| bojeboje | 22.12.2014 16:07 |
Win Vista verschickt Spam kein Fund
Hallo zusammen,
folgendes Problem:
Emailadresse ( von Unitymedia) wurde jetzt zum 2. Mal gesperrt, da Spam von ihr aus verschickt wurde.
Auf die Emailadresse wird nur von diesem Laptop aus zugegriffen und zwar über das "Windows Email" Programm. Beim 1. Mal war der Laptop im Urlaub dabei und hat dort das Wlan der Vermieterin genutzt. Die Unityhotline irg welche Tipps gegeben ( war leider nicht dabei ) und anschließend war alles gut.
Diesmal ist es wieder direkt am ersten Tag des Urlaubs ( also Laptop über fremdes Wlan benutzt ) passiert und Antivir findet einfach nichts. Provider hat nur mit der permanenten Sperrung der Email gedroht :heulen:
Vielen Dank schon mal im Vorraus,
Thomas
Defogger: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:15 on 22/12/2014 (detlef)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2014 01
Ran by detlef (administrator) on DETLEF-PC on 22-12-2014 15:17:41
Running from C:\Users\detlef\Desktop
Loaded Profile: detlef (Available profiles: detlef)
Platform: Microsoft® Windows Vista™ Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ieuser.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2012-08-30] (Microsoft Corporation)
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [446635 2008-06-03] (Creative Technology Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3444736 2007-12-08] (Dell Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2008-02-15] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-21] (APN)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3628282582-583965577-2510337440-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-3628282582-583965577-2510337440-1000\...\RunOnce: [Adobe Speed Launcher] => 1418831906
HKU\S-1-5-21-3628282582-583965577-2510337440-1000\...\RunOnce: [HPSoftwareUpdate] => C:\Program Files\HP\HP Software Update\HPWUCli.exe [642360 2013-06-05] (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\detlef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKU\S-1-5-21-3628282582-583965577-2510337440-1000 -> Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\detlef\AppData\Roaming\Mozilla\Firefox\Profiles\uoprrkz8.default
FF Homepage: www.google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\detlef\AppData\Roaming\Mozilla\Firefox\Profiles\uoprrkz8.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\detlef\AppData\Roaming\Mozilla\Firefox\Profiles\uoprrkz8.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF Extension: Adblock Plus - C:\Users\detlef\AppData\Roaming\Mozilla\Firefox\Profiles\uoprrkz8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-08]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-11-26]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe [73728 2007-09-20] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [647168 2007-07-25] (Intel Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-06-04] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-07-25] (Intel Corporation) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe [102400 2008-02-15] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2007-12-08] (Dell Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-22 15:17 - 2014-12-22 15:18 - 00011506 _____ () C:\Users\detlef\Desktop\FRST.txt
2014-12-22 15:17 - 2014-12-22 15:17 - 00000000 ____D () C:\FRST
2014-12-22 15:15 - 2014-12-22 15:16 - 00000474 _____ () C:\Users\detlef\Desktop\defogger_disable.log
2014-12-22 15:15 - 2014-12-22 15:15 - 00000000 _____ () C:\Users\detlef\defogger_reenable
2014-12-22 15:14 - 2014-12-22 15:11 - 00050477 _____ () C:\Users\detlef\Desktop\Defogger.exe
2014-12-22 15:14 - 2014-12-22 15:09 - 00380416 _____ () C:\Users\detlef\Desktop\Gmer-19357.exe
2014-12-22 15:14 - 2014-12-22 15:07 - 01114112 _____ (Farbar) C:\Users\detlef\Desktop\FRST.exe
2014-12-22 15:03 - 2014-12-22 15:03 - 00000000 ____D () C:\Users\detlef\AppData\Roaming\HpUpdate
2014-12-22 15:02 - 2014-12-22 15:02 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-12-12 20:26 - 2014-12-12 20:26 - 00000938 _____ () C:\Users\detlef\Desktop\Windows Media Player.lnk
2014-12-09 16:11 - 2014-12-09 16:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-22 15:15 - 2012-08-31 16:29 - 00000420 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{97AFF26E-DE75-444B-AFE6-8277A352578C}.job
2014-12-22 15:15 - 2012-08-28 20:12 - 00000000 ____D () C:\Users\detlef
2014-12-22 15:15 - 2006-11-02 11:33 - 01461736 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-22 15:03 - 2012-08-31 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-12-22 14:52 - 2006-11-02 13:52 - 01487116 _____ () C:\Windows\WindowsUpdate.log
2014-12-22 14:52 - 2006-11-02 13:47 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 14:52 - 2006-11-02 13:47 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-17 19:51 - 2012-08-30 19:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-17 16:30 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-16 20:10 - 2006-11-02 14:01 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-15 17:26 - 2013-12-15 15:45 - 00000000 ____D () C:\Users\detlef\Documents\Kochbuch 2
2014-12-14 20:39 - 2012-08-31 16:35 - 00000000 ____D () C:\Users\detlef\Documents\Kurzspeicher
