16:44:46
Running from D:\Eigene Dateien\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: McAfee VirusScan Enterprise (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.1.0 - Adobe Systems) Hidden
Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch (HKLM\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.1.0 - Adobe Systems)
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (Version: 001.000.001 - Adobe Systems) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Common File Installer (Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS3 (HKLM\...\Adobe_25db75244653b42cb93dc27939d1c0e) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CS3 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArchiCAD SE 2010 GER (HKLM\...\036FFF1FFF13FF00FF0215F00F02F000-R1) (Version: - Graphisoft)
Ashampoo Burning Studio 2013 v.11.0.5 (HKLM\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 9 v.9.4.3 (HKLM\...\Ashampoo Photo Commander 9_is1) (Version: 9.4.3 - Ashampoo GmbH & Co. KG)
Ask Toolbar (HKLM\...\{4F524A2D-5637-006A-76A7-A758B70C0600}) (Version: 12.6.0.12 - APN, LLC) <==== ATTENTION
B1315AppGuid (Version: 1.0.0 - DATEV eG) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-6490CW (HKLM\...\{20E970DF-A7B2-4345-9DEB-72213A29645E}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CodeMeter Runtime Kit v4.10a (HKLM\...\{B22CE542-B0A1-42AD-955D-7455B7C9ED74}) (Version: 4.10.205. - WIBU-SYSTEMS AG)
Crystal Reports Runtime XI (Version: 1.0.9 - DATEV eG) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.40.1.0127 - DT Soft Ltd)
DAEMON Tools Toolbar (HKLM\...\DAEMON Tools Toolbar) (Version: 1.1.3.0244 - DT Soft Ltd) <==== ATTENTION
DATEV Infragistics Runtime V.3.2 (Version: 3.2.0 - Infragistics, Inc.) Hidden
DATEV Installation V.3.2 (HKLM\...\DATEVB00000482.0) (Version: - )
DFL2010 ConfigDB (HKLM\...\{46B1F595-EFB2-4463-B302-312A2C7B70A6}) (Version: 4.35.4339.0 - DATEV eG)
DFL2010 Microkernel (HKLM\...\{063DF19F-5FE9-43D3-A961-944ABD050A4C}) (Version: 4.35.4339.0 - DATEV eG)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.8.0 (HKCU\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
iCloud (HKLM\...\{925F1DB6-E86E-4378-9091-D1F68B0583C9}) (Version: 2.1.2.8 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
McAfee Agent (HKLM\...\{D107EA80-023A-443C-AA79-1C4B0CB2E227}) (Version: 4.6.0.2988 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.02004 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{EEB0EFE8-61EB-4C42-929A-CE25D3FBC0C6}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{7419AE1A-D1A5-4B24-BD78-C7ABCC26016F}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
PDF24 Creator 5.3.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Phase 5 HTML-Editor (HKLM\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Service Pack 2 für SQL Server 2008 R2 (KB2630458) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Full text search (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQLXML4 (HKLM\...\{6C79A48D-F9CE-4B4E-968C-5BCFC27630CF}) (Version: 9.00.5000.00 - Microsoft Corporation)
SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
==================== Restore Points =========================
07-04-2014 08:52:16 Geplanter Prüfpunkt
09-04-2014 14:23:42 Windows Modules Installer
09-04-2014 14:25:04 Windows Modules Installer
10-04-2014 10:20:36 Windows Update
02-05-2014 10:53:18 Windows Update
06-05-2014 10:22:01 Windows Update
16-05-2014 10:13:35 Windows Update
12-06-2014 10:01:26 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {18E58942-5A1F-4C04-A536-36CDC03ABE68} - System32\Tasks\DATEV eG\DATEV Update-Monitor => C:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe [2013-08-02] (DATEV eG)
Task: {7838592A-A2CA-4F61-A641-231B8BC5F9D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-07] (Google Inc.)
