Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne

Mülltonne: Nation Zoom endgültig vernichtet?

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 08.01.2014, 21:53   #1
rocabe
 
Nation Zoom endgültig vernichtet? - Standard

Nation Zoom endgültig vernichtet?



Hallo und guten Abend,
nachdem ich mir heute den Virus Nation Zoom eingefangen habe, und versucht habe, ihn wieder loszuwerden, bin ich mir nicht mehr sicher, ob es mir gelungen ist. Daher hier jetzt meine Anfrage, auf Hilfe:

Hier nun die Ergebnisse:

frst

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014 01
Ran by Msi (administrator) on MSI-MSI on 08-01-2014 21:15:21
Running from C:\Users\Msi\Downloads
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
() C:\Program Files (x86)\MSI Game Corner\Game Console\OberonGameConsoleService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
() Q:\140066.deu\Office14\MSOSYNC.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-06-29] (Realtek Semiconductor)
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\FspUip.exe [3768832 2009-12-17] (Sentelic Corporation)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [NortonOnlineBackup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1112920 2010-03-06] (Symantec Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-17] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [] - [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [3207912 2013-07-23] (Microsoft Corporation)
HKCU\...\Run: [ShowBatteryBar] - C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2013-04-11] ()
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\...\Run: [FLV Player] - C:\Users\Msi\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
AppInit_DLLs:    [ ] ()
Startup: C:\Users\Msi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=105&systemid=473&v=a9397-147&apn_uid=3302503315214174&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=105&systemid=473&v=a9397-147&apn_uid=3302503315214174&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=105&systemid=473&v=a9397-147&apn_uid=3302503315214174&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {768936BC-6EAE-4A4B-9602-35422E918D61} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=0009199c0000000000004e5d6083cb02&toi=16078&r=836
SearchScopes: HKCU - {B8AAEBCB-5D25-4583-8404-943E678232F3} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {FD88D162-AB23-4097-B2CB-9E8C9C131252} URL = 
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Msi\AppData\Roaming\Mozilla\Firefox\Profiles\uue0gtmt.default-1389208964760
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Extension: (Google Wallet) - C:\Users\Msi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1
CHR HKLM-x32\...\Chrome\Extension: [aaaaimdcedbpbcjjbbnfcbbjcngmomic] - C:\Users\Msi\AppData\Local\somotomoviestoolbar1\GC\toolbar.crx
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
S2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-03-06] (Symantec Corporation)
R2 OberonGameConsoleService; C:\Program Files (x86)\MSI Game Corner\Game Console\OberonGameConsoleService.exe [44432 2010-01-27] ()
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 EUCR; C:\Windows\system32\DRIVERS\EUCR6SK.SYS [87888 2009-12-04] (ENE Technology Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 smserial; C:\Windows\System32\DRIVERS\SmSerl64.sys [1227776 2009-06-10] (Motorola Inc.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-23] (Kaspersky Lab ZAO)
S3 MGHwCtrl; \??\C:\Program Files\msi\msi Software Install\MGHwCtrl.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-08 21:15 - 2014-01-08 21:15 - 00017525 _____ C:\Users\Msi\Downloads\FRST.txt
2014-01-08 21:15 - 2014-01-08 21:15 - 00000000 ____D C:\FRST
2014-01-08 21:14 - 2014-01-08 21:14 - 01931770 _____ (Farbar) C:\Users\Msi\Downloads\FRST64.exe
2014-01-08 21:11 - 2014-01-08 21:13 - 00000468 _____ C:\Users\Msi\Downloads\defogger_disable.log
2014-01-08 21:11 - 2014-01-08 21:11 - 00000000 _____ C:\Users\Msi\defogger_reenable
2014-01-08 21:10 - 2014-01-08 21:10 - 00050477 _____ C:\Users\Msi\Downloads\Defogger.exe
2014-01-08 20:39 - 2014-01-08 20:43 - 00000000 ____D C:\AdwCleaner
2014-01-08 20:39 - 2014-01-08 20:40 - 55797027 _____ C:\Users\Msi\Desktop\LFO1801_140108_203928.zip
2014-01-08 20:38 - 2014-01-08 20:38 - 01233962 _____ C:\Users\Msi\Downloads\adwcleaner.exe
2014-01-08 20:09 - 2014-01-08 20:09 - 00001123 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-08 20:09 - 2014-01-08 20:09 - 00000000 ____D C:\Users\Msi\AppData\Roaming\Malwarebytes
2014-01-08 20:09 - 2014-01-08 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-08 20:09 - 2014-01-08 20:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-08 20:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-08 20:08 - 2014-01-08 20:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Msi\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-08 15:35 - 2014-01-08 15:35 - 00001579 _____ C:\Users\Msi\Desktop\E-mail.lnk
2014-01-08 15:13 - 2014-01-08 15:16 - 00000000 ____D C:\Users\Msi\AppData\Roaming\Windows Live Writer
2014-01-08 15:13 - 2014-01-08 15:13 - 00000000 ____D C:\Users\Msi\AppData\Local\Windows Live Writer
2014-01-08 15:10 - 2014-01-08 15:10 - 00000020 _____ C:\windows\@õÛ
2014-01-08 15:06 - 2014-01-08 15:06 - 00000000 ____D C:\5a6913622ce208af00d2f2
2014-01-08 15:04 - 2014-01-08 20:27 - 00000000 ____D C:\ProgramData\Updater
2014-01-08 15:04 - 2014-01-08 20:27 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-08 14:42 - 2014-01-08 14:53 - 00000306 __RSH C:\Users\Msi\ntuser.pol
2014-01-08 14:41 - 2014-01-08 14:51 - 00000000 ____D C:\Users\Msi\AppData\Local\cache
2014-01-08 14:41 - 2014-01-08 14:48 - 00000000 ____D C:\Users\Msi\AppData\Local\genienext
2014-01-08 14:41 - 2014-01-08 14:41 - 00000000 ____D C:\Users\Msi\.android
2014-01-08 14:41 - 2014-01-08 14:41 - 00000000 _____ C:\Users\Msi\daemonprocess.txt
2014-01-08 14:35 - 2014-01-08 15:09 - 00000000 ____D C:\Program Files\Windows Live
2014-01-08 14:32 - 2014-01-08 14:32 - 00000358 _____ C:\windows\DirectX.log
2014-01-08 14:31 - 2010-08-11 06:19 - 03860992 _____ (Microsoft Corporation) C:\windows\system32\UIRibbon.dll
2014-01-08 14:31 - 2010-08-11 06:13 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\UIRibbonRes.dll
2014-01-08 14:31 - 2010-08-11 05:44 - 02983424 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIRibbon.dll
2014-01-08 14:31 - 2010-08-11 05:35 - 01164800 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIRibbonRes.dll
2014-01-08 14:30 - 2010-05-23 11:15 - 01619456 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-01-08 14:30 - 2010-05-23 11:11 - 03181568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-01-08 14:30 - 2010-05-23 11:11 - 00196608 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfreadwrite.dll
2014-01-08 14:30 - 2010-05-23 09:37 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-01-08 14:30 - 2010-05-23 09:35 - 04068864 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-01-08 14:30 - 2010-05-23 09:35 - 00257024 _____ (Microsoft Corporation) C:\windows\system32\mfreadwrite.dll
2014-01-08 14:30 - 2010-05-23 09:35 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-01-08 14:25 - 2014-01-08 15:12 - 00000000 ____D C:\Users\Msi\AppData\Local\Windows Live
2013-12-28 15:50 - 2013-12-28 15:51 - 55796428 _____ C:\Users\Msi\Desktop\LFO1801_131228_155029.zip
2013-12-28 15:12 - 2013-12-28 15:12 - 00000000 ____D C:\Users\Msi\AppData\Roaming\DataDesign
2013-12-27 13:27 - 2013-12-27 13:28 - 55787441 _____ C:\Users\Msi\Desktop\(SYS)LFO1801_131227_132627.zip
2013-12-21 13:47 - 2013-12-21 13:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 11:12 - 2013-12-21 11:12 - 00000000 ____D C:\Beitragsabrechnung
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____D C:\Stundenjournal
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____D C:\Lohnkonto
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____D C:\Lohnjournal Jahresbericht
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____D C:\Lohnabrechnung
2013-12-13 16:03 - 2013-12-13 16:03 - 00051752 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\FKStampPainter20.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 04955176 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxXtreme110.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 01340456 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxTool112.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00209960 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxBasics100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00129576 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxMail100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00106536 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxUISettingsN100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00070184 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxCI12.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00065576 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxPXTree100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00051752 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LXCurr100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00028200 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxTPSW100.dll

