Win Vista/ Avira geblockt, Onlinebanking geknackt
Liebes Team vom Trojaner-Board,
auch ich habe mir einen Trojaner eingefangen, der hier schon von einigen anderen beschrieben wurde:
- Ich wurde von der Sparkasse informiert, dass ich einen Trojaner auf meinem Rechner haben muss und dass mein Onlinebanking gesperrt wurde; nähere Infos habe ich nicht erhalten.
- Habe daraufhin bemerkt, dass mein Avira (free antivirus) nicht mehr automatisch startet und dass ich es nicht mehr öffnen kann: es erscheint die Fehlermeldung „dieses Programm wurde durch eine Gruppenrichtlinie geblockt. Weitere Informationen erhalten Sie vom Systemadministrator.
- Nutze Windows Vista Home Premium
Es wäre klasse, wenn ihr mir helfen könntet, diesen Trojaner wieder loszuwerden. Bin leider in solchen PC-Fragen nicht erfahren…
Beim gmer-scan kam immer wieder die Fehlermeldung hoch, dass ich einen Datenträger in Laufwerk \device\harddisk1\DR1 einlegen soll. Hoffe, die Datei hilft trotzdem weiter.
VIELEN DANK!
FRST Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014
Ran by Kathinka (administrator) on UNI-PC on 06-06-2014 19:40:11
Running from C:\Users\Kathinka\Downloads
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Empolis GmbH) C:\Program Files\Common Files\Gnab\Service\ServiceController.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Windows\System32\PSIService.exe
(Buhl Data Service GmbH) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\Launch Manager\LaunchAp.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron) C:\Program Files\Launch Manager\WButton.exe
(Creative Technology Ltd.) C:\Windows\V0330Mon.exe
() C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
() C:\Program Files\XSManager\XSManager.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6025216 2008-04-01] (Realtek Semiconductor)
HKLM\...\Run: [LaunchAp] => C:\Program Files\Launch Manager\LaunchAp.exe [32768 2007-09-01] ()
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [188416 2007-09-06] (Wistron)
HKLM\...\Run: [CtrlVol] => "C:\Program Files\Launch Manager\CtrlVol.exe"
HKLM\...\Run: [LMgrOSD] => C:\Program Files\Launch Manager\OSD.exe [180224 2006-12-26] (Wistron Corp.)
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [86016 2007-09-07] (Wistron)
HKLM\...\Run: [toolbar_eula_launcher] => C:\Program Files\GoogleEULA\EULALauncher.exe
HKLM\...\Run: [V0330Mon.exe] => C:\Windows\V0330Mon.exe [32768 2007-04-30] (Creative Technology Ltd.)
HKLM\...\Run: [Corel Photo Downloader] => "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
HKLM\...\Run: [Corel File Shell Monitor] => C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16200 2007-10-30] ()
HKLM\...\Run: [C:\Windows\system32\V0330Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0330Ext.ax
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-03] (CANON INC.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [starter4g] => C:\Windows\starter4g.exe [160424 2010-04-30] (4G Systems GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-03-04] (Google Inc.)
HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\Run: [AvaviRfodo] => regsvr32.exe "C:\ProgramData\AvaviRfodo.dat"
HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\MountPoints2: {111c54ff-6441-11dd-8d1b-806e6f6e6963} - F:\start.exe
HKU\S-1-5-21-3867355369-645538684-1367898025-1003\...\MountPoints2: {25dd7336-7595-11e1-ac80-000ae4ce131d} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\start.html
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.de/ips-opdata/uploadClients/fuji/jordan.cab
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{6DC217A0-369C-408F-AAB1-EF67936B3CD0}: [NameServer]193.189.244.206 193.189.244.225
FireFox:
========
FF ProfilePath: C:\Users\Kathinka\AppData\Roaming\Mozilla\Firefox\Profiles\ajvq10vs.default
FF Homepage: hxxp://login.rz.ruhr-uni-bochum.de/login.html
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @MagellanGPS.com/CommunicationPlugin - C:\Program Files\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Kathinka\AppData\Roaming\Mozilla\Firefox\Profiles\ajvq10vs.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-01-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
========================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-24] (Avira Operations GmbH & Co. KG)
S4 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-08-29] (Cisco Systems, Inc.)