Task: {AEEED748-B7B9-4A94-8CAF-6EBB1D059D26} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AFBF5FA2-C9EC-485C-8D14-D5A479621AF8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {B18505E1-6864-4582-B13D-F6333A276613} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-07] (Google Inc.)
Task: {B97ECBCB-CAB4-4AAB-A4AA-1FDB98DD0CE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-06-15 16:51 - 2013-01-18 16:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-04-15 11:00 - 2006-01-12 21:20 - 01265664 _____ () C:\Program Files\Adobe\Acrobat 7.0\Distillr\adistres.DEU
2014-03-28 11:35 - 2014-03-28 11:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2013-03-02 18:25 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2013-04-15 11:00 - 2006-01-12 21:20 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.deu
2013-04-15 11:00 - 2006-01-12 21:13 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.FRA
2012-10-11 22:56 - 2012-10-11 22:56 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-10-11 22:56 - 2012-10-11 22:56 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-04-18 21:30 - 2007-04-18 21:30 - 00393216 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll
2007-04-18 21:30 - 2007-04-18 21:30 - 00471040 _____ () C:\Program Files\McAfee\Common Framework\ccme_base.dll
2012-08-14 21:08 - 2012-08-14 21:08 - 00150328 _____ () C:\Program Files\McAfee\VirusScan Enterprise\WscAv.dll
2013-03-02 18:25 - 2002-11-26 14:43 - 00106496 ____N () C:\Windows\system32\BrMuSNMP.dll
2014-05-19 08:38 - 2014-05-19 08:38 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-05-15 12:14 - 2014-05-15 12:14 - 16361136 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
==================== Faulty Device Manager Devices =============
Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/13/2014 04:44:26 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/06/13 16:44:26.957]: [00002420]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.33.250]
Error: (06/13/2014 04:44:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST.exe, Version 12.6.2014.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 170
Startzeit: 01cf871567b1fd5a
Endzeit: 0
Anwendungspfad: D:\Eigene Dateien\Downloads\FRST.exe
Berichts-ID:
Error: (06/13/2014 04:43:17 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/06/13 16:43:17.939]: [00002420]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.33.250]
Error: (06/13/2014 04:42:08 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/06/13 16:42:08.915]: [00002420]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.33.250]
Error: (06/13/2014 04:40:59 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/06/13 16:40:59.874]: [00002420]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.33.250]
Error: (06/13/2014 04:39:50 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/06/13 16:39:50.870]: [00002420]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.33.250]
Error: (06/13/2014 04:38:41 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/06/13 16:38:41.863]: [00002420]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.33.250]
Error: (06/13/2014 04:37:32 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/06/13 16:37:32.857]: [00002420]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.33.250]
Error: (06/13/2014 04:36:23 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/06/13 16:36:23.853]: [00002420]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.33.250]
Error: (06/13/2014 04:35:14 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/06/13 16:35:14.846]: [00002420]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.33.250]
System errors:
=============
Error: (06/13/2014 11:37:06 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/13/2014 10:14:06 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/12/2014 00:04:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2957503)
Error: (06/12/2014 00:04:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2939576)
Error: (06/12/2014 00:04:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Update für Windows 7 (KB2800095)
Error: (06/12/2014 00:04:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer 10 unter Windows 7 Service Pack 1 (KB2957689)
Error: (06/12/2014 00:04:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2957189)
Error: (06/12/2014 00:02:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Update für Windows 7 (KB2952664)
Error: (06/12/2014 00:02:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2957509)
Error: (06/12/2014 08:12:58 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (09/17/2013 09:15:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 3567.37 MB
Available physical RAM: 2328.64 MB
Total Pagefile: 7133.03 MB
Available Pagefile: 5515.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1929.88 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:195.31 GB) (Free:145.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:585.94 GB) (Free:509.44 GB) NTFS
Drive l: (CODEMETER) (Fixed) (Total:0.04 GB) (Free:0 GB) FAT32
Drive s: (SERVICE) (Fixed) (Total:150.14 GB) (Free:144.84 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E1039650)