==================== One Month Modified Files and Folders =======

2014-01-08 21:15 - 2014-01-08 21:15 - 00017525 _____ C:\Users\Msi\Downloads\FRST.txt
2014-01-08 21:15 - 2014-01-08 21:15 - 00000000 ____D C:\FRST
2014-01-08 21:14 - 2014-01-08 21:14 - 01931770 _____ (Farbar) C:\Users\Msi\Downloads\FRST64.exe
2014-01-08 21:13 - 2014-01-08 21:11 - 00000468 _____ C:\Users\Msi\Downloads\defogger_disable.log
2014-01-08 21:11 - 2014-01-08 21:11 - 00000000 _____ C:\Users\Msi\defogger_reenable
2014-01-08 21:11 - 2013-02-06 14:36 - 00000000 ____D C:\Users\Msi
2014-01-08 21:10 - 2014-01-08 21:10 - 00050477 _____ C:\Users\Msi\Downloads\Defogger.exe
2014-01-08 21:02 - 2013-02-06 16:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-08 20:55 - 2009-07-14 05:45 - 00017376 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-08 20:55 - 2009-07-14 05:45 - 00017376 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-08 20:52 - 2013-02-06 15:47 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-08 20:51 - 2013-02-06 14:34 - 01515819 _____ C:\windows\WindowsUpdate.log
2014-01-08 20:46 - 2013-02-10 14:06 - 00001100 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-08 20:46 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-08 20:45 - 2013-02-06 18:02 - 00041469 _____ C:\windows\setupact.log
2014-01-08 20:44 - 2013-12-03 15:44 - 00002783 _____ C:\Users\Public\Desktop\Lexware financial office.lnk
2014-01-08 20:43 - 2014-01-08 20:39 - 00000000 ____D C:\AdwCleaner
2014-01-08 20:43 - 2013-10-23 13:59 - 00000000 ____D C:\Users\Msi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2014-01-08 20:43 - 2013-02-10 14:09 - 00001292 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-08 20:43 - 2013-02-06 15:27 - 00001063 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-08 20:43 - 2013-02-06 14:55 - 00001176 _____ C:\Users\Msi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-08 20:43 - 2013-02-06 14:55 - 00000989 _____ C:\Users\Msi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-01-08 20:42 - 2013-02-16 19:52 - 00000000 ____D C:\Users\Msi\AppData\Roaming\SoftGrid Client
2014-01-08 20:40 - 2014-01-08 20:39 - 55797027 _____ C:\Users\Msi\Desktop\LFO1801_140108_203928.zip
2014-01-08 20:40 - 2013-02-06 18:38 - 00000000 ____D C:\ProgramData\Lexware
2014-01-08 20:38 - 2014-01-08 20:38 - 01233962 _____ C:\Users\Msi\Downloads\adwcleaner.exe
2014-01-08 20:38 - 2013-02-10 14:06 - 00001104 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-08 20:27 - 2014-01-08 15:04 - 00000000 ____D C:\ProgramData\Updater
2014-01-08 20:27 - 2014-01-08 15:04 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-08 20:27 - 2013-02-10 18:18 - 00015664 _____ C:\windows\PFRO.log
2014-01-08 20:09 - 2014-01-08 20:09 - 00001123 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-08 20:09 - 2014-01-08 20:09 - 00000000 ____D C:\Users\Msi\AppData\Roaming\Malwarebytes
2014-01-08 20:09 - 2014-01-08 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-08 20:09 - 2014-01-08 20:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-08 20:08 - 2014-01-08 20:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Msi\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-08 17:52 - 2013-02-06 14:55 - 00000000 ___RD C:\Users\Msi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-08 16:15 - 2013-07-08 21:03 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2014-01-08 15:35 - 2014-01-08 15:35 - 00001579 _____ C:\Users\Msi\Desktop\E-mail.lnk
2014-01-08 15:26 - 2013-02-08 16:12 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{650751A0-29F4-4199-810B-E2EAD6E5ACC8}
2014-01-08 15:16 - 2014-01-08 15:13 - 00000000 ____D C:\Users\Msi\AppData\Roaming\Windows Live Writer
2014-01-08 15:13 - 2014-01-08 15:13 - 00000000 ____D C:\Users\Msi\AppData\Local\Windows Live Writer
2014-01-08 15:12 - 2014-01-08 14:25 - 00000000 ____D C:\Users\Msi\AppData\Local\Windows Live
2014-01-08 15:10 - 2014-01-08 15:10 - 00000020 _____ C:\windows\@õÛ
2014-01-08 15:10 - 2013-02-06 14:49 - 00000000 ____D C:\Program Files (x86)\Windows Live
2014-01-08 15:09 - 2014-01-08 14:35 - 00000000 ____D C:\Program Files\Windows Live
2014-01-08 15:06 - 2014-01-08 15:06 - 00000000 ____D C:\5a6913622ce208af00d2f2
2014-01-08 14:53 - 2014-01-08 14:42 - 00000306 __RSH C:\Users\Msi\ntuser.pol
2014-01-08 14:51 - 2014-01-08 14:41 - 00000000 ____D C:\Users\Msi\AppData\Local\cache
2014-01-08 14:48 - 2014-01-08 14:41 - 00000000 ____D C:\Users\Msi\AppData\Local\genienext
2014-01-08 14:42 - 2009-07-14 04:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2014-01-08 14:42 - 2009-07-14 04:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2014-01-08 14:41 - 2014-01-08 14:41 - 00000000 ____D C:\Users\Msi\.android
2014-01-08 14:41 - 2014-01-08 14:41 - 00000000 _____ C:\Users\Msi\daemonprocess.txt
2014-01-08 14:34 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-08 14:32 - 2014-01-08 14:32 - 00000358 _____ C:\windows\DirectX.log
2014-01-05 18:50 - 2010-07-21 21:44 - 00709838 _____ C:\windows\system32\perfh007.dat
2014-01-05 18:50 - 2010-07-21 21:44 - 00153984 _____ C:\windows\system32\perfc007.dat
2014-01-05 18:50 - 2009-07-14 06:13 - 01648640 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-02 22:16 - 2009-07-14 06:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-12-28 15:51 - 2013-12-28 15:50 - 55796428 _____ C:\Users\Msi\Desktop\LFO1801_131228_155029.zip
2013-12-28 15:12 - 2013-12-28 15:12 - 00000000 ____D C:\Users\Msi\AppData\Roaming\DataDesign
2013-12-27 17:46 - 2013-03-20 17:12 - 00004096 _____ C:\Users\Public\Documents\000016E5.LCS
2013-12-27 13:28 - 2013-12-27 13:27 - 55787441 _____ C:\Users\Msi\Desktop\(SYS)LFO1801_131227_132627.zip
2013-12-22 17:05 - 2013-02-06 15:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 13:47 - 2013-12-21 13:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 12:16 - 2013-02-20 08:51 - 00000000 ____D C:\Program Files (x86)\svnet
2013-12-21 11:12 - 2013-12-21 11:12 - 00000000 ____D C:\Beitragsabrechnung
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____D C:\Stundenjournal
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____D C:\Lohnkonto
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____D C:\Lohnjournal Jahresbericht
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____D C:\Lohnabrechnung
2013-12-15 14:48 - 2013-08-18 22:54 - 00000000 ____D C:\windows\system32\MRT
2013-12-15 14:45 - 2013-02-10 18:25 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-14 15:01 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF
2013-12-13 16:03 - 2013-12-13 16:03 - 00051752 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\FKStampPainter20.dll
2013-12-11 22:48 - 2009-07-14 04:20 - 00000000 ____D C:\windows\Help
2013-12-11 21:52 - 2013-02-06 15:47 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 21:52 - 2013-02-06 15:47 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 21:52 - 2013-02-06 15:47 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 15:40 - 2013-12-11 15:40 - 04955176 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxXtreme110.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 01340456 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxTool112.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00209960 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxBasics100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00129576 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxMail100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00106536 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxUISettingsN100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00070184 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxCI12.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00065576 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxPXTree100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00051752 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LXCurr100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00028200 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxTPSW100.dll
2013-12-10 23:12 - 2012-08-02 15:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klim6.sys
2013-12-10 23:12 - 2012-06-19 17:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\kl1.sys
2013-12-09 21:33 - 2013-02-10 14:06 - 00004100 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-09 21:33 - 2013-02-10 14:06 - 00003848 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

Files to move or delete:
====================
C:\Users\Msi\setup.exe


Some content of TEMP:
====================
C:\Users\Msi\AppData\Local\Temp\autorun.dll
C:\Users\Msi\AppData\Local\Temp\BackupSetup.exe
C:\Users\Msi\AppData\Local\Temp\BatteryBarSetup-3.5.7.exe
C:\Users\Msi\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Msi\AppData\Local\Temp\Mobogenie_Setup_2-1-35_517.exe
C:\Users\Msi\AppData\Local\Temp\Quarantine.exe
C:\Users\Msi\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn.exe
C:\Users\Msi\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-08 13:45

==================== End Of Log ============================
         
frst plus addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2014 01
Ran by Msi at 2014-01-08 21:16:45
Running from C:\Users\Msi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Anti-Virus (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638 - Adobe Systems, Inc)
Alice Greenfingers (x32 Version:  - Oberon Media)
Allgemeine Runtime Files (x86) (Version: 1.0.3.5 - Sereby Corporation)
Apple Application Support (x32 Version: 2.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.10.94 - ArcSoft)
ArcSoft Print Creations - Album Page (x32 Version:  - ArcSoft)
ArcSoft Print Creations - Brochures & Flyers (x32 Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (x32 Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse II (x32 Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (x32 Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (x32 Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (x32 Version:  - ArcSoft)
ArcSoft Print Creations - Photo Prints (x32 Version:  - ArcSoft)
ArcSoft Print Creations - Poster Creator (x32 Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (x32 Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (x32 Version:  - ArcSoft)
ArcSoft Print Creations (x32 Version: 3.0.255.487 - ArcSoft)
ArcSoft WebCam Companion 3 (x32 Version: 3.0.32.221 - ArcSoft)
BatteryBar (remove only) (Version:  - )
BurnRecovery (x32 Version: 3.0.1003.801 - Micro-Star International Co., Ltd.)
CCleaner (Version: 3.24 - Piriform)
Chicken Invaders 2 (x32 Version:  - Oberon Media)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dakota.ag (x32 Version: 6.0 - ITSG GmbH)
dakota.ag (x32 Version: 6.0 - ITSG GmbH) Hidden
DirectX 9.0c Extra Files (x86, x64) (Version: 1.10.06.0 - Sereby Corporation)
ElsterFormular (x32 Version: 14.3.11574 - Landesfinanzdirektion Thüringen)
Finger Sensing Pad Driver (Version: 8.5.6.4 - Sentelic)
FreeRIP Toolbar v8.5 (x32 Version: 8.5 - Spigot, Inc.)
G DATA Logox4 Speechengine (x32 Version:  - G DATA Software AG)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Home Sweet Home (x32 Version:  - Oberon Media)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2119 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 10 (64-bit) (Version: 7.0.100 - Oracle)
Java 7 Update 10 (x32 Version: 7.0.100 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Lernwerkstatt 8 (x32 Version: 8.00.0000 - Medienwerkstatt Mühlacker Verlagsgesellschaft mbH)
Lernwerkstatt 8 (x32 Version: 8.00.0000 - Medienwerkstatt Mühlacker Verlagsgesellschaft mbH) Hidden
Lexware Elster (x32 Version: 13.15.00.0074 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (x32 Version: 18.0.0.98 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (x32 Version: 18.02.00.0136 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Info Service (x32 Version: 4.01.00.0077 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 3.01.00.0011 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware online banking (x32 Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
Lexware Sepa Check (x32 Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden
LSI HDA Modem (Version: 2.2.98 - LSI Corporation)
Mahjong Escape Ancient China (x32 Version:  - Oberon Media)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 SP1 (Version:  - )
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Movies Toolbar for Chrome (Dist. by Somoto Ltd.) (x32 Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Movies Toolbar for Internet Explorer (Dist. by Somoto Ltd.) (x32 Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSI Game Corner Console (x32 Version: 5.5.0.1 - Oberon Media, Inc.)
msi Software Install (x32 Version: 3.1000.1005.1101 - Micro-Star International Co., Ltd.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Norton Online Backup (x32 Version: 2.1.13580 - Symantec Corporation)
NVIDIA Drivers (Version: 1.10.61.39 - NVIDIA Corporation)
NVIDIA Updatus (x32 Version: 1.0.3 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Presto! PageManager 7.15.16 (x32 Version: 7.15.16 - NewSoft Technology Corporation)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Samsung Kies (x32 Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
sv.net (x32 Version: 13.1 - ITSG GmbH)
T-Online 6.0 (x32 Version:  - )
Updater (x32 Version: 2.6.53 - Creative Island Media, LLC)
VLC media player 2.0.4 (Version: 2.0.4 - VideoLAN)
Win7codecs (x32 Version: 3.8.6 - Shark007)
Windows Driver Package - ENE (EUCR) USB  (12/04/2009 5.89.0.64) (Version: 12/04/2009 5.89.0.64 - ENE)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
WinRAR archiver (x32 Version:  - )
x64 Components v3.8.6 (Version: 3.8.6 - Shark007)

==================== Restore Points  =========================

06-12-2013 19:47:41 Windows Update
11-12-2013 14:05:39 Windows Update
11-12-2013 21:47:51 Installed Lexware online banking.
15-12-2013 13:44:24 Windows Update
21-12-2013 09:16:04 Windows Update
24-12-2013 19:46:31 Windows Update
01-01-2014 16:08:52 Windows Update
08-01-2014 13:25:45 Windows Live Essentials
08-01-2014 13:30:09 Windows Update
08-01-2014 13:31:23 Windows Update
08-01-2014 13:31:59 DirectX wurde installiert
08-01-2014 13:32:50 DirectX wurde installiert
08-01-2014 13:33:13 DirectX wurde installiert
08-01-2014 13:35:30 WLSetup
08-01-2014 14:08:19 Windows Live Essentials
08-01-2014 14:08:50 WLSetup

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {83BCF11C-F92F-4000-8DCF-E20A5E86D735} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-10] (Google Inc.)
Task: {8F1139E4-5AA8-478B-8650-A912F6987966} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-10] (Google Inc.)
Task: {A928AA64-EC17-4D0F-9254-30E870980E85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {B8F9439A-416C-45FC-A4C7-725EE81CB136} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {E31EEC72-B98A-4526-849D-6C527F4D10F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-07-21 22:17 - 2009-12-17 12:51 - 00049152 _____ () C:\Program Files\FSP\KbdHook.dll
2010-07-21 22:17 - 2009-12-17 12:51 - 00080896 _____ () C:\Program Files\FSP\FspLib.dll
2012-08-17 21:39 - 2013-02-07 15:04 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
2013-09-26 12:20 - 2013-09-26 12:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 12:20 - 2013-09-26 12:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2013-12-06 21:36 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-06 21:36 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-06 21:36 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-06 21:36 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-06 21:36 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-02-08 16:18 - 2013-02-08 16:18 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d89f0252d910d617de1de783a812f840\IsdiInterop.ni.dll
2010-07-21 23:17 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-12-06 21:36 - 2013-12-04 03:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/08/2014 07:57:10 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (01/08/2014 03:32:20 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Name des fehlerhaften Moduls: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001df22e
ID des fehlerhaften Prozesses: 0x1694
Startzeit der fehlerhaften Anwendung: 0xMail.exe0
Pfad der fehlerhaften Anwendung: Mail.exe1
Pfad des fehlerhaften Moduls: Mail.exe2
Berichtskennung: Mail.exe3

Error: (01/08/2014 03:18:06 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Name des fehlerhaften Moduls: funMsgMc.dll, Version: 6.7.0.2, Zeitstempel: 0x4faba629
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00020d4f
ID des fehlerhaften Prozesses: 0x1b98
Startzeit der fehlerhaften Anwendung: 0xMail.exe0
Pfad der fehlerhaften Anwendung: Mail.exe1
Pfad des fehlerhaften Moduls: Mail.exe2
Berichtskennung: Mail.exe3

Error: (01/08/2014 03:18:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Name des fehlerhaften Moduls: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001df22e
ID des fehlerhaften Prozesses: 0x1b98
Startzeit der fehlerhaften Anwendung: 0xMail.exe0
Pfad der fehlerhaften Anwendung: Mail.exe1
Pfad des fehlerhaften Moduls: Mail.exe2
Berichtskennung: Mail.exe3

Error: (01/08/2014 03:12:56 PM) (Source: ESENT) (User: )
Description: wlmail (12336) WindowsLiveMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (01/08/2014 03:07:28 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Name des fehlerhaften Moduls: funMsgMc.dll, Version: 6.7.0.2, Zeitstempel: 0x4faba629
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00020d4f
ID des fehlerhaften Prozesses: 0x1504
Startzeit der fehlerhaften Anwendung: 0xMail.exe0
Pfad der fehlerhaften Anwendung: Mail.exe1
Pfad des fehlerhaften Moduls: Mail.exe2
Berichtskennung: Mail.exe3

Error: (01/08/2014 03:07:21 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Name des fehlerhaften Moduls: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001df22e
ID des fehlerhaften Prozesses: 0x1504
Startzeit der fehlerhaften Anwendung: 0xMail.exe0
Pfad der fehlerhaften Anwendung: Mail.exe1
Pfad des fehlerhaften Moduls: Mail.exe2
Berichtskennung: Mail.exe3

Error: (01/08/2014 02:42:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Name des fehlerhaften Moduls: funMsgMc.dll, Version: 6.7.0.2, Zeitstempel: 0x4faba629
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00020d4f
ID des fehlerhaften Prozesses: 0xdc8
Startzeit der fehlerhaften Anwendung: 0xMail.exe0
Pfad der fehlerhaften Anwendung: Mail.exe1
Pfad des fehlerhaften Moduls: Mail.exe2
Berichtskennung: Mail.exe3

Error: (01/08/2014 02:42:28 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Name des fehlerhaften Moduls: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001df22e
ID des fehlerhaften Prozesses: 0xdc8
Startzeit der fehlerhaften Anwendung: 0xMail.exe0
Pfad der fehlerhaften Anwendung: Mail.exe1
Pfad des fehlerhaften Moduls: Mail.exe2
Berichtskennung: Mail.exe3

Error: (01/08/2014 02:26:37 PM) (Source: Microsoft-Windows-RestartManager) (User: Msi-msi)
Description: Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren werden.


System errors:
=============
Error: (01/08/2014 08:46:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Lexware Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/08/2014 08:46:34 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Lexware Update Service erreicht.

Error: (01/08/2014 07:59:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update Spring Smart" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/08/2014 07:31:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Client Virtualization Handler" ist vom Dienst "Application Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1053

Error: (01/08/2014 07:31:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Application Virtualization Client" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/08/2014 07:31:54 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Application Virtualization Client erreicht.

Error: (01/08/2014 05:52:04 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/05/2014 08:23:32 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/05/2014 05:48:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Oberon Media Game Console service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/05/2014 05:48:39 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Oberon Media Game Console service erreicht.


Microsoft Office Sessions:
=========================
Error: (01/08/2014 07:57:10 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (01/08/2014 03:32:20 PM) (Source: Application Error)(User: )
Description: Mail.exe6.10.0.54faba5f4Mail.exe6.10.0.54faba5f4c0000005001df22e169401cf0c7cc594ef6dC:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeC:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeadf9a8ec-7871-11e3-94bf-6c626d29f565

Error: (01/08/2014 03:18:06 PM) (Source: Application Error)(User: )
Description: Mail.exe6.10.0.54faba5f4funMsgMc.dll6.7.0.24faba629c000000500020d4f1b9801cf0c7c01cbc0e4C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeC:\PROGRA~2\T-Online\T-ONLI~1\eMail\bin\funMsgMc.dllb0f003f4-786f-11e3-94bf-6c626d29f565

Error: (01/08/2014 03:18:04 PM) (Source: Application Error)(User: )
Description: Mail.exe6.10.0.54faba5f4Mail.exe6.10.0.54faba5f4c0000005001df22e1b9801cf0c7c01cbc0e4C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeC:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeafaeaa2f-786f-11e3-94bf-6c626d29f565

Error: (01/08/2014 03:12:56 PM) (Source: ESENT)(User: )
Description: wlmail12336WindowsLiveMail0:

Error: (01/08/2014 03:07:28 PM) (Source: Application Error)(User: )
Description: Mail.exe6.10.0.54faba5f4funMsgMc.dll6.7.0.24faba629c000000500020d4f150401cf0c7ad10b9ed2C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeC:\PROGRA~2\T-Online\T-ONLI~1\eMail\bin\funMsgMc.dll3499cfcf-786e-11e3-94bf-6c626d29f565

Error: (01/08/2014 03:07:21 PM) (Source: Application Error)(User: )
Description: Mail.exe6.10.0.54faba5f4Mail.exe6.10.0.54faba5f4c0000005001df22e150401cf0c7ad10b9ed2C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeC:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exe301e788b-786e-11e3-94bf-6c626d29f565

Error: (01/08/2014 02:42:37 PM) (Source: Application Error)(User: )
Description: Mail.exe6.10.0.54faba5f4funMsgMc.dll6.7.0.24faba629c000000500020d4fdc801cf0c6cc675e031C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeC:\PROGRA~2\T-Online\T-ONLI~1\eMail\bin\funMsgMc.dllbbaa0e18-786a-11e3-a700-6c626d29f565

Error: (01/08/2014 02:42:28 PM) (Source: Application Error)(User: )
Description: Mail.exe6.10.0.54faba5f4Mail.exe6.10.0.54faba5f4c0000005001df22edc801cf0c6cc675e031C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeC:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeb65adc5b-786a-11e3-a700-6c626d29f565

Error: (01/08/2014 02:26:37 PM) (Source: Microsoft-Windows-RestartManager)(User: Msi-msi)
Description: 1SearchIndexer.exeWindows Search03026216113960


CodeIntegrity Errors:
===================================
  Date: 2014-01-08 13:49:26.793
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-08 13:49:26.791
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-08 13:49:26.788
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-08 13:49:26.772
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-08 13:49:26.770
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-08 13:49:26.767
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-03 16:36:35.902
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-03 16:36:35.902
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-03 16:36:35.902
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-03 16:36:35.887
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 3886 MB
Available physical RAM: 1882.11 MB
Total Pagefile: 7770.14 MB
Available Pagefile: 5283.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:273.4 GB) (Free:206.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:177.26 GB) (Free:7.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 18C3A4CD)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=273 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=177 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Gmer kann ich nicht mehr einkopieren, weil der Text dann zu lang ist.



defogger funktionierte nicht.

Vielen Dank für eure Unterstützung.

Rocabe

Alt 08.01.2014, 21:56   #2
rocabe
 
Nation Zoom endgültig vernichtet? - Standard

Nation Zoom endgültig vernichtet?



Hier noch gmer.text

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-08 21:31:58
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: hdxldfvk.exe; Driver: C:\Users\Msi\AppData\Local\Temp\fxldypog.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1408] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                        00000000775e1465 2 bytes [5E, 77]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1408] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                       00000000775e14bb 2 bytes [5E, 77]
.text    ...                                                                                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1512] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey                                                                                                            0000000077b1fa38 5 bytes JMP 00000001754619e8
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1512] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                     0000000077b1ffc8 5 bytes JMP 000000017546209e
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2124] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                       00000000775e1465 2 bytes [5E, 77]
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2124] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                      00000000775e14bb 2 bytes [5E, 77]
.text    ...                                                                                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2332] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                    00000000775e1465 2 bytes [5E, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2332] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                   00000000775e14bb 2 bytes [5E, 77]
.text    ...                                                                                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2988] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                            00000000775e1465 2 bytes [5E, 77]
.text    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2988] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                           00000000775e14bb 2 bytes [5E, 77]
.text    ...                                                                                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[3396] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE!?SparseBitMask@DataSourceDescription@FlexUI@@2HB + 960  000000002d525984 4 bytes [2B, 3B, 5D, 68]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[3396] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                     00000000775e1465 2 bytes [5E, 77]
.text    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[3396] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                    00000000775e14bb 2 bytes [5E, 77]
.text    ...                                                                                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[3828] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                            00000000775e1465 2 bytes [5E, 77]
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[3828] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                           00000000775e14bb 2 bytes [5E, 77]
.text    ...                                                                                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2000] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                  00000000775e1465 2 bytes [5E, 77]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2000] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                 00000000775e14bb 2 bytes [5E, 77]
.text    ...                                                                                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3644] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                             00000000775e1465 2 bytes [5E, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3644] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                            00000000775e14bb 2 bytes [5E, 77]
.text    ...                                                                                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                         00000000775e1465 2 bytes [5E, 77]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                        00000000775e14bb 2 bytes [5E, 77]
.text    ...                                                                                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3696] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                            00000000775e1465 2 bytes [5E, 77]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3696] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                           00000000775e14bb 2 bytes [5E, 77]
.text    ...                                                                                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3296] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                   00000000775e1465 2 bytes [5E, 77]
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3296] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                  00000000775e14bb 2 bytes [5E, 77]
.text    ...                                                                                                                                                                                                                                   * 2
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtClose                                                                                                                                                           0000000077b1f970 5 bytes JMP 0000000165fc6f86
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtQueryObject                                                                                                                                                     0000000077b1f988 5 bytes JMP 0000000165fc741f
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtOpenKey                                                                                                                                                         0000000077b1f9b8 5 bytes JMP 0000000165fc1027
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtEnumerateValueKey                                                                                                                                               0000000077b1f9d0 5 bytes JMP 0000000165fc08b2
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtQueryKey                                                                                                                                                        0000000077b1fa20 5 bytes JMP 0000000165fc072c
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey                                                                                                                                                   0000000077b1fa38 5 bytes JMP 0000000165fc083a
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtCreateKey                                                                                                                                                       0000000077b1fad0 5 bytes JMP 0000000165fc13d1
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                                                                                                              0000000077b1fbc8 5 bytes JMP 0000000165fc53c5
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtEnumerateKey                                                                                                                                                    0000000077b1fcdc 5 bytes JMP 0000000165fc06b4
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                                                                                        0000000077b1fcf4 5 bytes JMP 0000000165fc59b5
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                                                                                              0000000077b1fd28 5 bytes JMP 0000000165fc4a3a
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                                                                                 0000000077b1fdd4 5 bytes JMP 0000000165fc7001
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile                                                                                                                                             0000000077b1fdec 5 bytes JMP 0000000165fc5b37
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                                                                      0000000077b20044 5 bytes JMP 0000000165fc57ed
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                                                                     0000000077b20154 5 bytes JMP 0000000165fc092a
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtDeleteFile                                                                                                                                                      0000000077b20974 5 bytes JMP 0000000165fc55e0
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtDeleteKey                                                                                                                                                       0000000077b2098c 5 bytes JMP 0000000165fbd7fa
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                                                                                                  0000000077b209d4 5 bytes JMP 0000000165fbd8c8
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtFlushKey                                                                                                                                                        0000000077b20b10 5 bytes JMP 0000000165fbd861
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeKey                                                                                                                                                 0000000077b20f00 5 bytes JMP 0000000165fc09a2
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                                        0000000077b20f18 5 bytes JMP 0000000165fc0dff
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtOpenKeyEx                                                                                                                                                       0000000077b20fa8 5 bytes JMP 0000000165fc112f
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile                                                                                                                                         0000000077b212cc 5 bytes JMP 0000000165fc5bc7
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey                                                                                                                                           0000000077b2140c 5 bytes JMP 0000000165fc0d83
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtQuerySecurityObject                                                                                                                                             0000000077b214b8 5 bytes JMP 0000000165fc7397
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtRenameKey                                                                                                                                                       0000000077b216a8 5 bytes JMP 0000000165fbdd06
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtSetInformationKey                                                                                                                                               0000000077b219e8 5 bytes JMP 0000000165fc07b4
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtSetSecurityObject                                                                                                                                               0000000077b21b2c 5 bytes JMP 0000000165fc712e
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!CreateProcessW                                                                                                                                                 000000007760102d 5 bytes JMP 0000000165f99bba
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!CreateProcessA                                                                                                                                                 0000000077601062 5 bytes JMP 0000000165f99cf8
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                                                           000000007762126f 5 bytes JMP 0000000165f99f2e
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!ReplaceFile                                                                                                                                                    000000007762cb4c 5 bytes JMP 0000000165f97e04
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!ReplaceFileA                                                                                                                                                   000000007767ed41 5 bytes JMP 0000000165f97d24
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!SetDllDirectoryW                                                                                                                                               0000000077680347 5 bytes JMP 0000000165f9a851
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!SetDllDirectoryA                                                                                                                                               00000000776803ef 5 bytes JMP 0000000165f9ab84
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!WinExec                                                                                                                                                        0000000077682f19 5 bytes JMP 0000000165f9a3f3
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!AllocConsole                                                                                                                                                   00000000776a68c6 5 bytes JMP 0000000165fc8595
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!AttachConsole                                                                                                                                                  00000000776a698a 5 bytes JMP 0000000165fc85a7
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                                                               0000000077512aa4 5 bytes JMP 0000000165f9ad8f
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                                                  00000000773d8b9a 5 bytes JMP 0000000165fc857d
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\USER32.dll!CreateWindowExA                                                                                                                                                  00000000773da5e6 5 bytes JMP 0000000165fc8565
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\GDI32.dll!AddFontResourceW                                                                                                                                                  0000000075cfd26a 5 bytes JMP 0000000165fa81eb
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\GDI32.dll!AddFontResourceA                                                                                                                                                  0000000075cfd773 5 bytes JMP 0000000165fa81cf
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesW                                                                                                                                         00000000757d1ec8 7 bytes JMP 0000000165fab1d3
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW                                                                                                                                          00000000757dbc43 7 bytes JMP 0000000165fac0f4
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW                                                                                                                                             00000000757fdf7f 7 bytes JMP 0000000165fab87a
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW                                                                                                                                         00000000757fe03b 7 bytes JMP 0000000165faba2b
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA                                                                                                                                          00000000757ff7be 7 bytes JMP 0000000165fac1ba
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                                                                           00000000758114fd 5 bytes JMP 0000000165f9a070
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA                                                                                                                                             0000000075830276 7 bytes JMP 0000000165fab932
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA                                                                                                                                         0000000075830319 7 bytes JMP 0000000165fabae3
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusA                                                                                                                                            0000000075830709 7 bytes JMP 0000000165fac036
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesA                                                                                                                                         00000000758307ec 7 bytes JMP 0000000165fab28a
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusW                                                                                                                                            0000000075830909 5 bytes JMP 0000000165fabf78
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!ControlService                                                                                                                                                  00000000772a4d5c 3 bytes JMP 0000000165fab018
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!ControlService + 4                                                                                                                                              00000000772a4d60 3 bytes [EE, CC, CC]
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!CloseServiceHandle                                                                                                                                              00000000772a4dc3 7 bytes JMP 0000000165fab341
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!QueryServiceStatus                                                                                                                                              00000000772a4e4b 7 bytes JMP 0000000165fab0a4
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!QueryServiceStatusEx                                                                                                                                            00000000772a4eaf 7 bytes JMP 0000000165fab137
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!StartServiceW                                                                                                                                                   00000000772a4f35 7 bytes JMP 0000000165faae93
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!StartServiceA                                                                                                                                                   00000000772a508d 7 bytes JMP 0000000165faaf29
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity                                                                                                                                      00000000772a50f4 7 bytes JMP 0000000165fabe46
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                                                                                                        00000000772a5181 3 bytes JMP 0000000165fabee2
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 4                                                                                                                                    00000000772a5185 3 bytes [EE, CC, CC]
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                                                                                            00000000772a5254 7 bytes JMP 0000000165fab542
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                                                                                            00000000772a53d5 7 bytes JMP 0000000165fab45d
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                                                                                                           00000000772a54c2 7 bytes JMP 0000000165fab7e4
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                                                                                                           00000000772a55e2 7 bytes JMP 0000000165fab74e
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!CreateServiceA                                                                                                                                                  00000000772a567c 7 bytes JMP 0000000165faac75
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!CreateServiceW                                                                                                                                                  00000000772a589f 7 bytes JMP 0000000165faab9f
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!DeleteService                                                                                                                                                   00000000772a5a22 7 bytes JMP 0000000165fab3cf
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigA                                                                                                                                             00000000772a5a83 7 bytes JMP 0000000165fabc75
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigW                                                                                                                                             00000000772a5b29 7 bytes JMP 0000000165fabbdc
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!ControlServiceExA                                                                                                                                               00000000772a5ca0 7 bytes JMP 0000000165faa34f
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!ControlServiceExW                                                                                                                                               00000000772a5d8c 7 bytes JMP 0000000165faa2d6
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!OpenSCManagerW                                                                                                                                                  00000000772a63ad 7 bytes JMP 0000000165faa89d
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!OpenSCManagerA                                                                                                                                                  00000000772a64f0 7 bytes JMP 0000000165faa929
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2A                                                                                                                                            00000000772a6633 7 bytes JMP 0000000165fabdaa
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2W                                                                                                                                            00000000772a680c 7 bytes JMP 0000000165fabd0e
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!OpenServiceW                                                                                                                                                    00000000772a714b 7 bytes JMP 0000000165faaa12
.text    C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!OpenServiceA                                                                                                                                                    00000000772a7245 7 bytes JMP 0000000165faaa9e
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoRegisterPSClsid                                                                                                                                                 0000000076cc3316 5 bytes JMP 0000000165fb196d
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoResumeClassObjects + 7                                                                                                                                          0000000076cce5f4 7 bytes JMP 0000000165fb1f3e
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!OleRun                                                                                                                                                            0000000076ccf910 5 bytes JMP 0000000165fb1df9
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoRegisterClassObject                                                                                                                                             0000000076cd121d 5 bytes JMP 0000000165fb2a6e
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoRevokeClassObject                                                                                                                                               0000000076cd2a9d 5 bytes JMP 0000000165fb13ca
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!OleUninitialize                                                                                                                                                   0000000076cde982 6 bytes JMP 0000000165fb1d18
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!OleInitialize                                                                                                                                                     0000000076cdef3b 5 bytes JMP 0000000165fb1ca8
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoGetPSClsid                                                                                                                                                      0000000076ce3b0f 5 bytes JMP 0000000165fb1ae5
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoGetClassObject                                                                                                                                                  0000000076cfa394 5 bytes JMP 0000000165fb2ffc
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoInitializeEx                                                                                                                                                    0000000076d008cc 5 bytes JMP 0000000165fb1b58
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoUninitialize                                                                                                                                                    0000000076d07197 5 bytes JMP 0000000165fb1bda
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoCreateInstance                                                                                                                                                  0000000076d1590c 5 bytes JMP 0000000165fb42ca
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoCreateInstanceEx                                                                                                                                                0000000076d1594f 5 bytes JMP 0000000165fb2405
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoSuspendClassObjects + 7                                                                                                                                         0000000076d2b16d 7 bytes JMP 0000000165fb1e69
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoGetInstanceFromFile                                                                                                                                             0000000076d8149a 5 bytes JMP 0000000165fb34bc
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!OleRegEnumFormatEtc                                                                                                                                               0000000076dccd0d 5 bytes JMP 0000000165fb1d83
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\OLEAUT32.dll!RegisterActiveObject                                                                                                                                           000000007758279e 5 bytes JMP 0000000165fb165d
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\OLEAUT32.dll!RevokeActiveObject                                                                                                                                             0000000077583294 5 bytes JMP 0000000165fb177e
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\OLEAUT32.dll!GetActiveObject                                                                                                                                                0000000077598f58 5 bytes JMP 0000000165fb17f1
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                         00000000775e1465 2 bytes [5E, 77]
.text    C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                        00000000775e14bb 2 bytes [5E, 77]
.text    ...                                                                                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtClose                                                                                                0000000077b1f970 5 bytes JMP 0000000165fc6f86
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtQueryObject                                                                                          0000000077b1f988 5 bytes JMP 0000000165fc741f
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtOpenKey                                                                                              0000000077b1f9b8 5 bytes JMP 0000000165fc1027
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtEnumerateValueKey                                                                                    0000000077b1f9d0 5 bytes JMP 0000000165fc08b2
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtQueryKey                                                                                             0000000077b1fa20 5 bytes JMP 0000000165fc072c
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey                                                                                        0000000077b1fa38 5 bytes JMP 0000000165fc083a
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtCreateKey                                                                                            0000000077b1fad0 5 bytes JMP 0000000165fc13d1
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                                                   0000000077b1fbc8 5 bytes JMP 0000000165fc53c5
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtEnumerateKey                                                                                         0000000077b1fcdc 5 bytes JMP 0000000165fc06b4
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                             0000000077b1fcf4 5 bytes JMP 0000000165fc59b5
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                                                                   0000000077b1fd28 5 bytes JMP 0000000165fc4a3a
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                      0000000077b1fdd4 5 bytes JMP 0000000165fc7001
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile                                                                                  0000000077b1fdec 5 bytes JMP 0000000165fc5b37
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                           0000000077b20044 5 bytes JMP 0000000165fc57ed
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                          0000000077b20154 5 bytes JMP 0000000165fc092a
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtDeleteFile                                                                                           0000000077b20974 5 bytes JMP 0000000165fc55e0
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtDeleteKey                                                                                            0000000077b2098c 5 bytes JMP 0000000165fbd7fa
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                                       0000000077b209d4 5 bytes JMP 0000000165fbd8c8
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtFlushKey                                                                                             0000000077b20b10 5 bytes JMP 0000000165fbd861
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeKey                                                                                      0000000077b20f00 5 bytes JMP 0000000165fc09a2
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys                                                                             0000000077b20f18 5 bytes JMP 0000000165fc0dff
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtOpenKeyEx                                                                                            0000000077b20fa8 5 bytes JMP 0000000165fc112f
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile                                                                              0000000077b212cc 5 bytes JMP 0000000165fc5bc7
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey                                                                                0000000077b2140c 5 bytes JMP 0000000165fc0d83
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtQuerySecurityObject                                                                                  0000000077b214b8 5 bytes JMP 0000000165fc7397
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtRenameKey                                                                                            0000000077b216a8 5 bytes JMP 0000000165fbdd06
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtSetInformationKey                                                                                    0000000077b219e8 5 bytes JMP 0000000165fc07b4
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtSetSecurityObject                                                                                    0000000077b21b2c 5 bytes JMP 0000000165fc712e
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!CreateProcessW                                                                                      000000007760102d 5 bytes JMP 0000000165f99bba
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!CreateProcessA                                                                                      0000000077601062 5 bytes JMP 0000000165f99cf8
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                000000007762126f 5 bytes JMP 0000000165f99f2e
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!ReplaceFile                                                                                         000000007762cb4c 5 bytes JMP 0000000165f97e04
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!ReplaceFileA                                                                                        000000007767ed41 5 bytes JMP 0000000165f97d24
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!SetDllDirectoryW                                                                                    0000000077680347 5 bytes JMP 0000000165f9a851
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!SetDllDirectoryA                                                                                    00000000776803ef 5 bytes JMP 0000000165f9ab84
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!WinExec                                                                                             0000000077682f19 5 bytes JMP 0000000165f9a3f3
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!AllocConsole                                                                                        00000000776a68c6 5 bytes JMP 0000000165fc8595
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!AttachConsole                                                                                       00000000776a698a 5 bytes JMP 0000000165fc85a7
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                    0000000077512aa4 5 bytes JMP 0000000165f9ad8f
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\USER32.dll!CreateWindowExW                                                                                       00000000773d8b9a 5 bytes JMP 0000000165fc857d
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\USER32.dll!CreateWindowExA                                                                                       00000000773da5e6 5 bytes JMP 0000000165fc8565
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\GDI32.dll!AddFontResourceW                                                                                       0000000075cfd26a 5 bytes JMP 0000000165fa81eb
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\GDI32.dll!AddFontResourceA                                                                                       0000000075cfd773 5 bytes JMP 0000000165fa81cf
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesW                                                                              00000000757d1ec8 7 bytes JMP 0000000165fab1d3
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW                                                                               00000000757dbc43 7 bytes JMP 0000000165fac0f4
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW                                                                                  00000000757fdf7f 7 bytes JMP 0000000165fab87a
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW                                                                              00000000757fe03b 7 bytes JMP 0000000165faba2b
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA                                                                               00000000757ff7be 7 bytes JMP 0000000165fac1ba
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                                00000000758114fd 5 bytes JMP 0000000165f9a070
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA                                                                                  0000000075830276 7 bytes JMP 0000000165fab932
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA                                                                              0000000075830319 7 bytes JMP 0000000165fabae3
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusA                                                                                 0000000075830709 7 bytes JMP 0000000165fac036
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesA                                                                              00000000758307ec 7 bytes JMP 0000000165fab28a
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusW                                                                                 0000000075830909 5 bytes JMP 0000000165fabf78
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!ControlService                                                                                       00000000772a4d5c 3 bytes JMP 0000000165fab018
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!ControlService + 4                                                                                   00000000772a4d60 3 bytes [EE, CC, CC]
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!CloseServiceHandle                                                                                   00000000772a4dc3 7 bytes JMP 0000000165fab341
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!QueryServiceStatus                                                                                   00000000772a4e4b 7 bytes JMP 0000000165fab0a4
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!QueryServiceStatusEx                                                                                 00000000772a4eaf 7 bytes JMP 0000000165fab137
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!StartServiceW                                                                                        00000000772a4f35 7 bytes JMP 0000000165faae93
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!StartServiceA                                                                                        00000000772a508d 7 bytes JMP 0000000165faaf29
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity                                                                           00000000772a50f4 7 bytes JMP 0000000165fabe46
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                                                             00000000772a5181 3 bytes JMP 0000000165fabee2
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 4                                                                         00000000772a5185 3 bytes [EE, CC, CC]
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                                                 00000000772a5254 7 bytes JMP 0000000165fab542
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                                                 00000000772a53d5 7 bytes JMP 0000000165fab45d
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                                                00000000772a54c2 7 bytes JMP 0000000165fab7e4
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                                                00000000772a55e2 7 bytes JMP 0000000165fab74e
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!CreateServiceA                                                                                       00000000772a567c 7 bytes JMP 0000000165faac75
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!CreateServiceW                                                                                       00000000772a589f 7 bytes JMP 0000000165faab9f
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!DeleteService                                                                                        00000000772a5a22 7 bytes JMP 0000000165fab3cf
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigA                                                                                  00000000772a5a83 7 bytes JMP 0000000165fabc75
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigW                                                                                  00000000772a5b29 7 bytes JMP 0000000165fabbdc
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!ControlServiceExA                                                                                    00000000772a5ca0 7 bytes JMP 0000000165faa34f
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!ControlServiceExW                                                                                    00000000772a5d8c 7 bytes JMP 0000000165faa2d6
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!OpenSCManagerW                                                                                       00000000772a63ad 7 bytes JMP 0000000165faa89d
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!OpenSCManagerA                                                                                       00000000772a64f0 7 bytes JMP 0000000165faa929
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2A                                                                                 00000000772a6633 7 bytes JMP 0000000165fabdaa
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2W                                                                                 00000000772a680c 7 bytes JMP 0000000165fabd0e
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!OpenServiceW                                                                                         00000000772a714b 7 bytes JMP 0000000165faaa12
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!OpenServiceA                                                                                         00000000772a7245 7 bytes JMP 0000000165faaa9e
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoRegisterPSClsid                                                                                      0000000076cc3316 5 bytes JMP 0000000165fb196d
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoResumeClassObjects + 7                                                                               0000000076cce5f4 7 bytes JMP 0000000165fb1f3e
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!OleRun                                                                                                 0000000076ccf910 5 bytes JMP 0000000165fb1df9
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoRegisterClassObject                                                                                  0000000076cd121d 5 bytes JMP 0000000165fb2a6e
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoRevokeClassObject                                                                                    0000000076cd2a9d 5 bytes JMP 0000000165fb13ca
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!OleUninitialize                                                                                        0000000076cde982 6 bytes JMP 0000000165fb1d18
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!OleInitialize                                                                                          0000000076cdef3b 5 bytes JMP 0000000165fb1ca8
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoGetPSClsid                                                                                           0000000076ce3b0f 5 bytes JMP 0000000165fb1ae5
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoGetClassObject                                                                                       0000000076cfa394 5 bytes JMP 0000000165fb2ffc
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoInitializeEx                                                                                         0000000076d008cc 5 bytes JMP 0000000165fb1b58
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoUninitialize                                                                                         0000000076d07197 5 bytes JMP 0000000165fb1bda
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoCreateInstance                                                                                       0000000076d1590c 5 bytes JMP 0000000165fb42ca
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoCreateInstanceEx                                                                                     0000000076d1594f 5 bytes JMP 0000000165fb2405
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoSuspendClassObjects + 7                                                                              0000000076d2b16d 7 bytes JMP 0000000165fb1e69
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoGetInstanceFromFile                                                                                  0000000076d8149a 5 bytes JMP 0000000165fb34bc
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!OleRegEnumFormatEtc                                                                                    0000000076dccd0d 5 bytes JMP 0000000165fb1d83
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\oleaut32.dll!RegisterActiveObject                                                                                000000007758279e 5 bytes JMP 0000000165fb165d
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\oleaut32.dll!RevokeActiveObject                                                                                  0000000077583294 5 bytes JMP 0000000165fb177e
.text    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\oleaut32.dll!GetActiveObject                                                                                     0000000077598f58 5 bytes JMP 0000000165fb17f1
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5400] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                          00000000775e1465 2 bytes [5E, 77]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5400] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                         00000000775e14bb 2 bytes [5E, 77]
.text    ...                                                                                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe[3504] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                 00000000775e1465 2 bytes [5E, 77]
.text    C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe[3504] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                00000000775e14bb 2 bytes [5E, 77]
.text    ...                                                                                                                                                                                                                                   * 2

---- Kernel IAT/EAT - GMER 2.1 ----

IAT      C:\windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback]                                                                                                                                                                       [fffff88004b45ea4] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]

---- Threads - GMER 2.1 ----

Thread   C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [184:1864]                                                                                                                                                                 00000000772a7587
Thread   C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [184:4232]                                                                                                                                                                 000000005c7c758a
Thread   C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [184:3324]                                                                                                                                                                 0000000077b52e3e
Thread   C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [184:5300]                                                                                                                                                                 0000000077b53e59
Thread   C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [184:5164]                                                                                                                                                                 0000000077b53e59
Thread   C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [184:3268]                                                                                                                                                                 0000000077b53e59
---- Processes - GMER 2.1 ----

Library  Q:\140066.deu\Office14\MSOSYNC.EXE (*** suspicious ***) @ Q:\140066.deu\Office14\MSOSYNC.EXE [4272]                                                                                                                                   000000002df40000
Library  Q:\140066.deu\Office14\1031\ospintl.dll (*** suspicious ***) @ Q:\140066.deu\Office14\MSOSYNC.EXE [4272]                                                                                                                              0000000063ee0000
Library  Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\RICHED20.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\MSOSYNC.EXE [4272]                                                                                  000000005eea0000
Library  Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSPTLS.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\MSOSYNC.EXE [4272]                                                                                    000000005f3d0000
Library  Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\Csi.dll (*** suspicious ***) @ Q:\140066.deu\Office14\MSOSYNC.EXE [4272]                                                                                       000000005d560000

---- EOF - GMER 2.1 ----
         
__________________


 

Themen zu Nation Zoom endgültig vernichtet?
browser, computer, desktop, downloader, ebanking, error, failed, flash player, frage, google, helper, home, iexplore.exe, kaspersky, klelam.sys, mozilla, realtek, registry, scan, security, shark, software, svchost.exe, symantec, system, usb, vcredist, virus



Ähnliche Themen: Nation Zoom endgültig vernichtet?


  1. Nation Zoom
    Plagegeister aller Art und deren Bekämpfung - 16.03.2014 (1)
  2. Nation Zoom
    Log-Analyse und Auswertung - 26.01.2014 (9)
  3. Nation Zoom endgültig vernichtet?
    Log-Analyse und Auswertung - 14.01.2014 (11)
  4. Nation Zoom entfernen
    Log-Analyse und Auswertung - 13.01.2014 (24)
  5. Nation Zoom
    Log-Analyse und Auswertung - 08.01.2014 (1)
  6. Problemm mit Nation Zoom
    Log-Analyse und Auswertung - 08.01.2014 (6)
  7. Virus Nation Zoom
    Log-Analyse und Auswertung - 07.01.2014 (27)
  8. Nation Zoom Virus
    Log-Analyse und Auswertung - 06.01.2014 (11)
  9. 2x | Nation Zoom entfernen
    Mülltonne - 02.01.2014 (1)
  10. Windows 7: Nation Zoom
    Log-Analyse und Auswertung - 29.12.2013 (9)
  11. nation zoom
    Plagegeister aller Art und deren Bekämpfung - 22.12.2013 (6)
  12. nation zoom
    Plagegeister aller Art und deren Bekämpfung - 21.12.2013 (1)
  13. Nation Zoom Virus
    Plagegeister aller Art und deren Bekämpfung - 17.12.2013 (7)
  14. Nation Zoom Virus
    Log-Analyse und Auswertung - 15.12.2013 (7)
  15. nation zoom entfernen
    Log-Analyse und Auswertung - 04.12.2013 (3)
  16. nation zoom wie löschen
    Plagegeister aller Art und deren Bekämpfung - 02.12.2013 (3)
  17. Nation Zoom entfernen
    Anleitungen, FAQs & Links - 22.11.2013 (2)

Zum Thema Nation Zoom endgültig vernichtet? - Hallo und guten Abend, nachdem ich mir heute den Virus Nation Zoom eingefangen habe, und versucht habe, ihn wieder loszuwerden, bin ich mir nicht mehr sicher, ob es mir gelungen - Nation Zoom endgültig vernichtet?...
Archiv
Du betrachtest: Nation Zoom endgültig vernichtet? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.