S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-19] (Empolis GmbH)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 srvcPVR; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [1801216 2008-02-28] (Buhl Data Service GmbH)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2006-06-14] (Ulead Systems, Inc.)
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2007-09-11] (Wistron Corp.)
R2 WTGService; C:\Program Files\XSManager\WTGService.exe [329848 2013-05-06] ()
R2 XS Stick Service; C:\Windows\service4g.exe [145064 2010-04-30] (4G Systems GmbH & Co. KG)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-23] (Avira Operations GmbH & Co. KG)
R3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2013-11-24] (Mobile Connector)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-08-29] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)
R1 Hotkey; C:\Windows\system32\Drivers\Hotkey.sys [9867 2003-04-28] ()
R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210736 2007-06-01] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-05] (Avira GmbH)
S3 V0330VID; C:\Windows\System32\DRIVERS\V0330Vid.sys [157696 2007-08-08] (Creative Technology Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-06 19:40 - 2014-06-06 19:40 - 00016396 _____ () C:\Users\Kathinka\Downloads\FRST.txt
2014-06-06 19:39 - 2014-06-06 19:40 - 00000000 ____D () C:\FRST
2014-06-06 19:39 - 2014-06-06 19:39 - 01063424 _____ (Farbar) C:\Users\Kathinka\Downloads\FRST.exe
2014-06-06 19:36 - 2014-06-06 19:36 - 00050477 _____ () C:\Users\Kathinka\Downloads\Defogger.exe
2014-06-06 19:36 - 2014-06-06 19:36 - 00000000 _____ () C:\Users\Kathinka\defogger_reenable
2014-06-05 19:23 - 2014-06-05 19:23 - 00000000 ____D () C:\test
2014-06-04 19:53 - 2014-06-04 19:55 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\XSManager
2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla
2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla
2014-06-04 18:00 - 2014-06-04 18:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Avira
2014-06-04 17:38 - 2014-06-04 17:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2014-06-04 17:38 - 2014-06-04 17:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-05-30 09:01 - 2014-05-30 09:01 - 02570453 _____ () C:\Users\Kathinka\Desktop\Documents\nils.pptx
2014-05-26 20:43 - 2014-05-26 20:43 - 00285841 _____ (Microsoft Corporation) C:\ProgramData\AvaviRfodo.dat
2014-05-13 19:53 - 2014-05-14 19:00 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
2014-06-06 19:40 - 2014-06-06 19:40 - 00016396 _____ () C:\Users\Kathinka\Downloads\FRST.txt
2014-06-06 19:40 - 2014-06-06 19:39 - 00000000 ____D () C:\FRST
2014-06-06 19:40 - 2009-08-15 22:58 - 00000394 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{158DDB20-B365-4628-993E-6DBF362FE748}.job
2014-06-06 19:40 - 2008-08-07 08:38 - 00000000 ____D () C:\Users\Kathinka\AppData\Local\Temp
2014-06-06 19:39 - 2014-06-06 19:39 - 01063424 _____ (Farbar) C:\Users\Kathinka\Downloads\FRST.exe
2014-06-06 19:38 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 19:38 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 19:36 - 2014-06-06 19:36 - 00050477 _____ () C:\Users\Kathinka\Downloads\Defogger.exe
2014-06-06 19:36 - 2014-06-06 19:36 - 00000000 _____ () C:\Users\Kathinka\defogger_reenable
2014-06-06 19:36 - 2008-08-07 09:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-06 19:36 - 2008-08-07 08:38 - 00000000 ____D () C:\Users\Kathinka
2014-06-06 19:26 - 2008-08-07 08:33 - 01472335 _____ () C:\Windows\WindowsUpdate.log
2014-06-06 19:26 - 2008-01-21 09:16 - 01541724 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-06 19:25 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\tracing
2014-06-06 19:11 - 2008-04-21 14:44 - 00002631 _____ () C:\Users\Kathinka\Desktop\Microsoft Office Word 2007.lnk
2014-06-06 19:05 - 2009-01-05 19:17 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-06 19:04 - 2010-02-03 08:02 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-06 19:04 - 2009-01-12 16:17 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-06-06 19:04 - 2008-08-07 08:38 - 00000948 _____ () C:\Users\Kathinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-06 19:04 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 19:31 - 2006-11-02 15:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-05 19:23 - 2014-06-05 19:23 - 00000000 ____D () C:\test
2014-06-05 19:05 - 2009-01-05 18:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Temp