Partition 1: (Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=736 GB) - (Type=OF Extended)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-13 17:03:31
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EADS-00L5B1 rev.01.01A01 931,51GB
Running: jqbiwd6u.exe; Driver: C:\Users\Buro\AppData\Local\Temp\uwtoqpob.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83041A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307B212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.1 ----
.text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[1460] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 0150EDF0
.text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[1460] ntdll.dll!LdrLoadDll 77CE22AE 5 Bytes JMP 01671AE0
.text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[1460] WS2_32.dll!closesocket 76513918 5 Bytes JMP 0167BF80
.text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[1460] WS2_32.dll!WSASend 76514406 5 Bytes JMP 0167BEA0
.text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[1460] WS2_32.dll!connect 76516BDD 5 Bytes JMP 0167BE50
.text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[1460] WS2_32.dll!send 76516F01 5 Bytes JMP 0167BF20
.text C:\Windows\system32\taskhost.exe[1632] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 0202EDF0
.text C:\Windows\system32\taskhost.exe[1632] ntdll.dll!LdrLoadDll 77CE22AE 5 Bytes JMP 02071AE0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[1688] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 004DEDF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[1688] ntdll.dll!LdrLoadDll 77CE22AE 5 Bytes JMP 01501AE0
.text C:\Windows\system32\Dwm.exe[1724] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 00D3EDF0
.text C:\Windows\system32\Dwm.exe[1724] ntdll.dll!LdrLoadDll 77CE22AE 5 Bytes JMP 03071AE0
.text C:\Windows\Explorer.EXE[1756] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 02EBEDF0
.text C:\Windows\Explorer.EXE[1756] ntdll.dll!LdrLoadDll 77CE22AE 5 Bytes JMP 02ED1AE0
.text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1916] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 0158EDF0
.text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1916] ntdll.dll!LdrLoadDll 77CE22AE 5 Bytes JMP 01701AE0
.text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1916] WS2_32.dll!closesocket 76513918 5 Bytes JMP 0170BF80
.text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1916] WS2_32.dll!WSASend 76514406 5 Bytes JMP 0170BEA0
.text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1916] WS2_32.dll!connect 76516BDD 5 Bytes JMP 0170BE50
.text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[1916] WS2_32.dll!send 76516F01 5 Bytes JMP 0170BF20
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1984] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 015CEDF0
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1984] ntdll.dll!LdrLoadDll 77CE22AE 5 Bytes JMP 01601AE0
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[2000] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 012AEDF0
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[2000] ntdll.dll!LdrLoadDll 77CE22AE 5 Bytes JMP 01691AE0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2056] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 0147EDF0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2056] ntdll.dll!LdrLoadDll 77CE22AE 5 Bytes JMP 014B1AE0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2056] WS2_32.dll!closesocket 76513918 5 Bytes JMP 014BBF80
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2056] WS2_32.dll!WSASend 76514406 5 Bytes JMP 014BBEA0
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2056] WS2_32.dll!connect 76516BDD 5 Bytes JMP 014BBE50
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2056] WS2_32.dll!send 76516F01 5 Bytes JMP 014BBF20
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2100] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 019FEDF0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2100] ntdll.dll!LdrLoadDll 77CE22AE 5 Bytes JMP 01A31AE0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2100] WS2_32.dll!closesocket 76513918 5 Bytes JMP 01A3BF80
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2100] WS2_32.dll!WSASend 76514406 5 Bytes JMP 01A3BEA0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2100] WS2_32.dll!connect 76516BDD 5 Bytes JMP 01A3BE50
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2100] WS2_32.dll!send 76516F01 5 Bytes JMP 01A3BF20
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2168] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 0144EDF0
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2168] ntdll.dll!LdrLoadDll 77CE22AE 3 Bytes JMP 015A1AE0
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2168] ntdll.dll!LdrLoadDll + 4 77CE22B2 1 Byte [89]
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2168] WS2_32.dll!closesocket 76513918 5 Bytes JMP 015ABF80
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2168] WS2_32.dll!WSASend 76514406 5 Bytes JMP 015ABEA0