2014-12-11 09:13 - 2012-08-30 13:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 09:10 - 2013-07-11 09:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 09:07 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-10 23:09 - 2014-11-17 20:06 - 00000000 ____D () C:\Users\detlef\Documents\NHL
2014-12-10 23:09 - 2012-08-31 16:35 - 00000000 ____D () C:\Users\detlef\Documents\Schule
2014-12-10 13:48 - 2014-11-18 15:46 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-10 13:48 - 2014-11-18 15:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-10 13:48 - 2013-08-22 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-10 13:48 - 2013-08-22 18:21 - 00000000 ____D () C:\Program Files\Avira
2014-12-09 22:24 - 2012-08-30 19:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-09 18:56 - 2012-08-31 16:29 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-09 18:53 - 2012-08-30 19:56 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 18:53 - 2012-08-30 19:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-08 23:40 - 2012-08-30 20:51 - 00002631 _____ () C:\Users\detlef\Desktop\Microsoft Office Word 2007.lnk
Some content of TEMP:
====================
C:\Users\detlef\AppData\Local\Temp\avgnt.exe
C:\Users\detlef\AppData\Local\Temp\ose00000.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-17 16:45
==================== End Of Log ============================
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2014 01
Ran by detlef at 2014-12-22 15:18:24
Running from C:\Users\detlef\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C1500}) (Version: 12.21.0.3946 - APN, LLC)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D4200 (Version: 90.0.235.000 - Hewlett-Packard) Hidden
D4200_Help (Version: 90.0.235.000 - Hewlett-Packard) Hidden
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Ihr Firmenname)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1007.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: - )
Dell Wireless WLAN Karte (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
DeviceDiscovery (Version: 90.0.205.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
dj_sf_ProductContext (Version: 90.0.235.000 - Hewlett-Packard) Hidden
dj_sf_software (Version: 90.0.235.000 - Hewlett-Packard) Hidden
dj_sf_software_req (Version: 90.0.235.000 - Hewlett-Packard) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Deskjet Printer Driver Software 9.0 (HKLM\...\{03E66394-42F0-4745-85F7-0A2F8F35C09F}) (Version: 9.0 - HP)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Ihr Firmenname)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.1419.1 - Creative Technology Ltd)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.22.6.3 - Marvell)
mCore (Version: 9.24.0000 - Intel Corporation) Hidden
mDriver (Version: 9.24.0000 - Intel) Hidden
mHelp (Version: 9.24.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mMHouse (Version: 9.24.0000 - Intel Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
mPfMgr (Version: 9.24.0000 - Intel Corporation) Hidden
mWMI (Version: 9.24.0000 - Intel Corporation) Hidden
PanoStandAlone (Version: 90.0.146.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 8.2.17 - Dell Inc.)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3628282582-583965577-2510337440-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
==================== Restore Points =========================
14-08-2014 13:37:24 Windows Update
25-08-2014 19:59:06 Geplanter Prüfpunkt
27-08-2014 15:26:36 Geplanter Prüfpunkt
11-09-2014 19:49:36 Windows Update
15-10-2014 10:38:26 Windows Update
28-10-2014 18:57:49 Geplanter Prüfpunkt
13-11-2014 17:50:30 Windows Update
19-11-2014 19:44:09 Geplanter Prüfpunkt
24-11-2014 16:01:35 Geplanter Prüfpunkt
11-12-2014 09:02:16 Windows Update
22-12-2014 15:02:21 Installed HP Update.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {8C510525-D35D-4C9B-B9AB-C3E5636D3BF8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {B70236F3-6424-496F-A959-A9C45CC506AE} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - detlef => C:\Program Files\Windows Calendar\wincal.exe [2012-08-30] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{97AFF26E-DE75-444B-AFE6-8277A352578C}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2012-08-30 15:40 - 2007-12-08 13:34 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2012-08-30 15:40 - 2007-12-08 13:34 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2014-11-20 14:09 - 2014-11-20 14:09 - 00245760 _____ () C:\Program Files\Avira\My Avira\System.ComponentModel.Composition.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3628282582-583965577-2510337440-500 - Administrator - Disabled)
detlef (S-1-5-21-3628282582-583965577-2510337440-1000 - Administrator - Enabled) => C:\Users\detlef
Gast (S-1-5-21-3628282582-583965577-2510337440-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/16/2014 06:18:14 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (12/15/2014 06:48:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung bcmwltry.exe, Version 4.170.25.12, Zeitstempel 0x46f3437a, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x03ca7722,
Prozess-ID 0x5d4, Anwendungsstartzeit bcmwltry.exe0.
Error: (12/15/2014 02:44:56 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (12/15/2014 00:02:35 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (12/15/2014 10:51:09 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (12/15/2014 10:31:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung bcmwltry.exe, Version 4.170.25.12, Zeitstempel 0x46f3437a, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x03ca975a,
Prozess-ID 0x5c8, Anwendungsstartzeit bcmwltry.exe0.
Error: (12/15/2014 08:49:37 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (12/15/2014 08:36:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung bcmwltry.exe, Version 4.170.25.12, Zeitstempel 0x46f3437a, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x03ca975a,
Prozess-ID 0x5c4, Anwendungsstartzeit bcmwltry.exe0.
Error: (12/15/2014 07:00:26 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (12/14/2014 10:11:16 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
System errors:
=============
Error: (12/16/2014 08:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/16/2014 08:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/16/2014 08:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/16/2014 08:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/16/2014 08:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/16/2014 08:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/16/2014 08:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/16/2014 08:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Error: (12/16/2014 08:07:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (12/16/2014 05:59:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-12-12 21:17:36.522
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-12 20:38:02.058
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-06-28 19:24:48.260
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-06-28 19:24:48.217
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-06-28 19:13:02.000
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-06-28 19:13:01.963
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-06-28 19:12:52.552
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-06-28 19:12:52.501
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 49%
Total physical RAM: 2037.43 MB
Available physical RAM: 1029.34 MB
Total Pagefile: 4292.16 MB
Available Pagefile: 2926.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.69 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.45 GB) (Free:103.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (MULTIBOOT) (Removable) (Total:7.5 GB) (Free:7.48 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: A8000000)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)
==================== End Of Log ============================
Gmer Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-22 15:41:21
Windows 6.0.6000 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9160821AS rev.3.CDE 149,05GB
Running: Gmer-19357.exe; Driver: C:\Users\detlef\AppData\Local\Temp\uxlyrpod.sys
---- System - GMER 2.1 ----
SSDT 8BB23674 ZwClose
SSDT 8BB2367E ZwCreateSection
SSDT 8BB2366F ZwDuplicateObject
SSDT 8BB23610 ZwOpenProcess
SSDT 8BB23615 ZwOpenThread
SSDT 8BB23688 ZwRequestWaitReplyPort
SSDT 8BB23683 ZwSetContextThread
SSDT 8BB2368D ZwSetSecurityObject
SSDT 8BB23692 ZwSystemDebugControl
SSDT 8BB2361F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 368 81C80874 4 Bytes [74, 36, B2, 8B] {JZ 0x38; MOV DL, 0x8b}
.text ntkrnlpa.exe!ZwCallbackReturn + 3D4 81C808E0 4 Bytes [7E, 36, B2, 8B] {JLE 0x38; MOV DL, 0x8b}
.text ntkrnlpa.exe!ZwCallbackReturn + 73C 81C80C48 4 Bytes [83, 36, B2, 8B]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[4956] USER32.dll!DialogBoxIndirectParamW 767114EA 5 Bytes JMP 66472046 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4956] USER32.dll!MessageBoxExA 7672570D 5 Bytes JMP 66471F8D C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4956] USER32.dll!DialogBoxParamA 767265BF 5 Bytes JMP 6647200B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4956] USER32.dll!MessageBoxIndirectW 7672F1B3 5 Bytes JMP 663217EA C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4956] USER32.dll!DialogBoxParamW 7673129F 5 Bytes JMP 662FF4B9 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4956] USER32.dll!DialogBoxIndirectParamA 767529C9 5 Bytes JMP 66472081 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4956] USER32.dll!MessageBoxIndirectA 7675FACF 5 Bytes JMP 66471FC7 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4956] USER32.dll!MessageBoxExW 7675FBC9 5 Bytes JMP 66471F53 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4956] ole32.dll!OleLoadFromStream 763208B2 5 Bytes JMP 66472243 C:\Windows\system32\IEFRAME.dll
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- EOF - GMER 2.1 ----
|