2014-06-05 19:03 - 2010-02-03 08:02 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-04 19:55 - 2014-06-04 19:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\XSManager
2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla
2014-06-04 18:09 - 2014-06-04 18:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla
2014-06-04 18:00 - 2014-06-04 18:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Avira
2014-06-04 17:38 - 2014-06-04 17:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2014-06-04 17:38 - 2014-06-04 17:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-06-04 17:38 - 2009-01-05 18:45 - 00104568 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-04 17:38 - 2009-01-05 18:45 - 00000953 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-04 17:38 - 2009-01-05 18:45 - 00000919 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-06-04 17:30 - 2008-08-11 20:24 - 00000000 ____D () C:\Users\Nils\AppData\Local\Temp
2014-06-04 17:15 - 2012-06-21 17:38 - 00000000 ____D () C:\Users\Kathinka\Desktop\Documents\Kostenrechner
2014-06-04 10:47 - 2008-08-11 20:25 - 00104568 _____ () C:\Users\Nils\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-04 10:46 - 2009-08-15 22:58 - 00000953 _____ () C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-04 10:44 - 2011-01-30 17:09 - 00000000 ____D () C:\Users\Kathinka\Desktop\Documents\Steuerfälle
2014-06-04 10:44 - 2009-04-05 18:32 - 00000000 ____D () C:\Users\Kathinka\Desktop\Documents\Förmliches
2014-06-04 10:44 - 2008-08-07 14:43 - 00000000 ____D () C:\Users\Kathinka\Desktop\Documents\Bio
2014-05-30 09:01 - 2014-05-30 09:01 - 02570453 _____ () C:\Users\Kathinka\Desktop\Documents\nils.pptx
2014-05-26 20:43 - 2014-05-26 20:43 - 00285841 _____ (Microsoft Corporation) C:\ProgramData\AvaviRfodo.dat
2014-05-22 18:31 - 2012-02-14 16:35 - 00000682 _____ () C:\Users\Kathinka\Desktop\Documents\OuProxy.log
2014-05-17 10:38 - 2010-02-08 12:16 - 00000000 ____D () C:\SECentral
2014-05-14 22:23 - 2013-08-19 16:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-14 19:00 - 2014-05-13 19:53 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
Files to move or delete:
====================
C:\ProgramData\00etadpu.pad
C:\ProgramData\AvaviRfodo.dat
Some content of TEMP:
====================
C:\Users\Kathinka\AppData\Local\Temp\AskSLib.dll
C:\Users\Kathinka\AppData\Local\Temp\AskSLib.exe
C:\Users\Kathinka\AppData\Local\Temp\avgnt.exe
C:\Users\Kathinka\AppData\Local\Temp\CTPBSEQ.EXE
C:\Users\Kathinka\AppData\Local\Temp\DelayInst.exe
C:\Users\Kathinka\AppData\Local\Temp\GDM3C15.exe
C:\Users\Kathinka\AppData\Local\Temp\installservice.exe
C:\Users\Kathinka\AppData\Local\Temp\instmsi.exe
C:\Users\Kathinka\AppData\Local\Temp\instmsiw.exe
C:\Users\Kathinka\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Kathinka\AppData\Local\Temp\NEW58F8.tmp.exe
C:\Users\Kathinka\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kathinka\AppData\Local\Temp\unwise.exe
C:\Users\Kathinka\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\Kathinka\AppData\Local\Temp\WZCPlugin_VISTA.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-06-06 19:11
==================== End Of Log ============================
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-06-2014
Ran by Kathinka at 2014-06-06 19:40:40
Running from C:\Users\Kathinka\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
3531-W-D (HKLM\...\{BD1587F7-B8D0-4111-8F1F-3327628AB02F}) (Version: 1.5.18 - Silicon Image)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2 - Adobe Systems, Inc) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.62 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 Security Update 1 (KB403742) (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81200000003}_Adobe Reader 8.1.2 - Deutsch) (Version: - )
Adobe Shockwave Player 11 (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version: - )
Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Benutzerhandbuch für Creative WebCam Vista (Deutsch) (HKLM\...\Benutzerhandbuch für Creative WebCam Vista German) (Version: - )
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version: - )
Canon MP240 series Benutzerregistrierung (HKLM\...\Canon MP240 series Benutzerregistrierung) (Version: - )
Canon MP240 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
Cisco Systems VPN Client 5.0.04.0300 (HKLM\...\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}) (Version: 5.0.4 - Cisco Systems, Inc.)