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2168] WS2_32.dll!connect 76516BDD 5 Bytes JMP 015ABE50
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2168] WS2_32.dll!send 76516F01 5 Bytes JMP 015ABF20
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2192] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 015FEDF0
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2192] ntdll.dll!LdrLoadDll 77CE22AE 5 Bytes JMP 01631AE0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2224] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 020DEDF0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2224] ntdll.dll!LdrLoadDll 77CE22AE 5 Bytes JMP 02111AE0
.text C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe[2332] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 002BEDF0
.text C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe[2332] ntdll.dll!LdrLoadDll 77CE22AE 5 Bytes JMP 006E1AE0
.text C:\Program Files\McAfee\Common Framework\McTray.exe[2356] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 0135EDF0
.text C:\Program Files\McAfee\Common Framework\McTray.exe[2356] ntdll.dll!LdrLoadDll 77CE22AE 5 Bytes JMP 01391AE0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 0072EDF0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] ntdll.dll!LdrLoadDll 77CE22AE 5 Bytes JMP 66C41EB1 C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 77AB94E6 7 Bytes JMP 595184D6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!QueryPerformanceCounter + 13 77ABC4E5 7 Bytes JMP 595184F9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] kernel32.dll!LoadAppInitDlls + 355 77ABF5A6 7 Bytes JMP 58B93A32 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2508] GDI32.dll!GetViewportOrgEx + 26C 7602884B 7 Bytes JMP 59518457 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtCreateFile + 6 77CC560E 4 Bytes [28, 30, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtCreateFile + B 77CC5613 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtCreateKey + 6 77CC564E 4 Bytes [68, 31, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtCreateKey + B 77CC5653 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtCreateMutant + 6 77CC568E 4 Bytes [68, 32, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtCreateMutant + B 77CC5693 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtCreateSection + 6 77CC572E 4 Bytes [A8, 32, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtCreateSection + B 77CC5733 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtMapViewOfSection + B 77CC5C73 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenFile + 6 77CC5D1E 4 Bytes [68, 30, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenFile + B 77CC5D23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenKey + 6 77CC5D4E 4 Bytes [A8, 31, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenKey + B 77CC5D53 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenKeyEx + B 77CC5D63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenMutant + 6 77CC5D9E 4 Bytes [28, 32, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenMutant + B 77CC5DA3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenProcess + 6 77CC5DCE 4 Bytes [68, 33, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenProcess + B 77CC5DD3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenProcessToken + 6 77CC5DDE 4 Bytes [A8, 33, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenProcessToken + B 77CC5DE3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenProcessTokenEx + 6 77CC5DEE 4 Bytes [68, 34, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenProcessTokenEx + B 77CC5DF3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenSection + B 77CC5E13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenThread + 6 77CC5E4E 4 Bytes [28, 33, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenThread + B 77CC5E53 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenThreadToken + 6 77CC5E5E 4 Bytes [28, 34, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenThreadToken + B 77CC5E63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenThreadTokenEx + 6 77CC5E6E 4 Bytes [A8, 34, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtOpenThreadTokenEx + B 77CC5E73 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtQueryAttributesFile + 6 77CC5F7E 4 Bytes [A8, 30, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtQueryAttributesFile + B 77CC5F83 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtQueryFullAttributesFile + B 77CC6033 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 009BEDF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtSetInformationFile + 6 77CC667E 4 Bytes [28, 31, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtSetInformationFile + B 77CC6683 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtSetInformationThread + B 77CC66E3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtUnmapViewOfSection + 6 77CC69FE 4 Bytes [28, 35, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ntdll.dll!NtUnmapViewOfSection + B 77CC6A03 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] kernel32.dll!CreateProcessW 77A7204D 5 Bytes JMP 