Clone Manager 7 (HKLM\...\Clone Manager 7) (Version: - )
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel MediaOne (HKLM\...\{A062A15F-9CAC-4B88-98DF-87628A0BD721}) (Version: 2.00.0000 - Corel Corporation)
Corel Paint Shop Pro Photo X2 (HKLM\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.010.0000 - Corel Corporation)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang BR (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang ES (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang FR (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang IT (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang NL (Version: 14.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version: - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (Version: 1.0 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version: - Corel Corporation)
Creative Live! Cam Center (HKLM\...\Creative Live! Cam Center) (Version: - )
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: - )
Creative Systeminformationen (HKLM\...\SysInfo) (Version: - )
Creative WebCam Vista/Live! Cam Chat Driver (1.11.01.00) (HKLM\...\Creative VF0330) (Version: - )
DC++ 0.674 (HKLM\...\DC++) (Version: 0.674 - Jacek Sieka)
dm Digi Foto (HKLM\...\dm Digi Foto) (Version: 2.3.0.93 - Imaxel Lab S.L)
EndNote 9 (HKLM\...\{33CE9398-8C1A-11D9-8BDE-F66BAD1E3F3A}) (Version: 9.0.0.1425 - Thomson ResearchSoft)
Firebird SQL Server - MAGIX Edition (HKLM\...\Firebird SQL Server D) (Version: 2.0.1.8 - MAGIX AG)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Heidi Klum Butterfly MousePointer (HKLM\...\Heidi Klum Butterfly MousePointer) (Version: - )
Inkjet Printer/Scanner Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.385 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0-B9.385 - InterVideo Inc.) Hidden
ISI ResearchSoft - Export Helper (HKLM\...\ISI ResearchSoft - Export Helper) (Version: - )
Java(TM) 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Launch Manager V1.4.9 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.4.9 - Wistron Corp.)
Letstrade (HKLM\...\{E0091C29-DEE8-4B24-BF65-8C35B5940D77}) (Version: 1.00.0000 - Buhl Data Service)
Magellan Communicator (HKLM\...\InstallShield_{0FD5FD0B-4BA6-47A1-99C3-F8A964C3CCA5}) (Version: 1.15.020 - Magellan Navigation, Inc.)
Magellan Communicator (Version: 1.15.020 - Magellan Navigation, Inc.) Hidden
MEDION Fotos auf CD Nord (HKLM\...\MEDION Fotos auf CD Nord D) (Version: 6.0.2.0 - MAGIX AG)
Medion Media Center 0 (Version: 1.0.12.0 - Medion) Hidden
MEDIONbox (HKLM\...\{27FDF949-69CE-435A-8372-339F72336AC5}) (Version: 1.09.0000.00052 - Medion)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2742597) (HKLM\...\M2742597) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Move Networks Media Player for Internet Explorer (HKLM\...\Move Networks Player - IE) (Version: - )
Mozilla Firefox (3.0.7) (HKLM\...\Mozilla Firefox (3.0.7)) (Version: 3.0.7 (de) - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{47948554-90C6-4AAC-8CFA-D23CE11C1031}) (Version: 8.3.124 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.8 - Frank Heindörfer, Philip Chinery)
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Ralink Wireless LAN (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.00.0000 - RaLink)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5595 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Sceneo AbsolutTV (HKLM\...\{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}) (Version: - )
SecureW2 EAP Suite 1.1.2 for Windows (HKLM\...\SecureW2 EAP Suite) (Version: - )
Skype™ 5.10 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.114 - Skype Technologies S.A.)