000A0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] kernel32.dll!CreateProcessA 77A72082 5 Bytes JMP 000A0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!ActivateKeyboardLayout 77BB8203 5 Bytes JMP 001504F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!ScreenToClient 77BBA506 7 Bytes JMP 00150670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!RegisterClipboardFormatA 77BBC091 5 Bytes JMP 001502F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!RegisterClipboardFormatW 77BBDF8D 5 Bytes JMP 001502B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!SetCursor 77BC3075 5 Bytes JMP 00150530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!MonitorFromWindow 77BC3622 7 Bytes JMP 00150630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!PostMessageW 77BC447B 5 Bytes JMP 001505F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!IsWindowVisible 77BC4D69 7 Bytes JMP 001506B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetClientRect 77BC54DD 7 Bytes JMP 001505B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!MapWindowPoints 77BC5CAA 5 Bytes JMP 00150570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetParent 77BC6029 7 Bytes JMP 001506F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!EmptyClipboard 77BD290C 5 Bytes JMP 00150130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!SetClipboardData 77BD2962 5 Bytes JMP 00150170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetClipboardData 77BD2BA7 5 Bytes JMP 00150030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetClipboardFormatNameW 77BD5FD2 5 Bytes JMP 00150230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!SetClipboardViewer 77BD6FF6 5 Bytes JMP 001504B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetClipboardFormatNameA 77BD700A 5 Bytes JMP 00150270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!ChangeClipboardChain 77BE147C 5 Bytes JMP 00150430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetTopWindow 77BE24D9 7 Bytes JMP 00150730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!CloseClipboard 77BE446C 5 Bytes JMP 001500B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!OpenClipboard 77BE447E 5 Bytes JMP 00150070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!IsClipboardFormatAvailable 77BE44FF 5 Bytes JMP 001500F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetClipboardSequenceNumber 77BE4513 5 Bytes JMP 00150330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetClipboardOwner 77BE4525 5 Bytes JMP 00150370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!CountClipboardFormats 77BE470A 5 Bytes JMP 001501F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!EnumClipboardFormats 77BE47EC 5 Bytes JMP 001501B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetOpenClipboardWindow 77BE480B 5 Bytes JMP 001503F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!SetCursorPos 77BFC1B0 5 Bytes JMP 00150770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetClipboardViewer 77C14AF7 5 Bytes JMP 00150470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] user32.DLL!GetPriorityClipboardFormat 77C14BF9 5 Bytes JMP 001503B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!DeleteObject 76025F14 5 Bytes JMP 001601B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SelectObject 76026640 5 Bytes JMP 001605F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SetTextColor 76026906 5 Bytes JMP 00160A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SetBkMode 760269B1 5 Bytes JMP 001608F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!DeleteDC 76026EAA 5 Bytes JMP 00160170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetDeviceCaps 76026F7F 5 Bytes JMP 001603B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!ExtSelectClipRgn 76027114 5 Bytes JMP 001602F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SelectClipRgn 76027242 5 Bytes JMP 001605B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SetStretchBltMode 76027705 5 Bytes JMP 001606B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetCurrentObject 76027917 5 Bytes JMP 00160370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetTextMetricsW 76027B8F 5 Bytes JMP 00160E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetTextAlign 76027DAF 5 Bytes JMP 00160D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!IntersectClipRect 76027DFE 5 Bytes JMP 001603F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!ExtTextOutW 76028192 5 Bytes JMP 00160970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SetTextAlign 7602828E 5 Bytes JMP 001609F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetClipBox 76028525 5 Bytes JMP 00160330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!MoveToEx 76028C21 5 Bytes JMP 00160470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!StretchDIBits 7602A53E 5 Bytes JMP 00160770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!RestoreDC 7602A67B 5 Bytes JMP 00160530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SaveDC 7602A74B 5 Bytes JMP 00160570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetTextExtentPoint32W 7602B4B5 5 Bytes JMP 