Steuer-Software 2011 (HKLM\...\{923BC9EF-A7FC-4E6D-8056-F1534DFCE530}) (Version: 16.14 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Software 2012 (HKLM\...\{F19178B7-F232-4E97-8511-E4D37A339E9C}) (Version: 17.07 - Wolters Kluwer Deutschland GmbH)
Steuer-Software 2014 (HKLM\...\{77D53A25-9700-42C7-8305-8E469FEBEE30}) (Version: 19.09.86 - Akademische Arbeitsgemeinschaft)
Ulead DVD MovieFactory 5 (HKLM\...\{FF164702-AF8B-4F2F-8038-74A4C536866B}) (Version: 5.3 - Ulead Systems, Inc.)
Ulead PhotoImpact 12 (HKLM\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Live ID-Anmelde-Assistent (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)
Windows Live Messenger (HKLM\...\{279DB581-239C-4E13-97F8-0F48E40BE75C}) (Version: 8.1.0178.00 - Microsoft Corporation)
XSManager (HKLM\...\XSManager) (Version: 3.2 - XSManager)
==================== Restore Points =========================
07-01-2014 16:13:51 STEUEReasy 2014 wurde installiert.
11-01-2014 19:11:24 Geplanter Prüfpunkt
10-02-2014 17:11:51 Geplanter Prüfpunkt
25-02-2014 19:21:59 Geplanter Prüfpunkt
03-03-2014 06:17:50 Geplanter Prüfpunkt
14-03-2014 10:12:12 Geplanter Prüfpunkt
19-03-2014 17:34:35 Geplanter Prüfpunkt
29-04-2014 17:28:04 Geplanter Prüfpunkt
06-05-2014 17:06:54 Geplanter Prüfpunkt
15-05-2014 20:29:14 Geplanter Prüfpunkt
19-05-2014 17:11:43 Geplanter Prüfpunkt
22-05-2014 20:04:47 Geplanter Prüfpunkt
01-06-2014 14:30:39 Geplanter Prüfpunkt
04-06-2014 10:14:41 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1E14A5A3-F104-4344-9D42-1795BADC0687} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)
Task: {2D6C0954-2E17-4B6F-BB24-FF4731E04F2A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {856F9422-F39D-41C9-ACE1-C632E54EBEB9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-03] (Google Inc.)
Task: {A7202F29-CE92-40F4-BD57-58E21FD7F254} - System32\Tasks\{6D9B42A6-9A89-4A16-B4A6-D58A11A5BE75} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.114.259/de/abandoninstall?source=lightinstaller&page=tsBing
Task: {BD435F55-A8E7-4253-BEB5-1467339E24D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FA02C62A-F440-4BE7-B24B-88A95DD60786} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{158DDB20-B365-4628-993E-6DBF362FE748}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2009-10-25 21:29 - 2001-10-28 18:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-04-05 18:18 - 2013-04-05 18:05 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-04-06 16:45 - 2013-04-06 16:45 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6d2b0e45\mscorlib.dll
2013-04-06 16:45 - 2013-04-06 16:45 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_84aa44c9\system.dll
2013-04-06 16:45 - 2013-04-06 16:45 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_08158c44\system.windows.forms.dll
2013-04-06 16:45 - 2013-04-06 16:45 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_7ae0156b\system.xml.dll
2008-04-22 08:37 - 2007-04-19 12:11 - 00006656 _____ () c:\program files\medion\medionbox\program\structconverter.dll
2009-10-23 07:29 - 2009-04-11 08:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2008-04-22 08:30 - 2007-05-16 22:48 - 00421955 _____ () C:\Program Files\Sceneo\AbsolutTV\Services\PVR\tvtvRemote.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00329848 ____N () C:\Program Files\XSManager\WTGService.exe
2008-04-21 09:37 - 2007-09-01 14:03 - 00032768 _____ () C:\Program Files\Launch Manager\LaunchAp.exe
2007-10-30 19:52 - 2007-10-30 19:52 - 00016200 _____ () C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2011-10-05 04:52 - 2011-10-05 04:52 - 00756048 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-11-24 21:14 - 2013-05-06 15:45 - 01611896 ____N () C:\Program Files\XSManager\XSManager.exe
2013-11-24 21:14 - 2013-05-06 15:45 - 00018040 ____N () C:\Program Files\XSManager\WTGDebugs.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00399480 ____N () C:\Program Files\XSManager\WtgCore.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00049784 ____N () C:\Program Files\XSManager\WtgDriverInstall.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00231544 ____N () C:\Program Files\XSManager\WtgUtil.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00186488 ____N () C:\Program Files\XSManager\WtgDetection.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00092280 ____N () C:\Program Files\XSManager\WtgPorts.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00112760 ____N () C:\Program Files\XSManager\WtgDatabase.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00084088 ____N () C:\Program Files\XSManager\WtgDialup.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00145528 ____N () C:\Program Files\XSManager\WtgBluetooth.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00895096 ____N () C:\Program Files\XSManager\4GSystems_OneClickAssistantGer.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00604280 ____N () C:\Program Files\XSManager\WTGXMLUtil.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00202872 ____N () C:\Program Files\XSManager\WTGSMSPCClient.Dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00011896 ____N () C:\Program Files\XSManager\4GSystems_WTGSMSPCClientGer.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00018040 ____N () C:\Program Files\XSManager\WTGDriverInstallX.Dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00263288 ____N () C:\Program Files\XSManager\WtgMobileBroadband7.dll
2013-11-24 21:14 - 2013-05-06 15:45 - 00546936 ____N () C:\Program Files\XSManager\WtgNdisQmiUtil.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: CVPND => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk => C:\Windows\pss\VPN Client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Kathinka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: msnmsgr => "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/06/2014 07:10:58 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (06/06/2014 07:05:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 07:16:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 07:03:45 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy19,0xc0000000,0x00000003,...)". hr = 0x80070005.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (06/05/2014 06:55:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/04/2014 08:20:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/04/2014 08:11:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/04/2014 08:10:39 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (06/04/2014 08:03:29 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (06/04/2014 06:01:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/06/2014 07:26:00 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.
Error: (06/06/2014 07:25:53 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.
Error: (06/06/2014 07:05:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/05/2014 07:16:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/05/2014 07:06:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
Error: (06/05/2014 06:56:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058
Error: (06/05/2014 06:55:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/04/2014 08:21:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058
Error: (06/04/2014 08:20:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/04/2014 08:11:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: avipbb
avkmgr
Hotkey
spldr
ssmdrv
Wanarpv6
Microsoft Office Sessions:
=========================
Error: (05/25/2014 11:10:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3277 seconds with 3000 seconds of active time. This session ended with a crash.
Error: (04/14/2013 11:34:04 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash.
Error: (09/26/2010 06:29:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1344 seconds with 1080 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-04-05 21:24:58.292
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:57.980
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:57.652
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:57.340
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:56.966
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:56.654
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:56.326
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:56.014
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:55.624
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-04-05 21:24:55.312
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 3061.69 MB
Available physical RAM: 1595.73 MB
Total Pagefile: 6341.65 MB
Available Pagefile: 4872.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.97 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:207.5 GB) (Free:81.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:25.37 GB) (Free:12.93 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 4B64DFC2)
Partition 1: (Active) - (Size=207 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=25 GB) - (Type=OF Extended)
==================== End Of Log ============================
GMER: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-06 21:07:11
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 232,89GB
Running: q373ohiw.exe; Driver: C:\Users\Kathinka\AppData\Local\Temp\pfldapow.sys
---- System - GMER 2.1 ----
SSDT 8C926936 ZwCreateSection
SSDT 8C926940 ZwRequestWaitReplyPort
SSDT 8C92693B ZwSetContextThread
SSDT 8C926945 ZwSetSecurityObject
SSDT 8C92694A ZwSystemDebugControl
SSDT 8C9268D7 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 820AD8D8 4 Bytes [36, 69, 92, 8C]
.text ntkrnlpa.exe!KeSetEvent + 539 820ADBFC 4 Bytes [40, 69, 92, 8C]
.text ntkrnlpa.exe!KeSetEvent + 56D 820ADC30 4 Bytes [3B, 69, 92, 8C]
.text ntkrnlpa.exe!KeSetEvent + 5D1 820ADC94 4 Bytes [45, 69, 92, 8C]
.text ntkrnlpa.exe!KeSetEvent + 619 820ADCDC 4 Bytes [4A, 69, 92, 8C]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Launch Manager\WButton.exe[1140] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 022F887E
.text C:\Program Files\Launch Manager\WButton.exe[1140] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 022F8927
.text C:\Program Files\Launch Manager\WButton.exe[1140] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 022F8A78
.text C:\Program Files\Launch Manager\WButton.exe[1140] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 022F89CC
.text C:\Program Files\Launch Manager\WButton.exe[1140] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 022F744E
.text C:\Windows\RtHDVCpl.exe[1284] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 029C887E
.text C:\Windows\RtHDVCpl.exe[1284] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 029C8927
.text C:\Windows\RtHDVCpl.exe[1284] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 029C8A78
.text C:\Windows\RtHDVCpl.exe[1284] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 029C89CC