00160670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetTextFaceW 7602B73A 2 Bytes JMP 00160D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetTextFaceW + 3 7602B73D 2 Bytes [13, 8A]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetFontData 7602BCC4 5 Bytes JMP 00160C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SetWorldTransform 7602C90A 5 Bytes JMP 001606F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!CreateDCA 7602CCA9 5 Bytes JMP 001600B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!CreateDCW 7602CF79 5 Bytes JMP 001600F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!CreateICW 7602CFD0 5 Bytes JMP 00160130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetTextMetricsA 7602D0F2 5 Bytes JMP 00160DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!Rectangle 7602F1FF 5 Bytes JMP 001609B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!LineTo 7602F59B 5 Bytes JMP 00160430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SetICMMode 7602FAA4 5 Bytes JMP 00160DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!ExtTextOutA 76030D20 5 Bytes JMP 00160930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetTextExtentPoint32A 7603117F 5 Bytes JMP 00160630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!ExtEscape 76032D49 5 Bytes JMP 001602B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!Escape 76033400 5 Bytes JMP 00160270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!ResetDCW 76033A9B 5 Bytes JMP 00160AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!EndPage 760340DA 5 Bytes JMP 00160230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SetPolyFillMode 760367E1 5 Bytes JMP 00160B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SetMiterLimit 7603699D 5 Bytes JMP 00160B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetTextFaceA 76040D22 5 Bytes JMP 00160CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!GetGlyphOutlineW 7604C2DA 5 Bytes JMP 00160CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!CreateScalableFontResourceW 7604E937 5 Bytes JMP 00160BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!AddFontResourceW 7604ED33 5 Bytes JMP 00160BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!RemoveFontResourceW 7604F229 5 Bytes JMP 00160C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!AbortDoc 76054E29 5 Bytes JMP 00160030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!EndDoc 76055270 5 Bytes JMP 001601F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!StartPage 7605535B 5 Bytes JMP 00160730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!StartDocW 76055D76 5 Bytes JMP 001607F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!BeginPath 7605651D 5 Bytes JMP 00160830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!SelectClipPath 76056574 5 Bytes JMP 00160AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!CloseFigure 760565CF 5 Bytes JMP 00160070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!EndPath 76056626 5 Bytes JMP 00160A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!StrokePath 76056859 5 Bytes JMP 001607B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!FillPath 760568E6 5 Bytes JMP 00160870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!PolylineTo 76056D54 5 Bytes JMP 001604F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!PolyBezierTo 76056DE5 5 Bytes JMP 001604B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] GDI32.dll!PolyDraw 76056E97 5 Bytes JMP 001608B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ole32.dll!OleSetClipboard 7677009D 5 Bytes JMP 00280030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ole32.dll!OleIsCurrentClipboard 7677370E 5 Bytes JMP 00280070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[4620] ole32.dll!OleGetClipboard 7679FE25 5 Bytes JMP 002800B0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5828] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 0124EDF0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5828] ntdll.dll!LdrLoadDll 77CE22AE 5 Bytes JMP 01B01AE0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5828] USER32.dll!GetWindowInfo 77BC4B5E 5 Bytes JMP 58DCD777 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5828] USER32.dll!ToUnicodeEx + 71 77BD2223 7 Bytes JMP 58DC70E4 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5828] WS2_32.dll!closesocket 76513918 5 Bytes JMP 01B0BF80
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5828] WS2_32.dll!WSASend 76514406 5 Bytes JMP 01B0BEA0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5828] WS2_32.dll!connect 76516BDD 5 Bytes JMP 01B0BE50
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5828] WS2_32.dll!send 76516F01 5 Bytes JMP 01B0BF20
.text C:\Windows\system32\wuauclt.exe[5896] ntdll.dll!NtResumeThread 77CC64E8 5 Bytes JMP 00A3EDF0
.text C:\Windows\system32\wuauclt.exe[5896] ntdll.dll!LdrLoadDll 77CE22AE 5 Bytes JMP 00A71AE0
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- EOF - GMER 2.1 ----
So, das war alles was ich habe und ich hoffe man kann mir helfen  Gruß und vielen Dank für jede Hilfe im Vorraus,Olli |
AEMON Tools Lite -> Removed
Baum-Darstellung