.text C:\Windows\RtHDVCpl.exe[1284] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 029C744E
.text C:\Windows\System32\hkcmd.exe[1328] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 01BF887E
.text C:\Windows\System32\hkcmd.exe[1328] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 01BF8927
.text C:\Windows\System32\hkcmd.exe[1328] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 01BF8A78
.text C:\Windows\System32\hkcmd.exe[1328] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 01BF89CC
.text C:\Windows\System32\hkcmd.exe[1328] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 01BF744E
.text C:\Program Files\Launch Manager\HotkeyApp.exe[1332] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 02FC887E
.text C:\Program Files\Launch Manager\HotkeyApp.exe[1332] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02FC8927
.text C:\Program Files\Launch Manager\HotkeyApp.exe[1332] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02FC8A78
.text C:\Program Files\Launch Manager\HotkeyApp.exe[1332] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 02FC89CC
.text C:\Program Files\Launch Manager\HotkeyApp.exe[1332] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 02FC744E
.text C:\Windows\System32\igfxpers.exe[1344] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0235887E
.text C:\Windows\System32\igfxpers.exe[1344] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02358927
.text C:\Windows\System32\igfxpers.exe[1344] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02358A78
.text C:\Windows\System32\igfxpers.exe[1344] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 023589CC
.text C:\Windows\System32\igfxpers.exe[1344] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0235744E
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1408] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0207887E
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1408] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02078927
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1408] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02078A78
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1408] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 020789CC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1408] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0207744E
.text C:\Program Files\Launch Manager\OSD.exe[1800] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 015A887E
.text C:\Program Files\Launch Manager\OSD.exe[1800] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 015A8927
.text C:\Program Files\Launch Manager\OSD.exe[1800] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 015A8A78
.text C:\Program Files\Launch Manager\OSD.exe[1800] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 015A89CC
.text C:\Program Files\Launch Manager\OSD.exe[1800] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 015A744E
.text C:\Program Files\Launch Manager\LaunchAp.exe[1944] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 009F887E
.text C:\Program Files\Launch Manager\LaunchAp.exe[1944] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 009F8927
.text C:\Program Files\Launch Manager\LaunchAp.exe[1944] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 009F8A78
.text C:\Program Files\Launch Manager\LaunchAp.exe[1944] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 009F89CC
.text C:\Program Files\Launch Manager\LaunchAp.exe[1944] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 009F744E
.text C:\Windows\Explorer.EXE[2092] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 054B887E
.text C:\Windows\Explorer.EXE[2092] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 054B8927
.text C:\Windows\Explorer.EXE[2092] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 054B8A78
.text C:\Windows\Explorer.EXE[2092] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 054B89CC
.text C:\Windows\Explorer.EXE[2092] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 054B744E
.text C:\Windows\system32\taskeng.exe[2128] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 028E887E
.text C:\Windows\system32\taskeng.exe[2128] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 028E8927
.text C:\Windows\system32\taskeng.exe[2128] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 028E8A78
.text C:\Windows\system32\taskeng.exe[2128] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 028E89CC
.text C:\Windows\system32\taskeng.exe[2128] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 028E744E
.text C:\Windows\V0330Mon.exe[2144] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0210887E
.text C:\Windows\V0330Mon.exe[2144] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02108927
.text C:\Windows\V0330Mon.exe[2144] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02108A78
.text C:\Windows\V0330Mon.exe[2144] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 021089CC
.text C:\Windows\V0330Mon.exe[2144] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0210744E
.text C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe[2304] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 01AA887E
.text C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe[2304] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 01AA8927
.text C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe[2304] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 01AA8A78
.text C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe[2304] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 01AA89CC
.text C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe[2304] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 01AA744E
.text C:\Windows\starter4g.exe[3196] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0190887E
.text C:\Windows\starter4g.exe[3196] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 01908927
.text C:\Windows\starter4g.exe[3196] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 01908A78
.text C:\Windows\starter4g.exe[3196] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 019089CC
.text C:\Windows\starter4g.exe[3196] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0190744E
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3332] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 01B9887E
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3332] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 01B98927
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3332] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 01B98A78
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3332] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 01B989CC
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3332] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 01B9744E
.text C:\Windows\system32\wbem\unsecapp.exe[3400] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 01AD887E
.text C:\Windows\system32\wbem\unsecapp.exe[3400] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 01AD8927
.text C:\Windows\system32\wbem\unsecapp.exe[3400] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 01AD8A78
.text C:\Windows\system32\wbem\unsecapp.exe[3400] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 01AD89CC
.text C:\Windows\system32\wbem\unsecapp.exe[3400] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 01AD744E
.text C:\Windows\ehome\ehtray.exe[3536] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 008F887E
.text C:\Windows\ehome\ehtray.exe[3536] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 008F8927
.text C:\Windows\ehome\ehtray.exe[3536] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 008F8A78
.text C:\Windows\ehome\ehtray.exe[3536] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 008F89CC
.text C:\Windows\ehome\ehtray.exe[3536] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 008F744E
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3556] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0232887E
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3556] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02328927
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3556] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02328A78
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3556] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 023289CC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3556] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0232744E
.text C:\Program Files\Windows Sidebar\sidebar.exe[3564] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 02BA887E
.text C:\Program Files\Windows Sidebar\sidebar.exe[3564] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02BA8927
.text C:\Program Files\Windows Sidebar\sidebar.exe[3564] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02BA8A78
.text C:\Program Files\Windows Sidebar\sidebar.exe[3564] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 02BA89CC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3564] CRYPT32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 02BA744E
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3572] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0240887E
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3572] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02408927
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3572] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02408A78
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3572] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 024089CC
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[3572] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0240744E
.text C:\Windows\ehome\ehmsas.exe[3808] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 00D3887E
.text C:\Windows\ehome\ehmsas.exe[3808] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 00D38927
.text C:\Windows\ehome\ehmsas.exe[3808] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 00D38A78
.text C:\Windows\ehome\ehmsas.exe[3808] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 00D389CC
.text C:\Windows\ehome\ehmsas.exe[3808] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 00D3744E
.text C:\Windows\system32\igfxsrvc.exe[3856] kernel32.dll!CreateProcessW 77161BF3 5 Bytes JMP 0287887E
.text C:\Windows\system32\igfxsrvc.exe[3856] kernel32.dll!CreateProcessA 77161C28 5 Bytes JMP 02878927
.text C:\Windows\system32\igfxsrvc.exe[3856] ADVAPI32.dll!CreateProcessAsUserA 768DCEB9 5 Bytes JMP 02878A78
.text C:\Windows\system32\igfxsrvc.exe[3856] ADVAPI32.dll!CreateProcessAsUserW 768F1EE9 5 Bytes JMP 028789CC
.text C:\Windows\system32\igfxsrvc.exe[3856] Crypt32.dll!PFXImportCertStore 752B989D 5 Bytes JMP 0287744E
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@y!s!\24!r!s!`!\30!y!\24!\24!t!\30!c!y!s!d! 19583823
---- EOF - GMER 2.1 ----
|
Hinweis: