| |
| |||||||
Mülltonne: Nation Zoom endgültig vernichtet?Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
08.01.2014, 21:53
| #1 |
| |  Nation Zoom endgültig vernichtet? Hallo und guten Abend, nachdem ich mir heute den Virus Nation Zoom eingefangen habe, und versucht habe, ihn wieder loszuwerden, bin ich mir nicht mehr sicher, ob es mir gelungen ist. Daher hier jetzt meine Anfrage, auf Hilfe: Hier nun die Ergebnisse: frst Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014 01
Ran by Msi (administrator) on MSI-MSI on 08-01-2014 21:15:21
Running from C:\Users\Msi\Downloads
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
() C:\Program Files (x86)\MSI Game Corner\Game Console\OberonGameConsoleService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
() Q:\140066.deu\Office14\MSOSYNC.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-06-29] (Realtek Semiconductor)
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\FspUip.exe [3768832 2009-12-17] (Sentelic Corporation)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [NortonOnlineBackup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1112920 2010-03-06] (Symantec Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-17] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [] - [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [3207912 2013-07-23] (Microsoft Corporation)
HKCU\...\Run: [ShowBatteryBar] - C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2013-04-11] ()
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\...\Run: [FLV Player] - C:\Users\Msi\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
AppInit_DLLs: [ ] ()
Startup: C:\Users\Msi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=105&systemid=473&v=a9397-147&apn_uid=3302503315214174&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=105&systemid=473&v=a9397-147&apn_uid=3302503315214174&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=105&systemid=473&v=a9397-147&apn_uid=3302503315214174&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {768936BC-6EAE-4A4B-9602-35422E918D61} URL = hxxp://search.softonic.com/MOY00009/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=0009199c0000000000004e5d6083cb02&toi=16078&r=836
SearchScopes: HKCU - {B8AAEBCB-5D25-4583-8404-943E678232F3} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {FD88D162-AB23-4097-B2CB-9E8C9C131252} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Msi\AppData\Roaming\Mozilla\Firefox\Profiles\uue0gtmt.default-1389208964760
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR Extension: (Google Wallet) - C:\Users\Msi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1
CHR HKLM-x32\...\Chrome\Extension: [aaaaimdcedbpbcjjbbnfcbbjcngmomic] - C:\Users\Msi\AppData\Local\somotomoviestoolbar1\GC\toolbar.crx
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
S2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [49664 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-03-06] (Symantec Corporation)
R2 OberonGameConsoleService; C:\Program Files (x86)\MSI Game Corner\Game Console\OberonGameConsoleService.exe [44432 2010-01-27] ()
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
==================== Drivers (Whitelisted) ====================
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 EUCR; C:\Windows\system32\DRIVERS\EUCR6SK.SYS [87888 2009-12-04] (ENE Technology Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 smserial; C:\Windows\System32\DRIVERS\SmSerl64.sys [1227776 2009-06-10] (Motorola Inc.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-23] (Kaspersky Lab ZAO)
S3 MGHwCtrl; \??\C:\Program Files\msi\msi Software Install\MGHwCtrl.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-08 21:15 - 2014-01-08 21:15 - 00017525 _____ C:\Users\Msi\Downloads\FRST.txt
2014-01-08 21:15 - 2014-01-08 21:15 - 00000000 ____D C:\FRST
2014-01-08 21:14 - 2014-01-08 21:14 - 01931770 _____ (Farbar) C:\Users\Msi\Downloads\FRST64.exe
2014-01-08 21:11 - 2014-01-08 21:13 - 00000468 _____ C:\Users\Msi\Downloads\defogger_disable.log
2014-01-08 21:11 - 2014-01-08 21:11 - 00000000 _____ C:\Users\Msi\defogger_reenable
2014-01-08 21:10 - 2014-01-08 21:10 - 00050477 _____ C:\Users\Msi\Downloads\Defogger.exe
2014-01-08 20:39 - 2014-01-08 20:43 - 00000000 ____D C:\AdwCleaner
2014-01-08 20:39 - 2014-01-08 20:40 - 55797027 _____ C:\Users\Msi\Desktop\LFO1801_140108_203928.zip
2014-01-08 20:38 - 2014-01-08 20:38 - 01233962 _____ C:\Users\Msi\Downloads\adwcleaner.exe
2014-01-08 20:09 - 2014-01-08 20:09 - 00001123 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-08 20:09 - 2014-01-08 20:09 - 00000000 ____D C:\Users\Msi\AppData\Roaming\Malwarebytes
2014-01-08 20:09 - 2014-01-08 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-08 20:09 - 2014-01-08 20:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-08 20:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-08 20:08 - 2014-01-08 20:08 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Msi\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-08 15:35 - 2014-01-08 15:35 - 00001579 _____ C:\Users\Msi\Desktop\E-mail.lnk
2014-01-08 15:13 - 2014-01-08 15:16 - 00000000 ____D C:\Users\Msi\AppData\Roaming\Windows Live Writer
2014-01-08 15:13 - 2014-01-08 15:13 - 00000000 ____D C:\Users\Msi\AppData\Local\Windows Live Writer
2014-01-08 15:10 - 2014-01-08 15:10 - 00000020 _____ C:\windows\@õÛ
2014-01-08 15:06 - 2014-01-08 15:06 - 00000000 ____D C:\5a6913622ce208af00d2f2
2014-01-08 15:04 - 2014-01-08 20:27 - 00000000 ____D C:\ProgramData\Updater
2014-01-08 15:04 - 2014-01-08 20:27 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-08 14:42 - 2014-01-08 14:53 - 00000306 __RSH C:\Users\Msi\ntuser.pol
2014-01-08 14:41 - 2014-01-08 14:51 - 00000000 ____D C:\Users\Msi\AppData\Local\cache
2014-01-08 14:41 - 2014-01-08 14:48 - 00000000 ____D C:\Users\Msi\AppData\Local\genienext
2014-01-08 14:41 - 2014-01-08 14:41 - 00000000 ____D C:\Users\Msi\.android
2014-01-08 14:41 - 2014-01-08 14:41 - 00000000 _____ C:\Users\Msi\daemonprocess.txt
2014-01-08 14:35 - 2014-01-08 15:09 - 00000000 ____D C:\Program Files\Windows Live
2014-01-08 14:32 - 2014-01-08 14:32 - 00000358 _____ C:\windows\DirectX.log
2014-01-08 14:31 - 2010-08-11 06:19 - 03860992 _____ (Microsoft Corporation) C:\windows\system32\UIRibbon.dll
2014-01-08 14:31 - 2010-08-11 06:13 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\UIRibbonRes.dll
2014-01-08 14:31 - 2010-08-11 05:44 - 02983424 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIRibbon.dll
2014-01-08 14:31 - 2010-08-11 05:35 - 01164800 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIRibbonRes.dll
2014-01-08 14:30 - 2010-05-23 11:15 - 01619456 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-01-08 14:30 - 2010-05-23 11:11 - 03181568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-01-08 14:30 - 2010-05-23 11:11 - 00196608 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfreadwrite.dll
2014-01-08 14:30 - 2010-05-23 09:37 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-01-08 14:30 - 2010-05-23 09:35 - 04068864 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-01-08 14:30 - 2010-05-23 09:35 - 00257024 _____ (Microsoft Corporation) C:\windows\system32\mfreadwrite.dll
2014-01-08 14:30 - 2010-05-23 09:35 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-01-08 14:25 - 2014-01-08 15:12 - 00000000 ____D C:\Users\Msi\AppData\Local\Windows Live
2013-12-28 15:50 - 2013-12-28 15:51 - 55796428 _____ C:\Users\Msi\Desktop\LFO1801_131228_155029.zip
2013-12-28 15:12 - 2013-12-28 15:12 - 00000000 ____D C:\Users\Msi\AppData\Roaming\DataDesign
2013-12-27 13:27 - 2013-12-27 13:28 - 55787441 _____ C:\Users\Msi\Desktop\(SYS)LFO1801_131227_132627.zip
2013-12-21 13:47 - 2013-12-21 13:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 11:12 - 2013-12-21 11:12 - 00000000 ____D C:\Beitragsabrechnung
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____D C:\Stundenjournal
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____D C:\Lohnkonto
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____D C:\Lohnjournal Jahresbericht
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____D C:\Lohnabrechnung
2013-12-13 16:03 - 2013-12-13 16:03 - 00051752 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\FKStampPainter20.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 04955176 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxXtreme110.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 01340456 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxTool112.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00209960 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxBasics100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00129576 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxMail100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00106536 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxUISettingsN100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00070184 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxCI12.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00065576 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxPXTree100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00051752 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LXCurr100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00028200 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxTPSW100.dll
==================== One Month Modified Files and Folders =======
2014-01-08 21:15 - 2014-01-08 21:15 - 00017525 _____ C:\Users\Msi\Downloads\FRST.txt
2014-01-08 21:15 - 2014-01-08 21:15 - 00000000 ____D C:\FRST
2014-01-08 21:14 - 2014-01-08 21:14 - 01931770 _____ (Farbar) C:\Users\Msi\Downloads\FRST64.exe
2014-01-08 21:13 - 2014-01-08 21:11 - 00000468 _____ C:\Users\Msi\Downloads\defogger_disable.log
2014-01-08 21:11 - 2014-01-08 21:11 - 00000000 _____ C:\Users\Msi\defogger_reenable
2014-01-08 21:11 - 2013-02-06 14:36 - 00000000 ____D C:\Users\Msi
2014-01-08 21:10 - 2014-01-08 21:10 - 00050477 _____ C:\Users\Msi\Downloads\Defogger.exe
2014-01-08 21:02 - 2013-02-06 16:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-08 20:55 - 2009-07-14 05:45 - 00017376 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-08 20:55 - 2009-07-14 05:45 - 00017376 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-08 20:52 - 2013-02-06 15:47 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-08 20:51 - 2013-02-06 14:34 - 01515819 _____ C:\windows\WindowsUpdate.log
2014-01-08 20:46 - 2013-02-10 14:06 - 00001100 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-08 20:46 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-08 20:45 - 2013-02-06 18:02 - 00041469 _____ C:\windows\setupact.log
2014-01-08 20:44 - 2013-12-03 15:44 - 00002783 _____ C:\Users\Public\Desktop\Lexware financial office.lnk
2014-01-08 20:43 - 2014-01-08 20:39 - 00000000 ____D C:\AdwCleaner
2014-01-08 20:43 - 2013-10-23 13:59 - 00000000 ____D C:\Users\Msi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2014-01-08 20:43 - 2013-02-10 14:09 - 00001292 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-08 20:43 - 2013-02-06 15:27 - 00001063 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-08 20:43 - 2013-02-06 14:55 - 00001176 _____ C:\Users\Msi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-08 20:43 - 2013-02-06 14:55 - 00000989 _____ C:\Users\Msi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-01-08 20:42 - 2013-02-16 19:52 - 00000000 ____D C:\Users\Msi\AppData\Roaming\SoftGrid Client
2014-01-08 20:40 - 2014-01-08 20:39 - 55797027 _____ C:\Users\Msi\Desktop\LFO1801_140108_203928.zip
2014-01-08 20:40 - 2013-02-06 18:38 - 00000000 ____D C:\ProgramData\Lexware
2014-01-08 20:38 - 2014-01-08 20:38 - 01233962 _____ C:\Users\Msi\Downloads\adwcleaner.exe
2014-01-08 20:38 - 2013-02-10 14:06 - 00001104 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-08 20:27 - 2014-01-08 15:04 - 00000000 ____D C:\ProgramData\Updater
2014-01-08 20:27 - 2014-01-08 15:04 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-08 20:27 - 2013-02-10 18:18 - 00015664 _____ C:\windows\PFRO.log
2014-01-08 20:09 - 2014-01-08 20:09 - 00001123 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-08 20:09 - 2014-01-08 20:09 - 00000000 ____D C:\Users\Msi\AppData\Roaming\Malwarebytes
2014-01-08 20:09 - 2014-01-08 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-08 20:09 - 2014-01-08 20:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-08 20:08 - 2014-01-08 20:08 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Msi\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-08 17:52 - 2013-02-06 14:55 - 00000000 ___RD C:\Users\Msi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-08 16:15 - 2013-07-08 21:03 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2014-01-08 15:35 - 2014-01-08 15:35 - 00001579 _____ C:\Users\Msi\Desktop\E-mail.lnk
2014-01-08 15:26 - 2013-02-08 16:12 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{650751A0-29F4-4199-810B-E2EAD6E5ACC8}
2014-01-08 15:16 - 2014-01-08 15:13 - 00000000 ____D C:\Users\Msi\AppData\Roaming\Windows Live Writer
2014-01-08 15:13 - 2014-01-08 15:13 - 00000000 ____D C:\Users\Msi\AppData\Local\Windows Live Writer
2014-01-08 15:12 - 2014-01-08 14:25 - 00000000 ____D C:\Users\Msi\AppData\Local\Windows Live
2014-01-08 15:10 - 2014-01-08 15:10 - 00000020 _____ C:\windows\@õÛ
2014-01-08 15:10 - 2013-02-06 14:49 - 00000000 ____D C:\Program Files (x86)\Windows Live
2014-01-08 15:09 - 2014-01-08 14:35 - 00000000 ____D C:\Program Files\Windows Live
2014-01-08 15:06 - 2014-01-08 15:06 - 00000000 ____D C:\5a6913622ce208af00d2f2
2014-01-08 14:53 - 2014-01-08 14:42 - 00000306 __RSH C:\Users\Msi\ntuser.pol
2014-01-08 14:51 - 2014-01-08 14:41 - 00000000 ____D C:\Users\Msi\AppData\Local\cache
2014-01-08 14:48 - 2014-01-08 14:41 - 00000000 ____D C:\Users\Msi\AppData\Local\genienext
2014-01-08 14:42 - 2009-07-14 04:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2014-01-08 14:42 - 2009-07-14 04:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2014-01-08 14:41 - 2014-01-08 14:41 - 00000000 ____D C:\Users\Msi\.android
2014-01-08 14:41 - 2014-01-08 14:41 - 00000000 _____ C:\Users\Msi\daemonprocess.txt
2014-01-08 14:34 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-08 14:32 - 2014-01-08 14:32 - 00000358 _____ C:\windows\DirectX.log
2014-01-05 18:50 - 2010-07-21 21:44 - 00709838 _____ C:\windows\system32\perfh007.dat
2014-01-05 18:50 - 2010-07-21 21:44 - 00153984 _____ C:\windows\system32\perfc007.dat
2014-01-05 18:50 - 2009-07-14 06:13 - 01648640 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-02 22:16 - 2009-07-14 06:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-12-28 15:51 - 2013-12-28 15:50 - 55796428 _____ C:\Users\Msi\Desktop\LFO1801_131228_155029.zip
2013-12-28 15:12 - 2013-12-28 15:12 - 00000000 ____D C:\Users\Msi\AppData\Roaming\DataDesign
2013-12-27 17:46 - 2013-03-20 17:12 - 00004096 _____ C:\Users\Public\Documents\000016E5.LCS
2013-12-27 13:28 - 2013-12-27 13:27 - 55787441 _____ C:\Users\Msi\Desktop\(SYS)LFO1801_131227_132627.zip
2013-12-22 17:05 - 2013-02-06 15:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 13:47 - 2013-12-21 13:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 12:16 - 2013-02-20 08:51 - 00000000 ____D C:\Program Files (x86)\svnet
2013-12-21 11:12 - 2013-12-21 11:12 - 00000000 ____D C:\Beitragsabrechnung
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____D C:\Stundenjournal
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____D C:\Lohnkonto
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____D C:\Lohnjournal Jahresbericht
2013-12-21 10:40 - 2013-12-21 10:40 - 00000000 ____D C:\Lohnabrechnung
2013-12-15 14:48 - 2013-08-18 22:54 - 00000000 ____D C:\windows\system32\MRT
2013-12-15 14:45 - 2013-02-10 18:25 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-14 15:01 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF
2013-12-13 16:03 - 2013-12-13 16:03 - 00051752 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\FKStampPainter20.dll
2013-12-11 22:48 - 2009-07-14 04:20 - 00000000 ____D C:\windows\Help
2013-12-11 21:52 - 2013-02-06 15:47 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 21:52 - 2013-02-06 15:47 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 21:52 - 2013-02-06 15:47 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 15:40 - 2013-12-11 15:40 - 04955176 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxXtreme110.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 01340456 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxTool112.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00209960 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxBasics100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00129576 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxMail100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00106536 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxUISettingsN100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00070184 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxCI12.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00065576 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxPXTree100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00051752 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LXCurr100.dll
2013-12-11 15:40 - 2013-12-11 15:40 - 00028200 _____ (Haufe-Lexware GmbH & Co. KG) C:\windows\SysWOW64\LxTPSW100.dll
2013-12-10 23:12 - 2012-08-02 15:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klim6.sys
2013-12-10 23:12 - 2012-06-19 17:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\kl1.sys
2013-12-09 21:33 - 2013-02-10 14:06 - 00004100 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-09 21:33 - 2013-02-10 14:06 - 00003848 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
Files to move or delete:
====================
C:\Users\Msi\setup.exe
Some content of TEMP:
====================
C:\Users\Msi\AppData\Local\Temp\autorun.dll
C:\Users\Msi\AppData\Local\Temp\BackupSetup.exe
C:\Users\Msi\AppData\Local\Temp\BatteryBarSetup-3.5.7.exe
C:\Users\Msi\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Msi\AppData\Local\Temp\Mobogenie_Setup_2-1-35_517.exe
C:\Users\Msi\AppData\Local\Temp\Quarantine.exe
C:\Users\Msi\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn.exe
C:\Users\Msi\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-08 13:45
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2014 01
Ran by Msi at 2014-01-08 21:16:45
Running from C:\Users\Msi\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Anti-Virus (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638 - Adobe Systems, Inc)
Alice Greenfingers (x32 Version: - Oberon Media)
Allgemeine Runtime Files (x86) (Version: 1.0.3.5 - Sereby Corporation)
Apple Application Support (x32 Version: 2.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.10.94 - ArcSoft)
ArcSoft Print Creations - Album Page (x32 Version: - ArcSoft)
ArcSoft Print Creations - Brochures & Flyers (x32 Version: - ArcSoft)
ArcSoft Print Creations - Funhouse (x32 Version: - ArcSoft)
ArcSoft Print Creations - Funhouse II (x32 Version: - ArcSoft)
ArcSoft Print Creations - Greeting Card (x32 Version: - ArcSoft)
ArcSoft Print Creations - Photo Book (x32 Version: - ArcSoft)
ArcSoft Print Creations - Photo Calendar (x32 Version: - ArcSoft)
ArcSoft Print Creations - Photo Prints (x32 Version: - ArcSoft)
ArcSoft Print Creations - Poster Creator (x32 Version: - ArcSoft)
ArcSoft Print Creations - Scrapbook (x32 Version: - ArcSoft)
ArcSoft Print Creations - Slimline Card (x32 Version: - ArcSoft)
ArcSoft Print Creations (x32 Version: 3.0.255.487 - ArcSoft)
ArcSoft WebCam Companion 3 (x32 Version: 3.0.32.221 - ArcSoft)
BatteryBar (remove only) (Version: - )
BurnRecovery (x32 Version: 3.0.1003.801 - Micro-Star International Co., Ltd.)
CCleaner (Version: 3.24 - Piriform)
Chicken Invaders 2 (x32 Version: - Oberon Media)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dakota.ag (x32 Version: 6.0 - ITSG GmbH)
dakota.ag (x32 Version: 6.0 - ITSG GmbH) Hidden
DirectX 9.0c Extra Files (x86, x64) (Version: 1.10.06.0 - Sereby Corporation)
ElsterFormular (x32 Version: 14.3.11574 - Landesfinanzdirektion Thüringen)
Finger Sensing Pad Driver (Version: 8.5.6.4 - Sentelic)
FreeRIP Toolbar v8.5 (x32 Version: 8.5 - Spigot, Inc.)
G DATA Logox4 Speechengine (x32 Version: - G DATA Software AG)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Home Sweet Home (x32 Version: - Oberon Media)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2119 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 10 (64-bit) (Version: 7.0.100 - Oracle)
Java 7 Update 10 (x32 Version: 7.0.100 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Lernwerkstatt 8 (x32 Version: 8.00.0000 - Medienwerkstatt Mühlacker Verlagsgesellschaft mbH)
Lernwerkstatt 8 (x32 Version: 8.00.0000 - Medienwerkstatt Mühlacker Verlagsgesellschaft mbH) Hidden
Lexware Elster (x32 Version: 13.15.00.0074 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (x32 Version: 18.0.0.98 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (x32 Version: 18.02.00.0136 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Info Service (x32 Version: 4.01.00.0077 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 3.01.00.0011 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware online banking (x32 Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
Lexware Sepa Check (x32 Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden
LSI HDA Modem (Version: 2.2.98 - LSI Corporation)
Mahjong Escape Ancient China (x32 Version: - Oberon Media)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 SP1 (Version: - )
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Movies Toolbar for Chrome (Dist. by Somoto Ltd.) (x32 Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Movies Toolbar for Internet Explorer (Dist. by Somoto Ltd.) (x32 Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSI Game Corner Console (x32 Version: 5.5.0.1 - Oberon Media, Inc.)
msi Software Install (x32 Version: 3.1000.1005.1101 - Micro-Star International Co., Ltd.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Norton Online Backup (x32 Version: 2.1.13580 - Symantec Corporation)
NVIDIA Drivers (Version: 1.10.61.39 - NVIDIA Corporation)
NVIDIA Updatus (x32 Version: 1.0.3 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Presto! PageManager 7.15.16 (x32 Version: 7.15.16 - NewSoft Technology Corporation)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Samsung Kies (x32 Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
sv.net (x32 Version: 13.1 - ITSG GmbH)
T-Online 6.0 (x32 Version: - )
Updater (x32 Version: 2.6.53 - Creative Island Media, LLC)
VLC media player 2.0.4 (Version: 2.0.4 - VideoLAN)
Win7codecs (x32 Version: 3.8.6 - Shark007)
Windows Driver Package - ENE (EUCR) USB (12/04/2009 5.89.0.64) (Version: 12/04/2009 5.89.0.64 - ENE)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
WinRAR archiver (x32 Version: - )
x64 Components v3.8.6 (Version: 3.8.6 - Shark007)
==================== Restore Points =========================
06-12-2013 19:47:41 Windows Update
11-12-2013 14:05:39 Windows Update
11-12-2013 21:47:51 Installed Lexware online banking.
15-12-2013 13:44:24 Windows Update
21-12-2013 09:16:04 Windows Update
24-12-2013 19:46:31 Windows Update
01-01-2014 16:08:52 Windows Update
08-01-2014 13:25:45 Windows Live Essentials
08-01-2014 13:30:09 Windows Update
08-01-2014 13:31:23 Windows Update
08-01-2014 13:31:59 DirectX wurde installiert
08-01-2014 13:32:50 DirectX wurde installiert
08-01-2014 13:33:13 DirectX wurde installiert
08-01-2014 13:35:30 WLSetup
08-01-2014 14:08:19 Windows Live Essentials
08-01-2014 14:08:50 WLSetup
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {83BCF11C-F92F-4000-8DCF-E20A5E86D735} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-10] (Google Inc.)
Task: {8F1139E4-5AA8-478B-8650-A912F6987966} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-10] (Google Inc.)
Task: {A928AA64-EC17-4D0F-9254-30E870980E85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {B8F9439A-416C-45FC-A4C7-725EE81CB136} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {E31EEC72-B98A-4526-849D-6C527F4D10F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-07-21 22:17 - 2009-12-17 12:51 - 00049152 _____ () C:\Program Files\FSP\KbdHook.dll
2010-07-21 22:17 - 2009-12-17 12:51 - 00080896 _____ () C:\Program Files\FSP\FspLib.dll
2012-08-17 21:39 - 2013-02-07 15:04 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
2013-09-26 12:20 - 2013-09-26 12:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 12:20 - 2013-09-26 12:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2013-12-06 21:36 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-06 21:36 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-06 21:36 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-06 21:36 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-06 21:36 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-02-08 16:18 - 2013-02-08 16:18 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d89f0252d910d617de1de783a812f840\IsdiInterop.ni.dll
2010-07-21 23:17 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-12-06 21:36 - 2013-12-04 03:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/08/2014 07:57:10 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/08/2014 03:32:20 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Name des fehlerhaften Moduls: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001df22e
ID des fehlerhaften Prozesses: 0x1694
Startzeit der fehlerhaften Anwendung: 0xMail.exe0
Pfad der fehlerhaften Anwendung: Mail.exe1
Pfad des fehlerhaften Moduls: Mail.exe2
Berichtskennung: Mail.exe3
Error: (01/08/2014 03:18:06 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Name des fehlerhaften Moduls: funMsgMc.dll, Version: 6.7.0.2, Zeitstempel: 0x4faba629
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00020d4f
ID des fehlerhaften Prozesses: 0x1b98
Startzeit der fehlerhaften Anwendung: 0xMail.exe0
Pfad der fehlerhaften Anwendung: Mail.exe1
Pfad des fehlerhaften Moduls: Mail.exe2
Berichtskennung: Mail.exe3
Error: (01/08/2014 03:18:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Name des fehlerhaften Moduls: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001df22e
ID des fehlerhaften Prozesses: 0x1b98
Startzeit der fehlerhaften Anwendung: 0xMail.exe0
Pfad der fehlerhaften Anwendung: Mail.exe1
Pfad des fehlerhaften Moduls: Mail.exe2
Berichtskennung: Mail.exe3
Error: (01/08/2014 03:12:56 PM) (Source: ESENT) (User: )
Description: wlmail (12336) WindowsLiveMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.
Error: (01/08/2014 03:07:28 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Name des fehlerhaften Moduls: funMsgMc.dll, Version: 6.7.0.2, Zeitstempel: 0x4faba629
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00020d4f
ID des fehlerhaften Prozesses: 0x1504
Startzeit der fehlerhaften Anwendung: 0xMail.exe0
Pfad der fehlerhaften Anwendung: Mail.exe1
Pfad des fehlerhaften Moduls: Mail.exe2
Berichtskennung: Mail.exe3
Error: (01/08/2014 03:07:21 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Name des fehlerhaften Moduls: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001df22e
ID des fehlerhaften Prozesses: 0x1504
Startzeit der fehlerhaften Anwendung: 0xMail.exe0
Pfad der fehlerhaften Anwendung: Mail.exe1
Pfad des fehlerhaften Moduls: Mail.exe2
Berichtskennung: Mail.exe3
Error: (01/08/2014 02:42:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Name des fehlerhaften Moduls: funMsgMc.dll, Version: 6.7.0.2, Zeitstempel: 0x4faba629
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00020d4f
ID des fehlerhaften Prozesses: 0xdc8
Startzeit der fehlerhaften Anwendung: 0xMail.exe0
Pfad der fehlerhaften Anwendung: Mail.exe1
Pfad des fehlerhaften Moduls: Mail.exe2
Berichtskennung: Mail.exe3
Error: (01/08/2014 02:42:28 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Name des fehlerhaften Moduls: Mail.exe, Version: 6.10.0.5, Zeitstempel: 0x4faba5f4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001df22e
ID des fehlerhaften Prozesses: 0xdc8
Startzeit der fehlerhaften Anwendung: 0xMail.exe0
Pfad der fehlerhaften Anwendung: Mail.exe1
Pfad des fehlerhaften Moduls: Mail.exe2
Berichtskennung: Mail.exe3
Error: (01/08/2014 02:26:37 PM) (Source: Microsoft-Windows-RestartManager) (User: Msi-msi)
Description: Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren werden.
System errors:
=============
Error: (01/08/2014 08:46:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Lexware Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/08/2014 08:46:34 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Lexware Update Service erreicht.
Error: (01/08/2014 07:59:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update Spring Smart" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/08/2014 07:31:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Client Virtualization Handler" ist vom Dienst "Application Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1053
Error: (01/08/2014 07:31:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Application Virtualization Client" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/08/2014 07:31:54 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Application Virtualization Client erreicht.
Error: (01/08/2014 05:52:04 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/05/2014 08:23:32 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (01/05/2014 05:48:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Oberon Media Game Console service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/05/2014 05:48:39 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Oberon Media Game Console service erreicht.
Microsoft Office Sessions:
=========================
Error: (01/08/2014 07:57:10 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
Error: (01/08/2014 03:32:20 PM) (Source: Application Error)(User: )
Description: Mail.exe6.10.0.54faba5f4Mail.exe6.10.0.54faba5f4c0000005001df22e169401cf0c7cc594ef6dC:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeC:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeadf9a8ec-7871-11e3-94bf-6c626d29f565
Error: (01/08/2014 03:18:06 PM) (Source: Application Error)(User: )
Description: Mail.exe6.10.0.54faba5f4funMsgMc.dll6.7.0.24faba629c000000500020d4f1b9801cf0c7c01cbc0e4C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeC:\PROGRA~2\T-Online\T-ONLI~1\eMail\bin\funMsgMc.dllb0f003f4-786f-11e3-94bf-6c626d29f565
Error: (01/08/2014 03:18:04 PM) (Source: Application Error)(User: )
Description: Mail.exe6.10.0.54faba5f4Mail.exe6.10.0.54faba5f4c0000005001df22e1b9801cf0c7c01cbc0e4C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeC:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeafaeaa2f-786f-11e3-94bf-6c626d29f565
Error: (01/08/2014 03:12:56 PM) (Source: ESENT)(User: )
Description: wlmail12336WindowsLiveMail0:
Error: (01/08/2014 03:07:28 PM) (Source: Application Error)(User: )
Description: Mail.exe6.10.0.54faba5f4funMsgMc.dll6.7.0.24faba629c000000500020d4f150401cf0c7ad10b9ed2C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeC:\PROGRA~2\T-Online\T-ONLI~1\eMail\bin\funMsgMc.dll3499cfcf-786e-11e3-94bf-6c626d29f565
Error: (01/08/2014 03:07:21 PM) (Source: Application Error)(User: )
Description: Mail.exe6.10.0.54faba5f4Mail.exe6.10.0.54faba5f4c0000005001df22e150401cf0c7ad10b9ed2C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeC:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exe301e788b-786e-11e3-94bf-6c626d29f565
Error: (01/08/2014 02:42:37 PM) (Source: Application Error)(User: )
Description: Mail.exe6.10.0.54faba5f4funMsgMc.dll6.7.0.24faba629c000000500020d4fdc801cf0c6cc675e031C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeC:\PROGRA~2\T-Online\T-ONLI~1\eMail\bin\funMsgMc.dllbbaa0e18-786a-11e3-a700-6c626d29f565
Error: (01/08/2014 02:42:28 PM) (Source: Application Error)(User: )
Description: Mail.exe6.10.0.54faba5f4Mail.exe6.10.0.54faba5f4c0000005001df22edc801cf0c6cc675e031C:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeC:\Program Files (x86)\T-Online\T-Online_Software_6\eMail\Mail.exeb65adc5b-786a-11e3-a700-6c626d29f565
Error: (01/08/2014 02:26:37 PM) (Source: Microsoft-Windows-RestartManager)(User: Msi-msi)
Description: 1SearchIndexer.exeWindows Search03026216113960
CodeIntegrity Errors:
===================================
Date: 2014-01-08 13:49:26.793
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-08 13:49:26.791
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-08 13:49:26.788
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-08 13:49:26.772
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-08 13:49:26.770
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-08 13:49:26.767
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-03 16:36:35.902
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-03 16:36:35.902
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-03 16:36:35.902
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-12-03 16:36:35.887
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 51%
Total physical RAM: 3886 MB
Available physical RAM: 1882.11 MB
Total Pagefile: 7770.14 MB
Available Pagefile: 5283.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: (OS_Install) (Fixed) (Total:273.4 GB) (Free:206.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:177.26 GB) (Free:7.7 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 18C3A4CD)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=273 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=177 GB) - (Type=07 NTFS)
==================== End Of Log ============================
defogger funktionierte nicht. Vielen Dank für eure Unterstützung. Rocabe |
|
08.01.2014, 21:56
| #2 |
| | Nation Zoom endgültig vernichtet? Hier noch gmer.text
__________________Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-08 21:31:58
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: hdxldfvk.exe; Driver: C:\Users\Msi\AppData\Local\Temp\fxldypog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1408] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775e1465 2 bytes [5E, 77]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1408] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775e14bb 2 bytes [5E, 77]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1512] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077b1fa38 5 bytes JMP 00000001754619e8
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1512] C:\windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b1ffc8 5 bytes JMP 000000017546209e
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2124] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775e1465 2 bytes [5E, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2124] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775e14bb 2 bytes [5E, 77]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2332] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775e1465 2 bytes [5E, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2332] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775e14bb 2 bytes [5E, 77]
.text ... * 2
.text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2988] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775e1465 2 bytes [5E, 77]
.text C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2988] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775e14bb 2 bytes [5E, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[3396] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE!?SparseBitMask@DataSourceDescription@FlexUI@@2HB + 960 000000002d525984 4 bytes [2B, 3B, 5D, 68]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[3396] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775e1465 2 bytes [5E, 77]
.text C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[3396] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775e14bb 2 bytes [5E, 77]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3828] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775e1465 2 bytes [5E, 77]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3828] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775e14bb 2 bytes [5E, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2000] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775e1465 2 bytes [5E, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2000] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775e14bb 2 bytes [5E, 77]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3644] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775e1465 2 bytes [5E, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3644] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775e14bb 2 bytes [5E, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775e1465 2 bytes [5E, 77]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3576] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775e14bb 2 bytes [5E, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3696] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775e1465 2 bytes [5E, 77]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3696] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775e14bb 2 bytes [5E, 77]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3296] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775e1465 2 bytes [5E, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3296] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775e14bb 2 bytes [5E, 77]
.text ... * 2
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077b1f970 5 bytes JMP 0000000165fc6f86
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtQueryObject 0000000077b1f988 5 bytes JMP 0000000165fc741f
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtOpenKey 0000000077b1f9b8 5 bytes JMP 0000000165fc1027
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 0000000077b1f9d0 5 bytes JMP 0000000165fc08b2
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtQueryKey 0000000077b1fa20 5 bytes JMP 0000000165fc072c
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077b1fa38 5 bytes JMP 0000000165fc083a
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtCreateKey 0000000077b1fad0 5 bytes JMP 0000000165fc13d1
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000077b1fbc8 5 bytes JMP 0000000165fc53c5
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtEnumerateKey 0000000077b1fcdc 5 bytes JMP 0000000165fc06b4
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077b1fcf4 5 bytes JMP 0000000165fc59b5
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 0000000077b1fd28 5 bytes JMP 0000000165fc4a3a
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077b1fdd4 5 bytes JMP 0000000165fc7001
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 0000000077b1fdec 5 bytes JMP 0000000165fc5b37
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077b20044 5 bytes JMP 0000000165fc57ed
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077b20154 5 bytes JMP 0000000165fc092a
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtDeleteFile 0000000077b20974 5 bytes JMP 0000000165fc55e0
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtDeleteKey 0000000077b2098c 5 bytes JMP 0000000165fbd7fa
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077b209d4 5 bytes JMP 0000000165fbd8c8
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077b20b10 5 bytes JMP 0000000165fbd861
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077b20f00 5 bytes JMP 0000000165fc09a2
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b20f18 5 bytes JMP 0000000165fc0dff
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077b20fa8 5 bytes JMP 0000000165fc112f
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 0000000077b212cc 5 bytes JMP 0000000165fc5bc7
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 0000000077b2140c 5 bytes JMP 0000000165fc0d83
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077b214b8 5 bytes JMP 0000000165fc7397
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077b216a8 5 bytes JMP 0000000165fbdd06
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077b219e8 5 bytes JMP 0000000165fc07b4
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077b21b2c 5 bytes JMP 0000000165fc712e
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!CreateProcessW 000000007760102d 5 bytes JMP 0000000165f99bba
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!CreateProcessA 0000000077601062 5 bytes JMP 0000000165f99cf8
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007762126f 5 bytes JMP 0000000165f99f2e
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!ReplaceFile 000000007762cb4c 5 bytes JMP 0000000165f97e04
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!ReplaceFileA 000000007767ed41 5 bytes JMP 0000000165f97d24
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!SetDllDirectoryW 0000000077680347 5 bytes JMP 0000000165f9a851
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!SetDllDirectoryA 00000000776803ef 5 bytes JMP 0000000165f9ab84
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!WinExec 0000000077682f19 5 bytes JMP 0000000165f9a3f3
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!AllocConsole 00000000776a68c6 5 bytes JMP 0000000165fc8595
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\kernel32.dll!AttachConsole 00000000776a698a 5 bytes JMP 0000000165fc85a7
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077512aa4 5 bytes JMP 0000000165f9ad8f
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\USER32.dll!CreateWindowExW 00000000773d8b9a 5 bytes JMP 0000000165fc857d
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\USER32.dll!CreateWindowExA 00000000773da5e6 5 bytes JMP 0000000165fc8565
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\GDI32.dll!AddFontResourceW 0000000075cfd26a 5 bytes JMP 0000000165fa81eb
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\GDI32.dll!AddFontResourceA 0000000075cfd773 5 bytes JMP 0000000165fa81cf
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesW 00000000757d1ec8 7 bytes JMP 0000000165fab1d3
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW 00000000757dbc43 7 bytes JMP 0000000165fac0f4
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW 00000000757fdf7f 7 bytes JMP 0000000165fab87a
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW 00000000757fe03b 7 bytes JMP 0000000165faba2b
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA 00000000757ff7be 7 bytes JMP 0000000165fac1ba
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000758114fd 5 bytes JMP 0000000165f9a070
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA 0000000075830276 7 bytes JMP 0000000165fab932
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA 0000000075830319 7 bytes JMP 0000000165fabae3
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusA 0000000075830709 7 bytes JMP 0000000165fac036
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesA 00000000758307ec 7 bytes JMP 0000000165fab28a
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusW 0000000075830909 5 bytes JMP 0000000165fabf78
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!ControlService 00000000772a4d5c 3 bytes JMP 0000000165fab018
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!ControlService + 4 00000000772a4d60 3 bytes [EE, CC, CC]
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!CloseServiceHandle 00000000772a4dc3 7 bytes JMP 0000000165fab341
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!QueryServiceStatus 00000000772a4e4b 7 bytes JMP 0000000165fab0a4
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!QueryServiceStatusEx 00000000772a4eaf 7 bytes JMP 0000000165fab137
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!StartServiceW 00000000772a4f35 7 bytes JMP 0000000165faae93
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!StartServiceA 00000000772a508d 7 bytes JMP 0000000165faaf29
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity 00000000772a50f4 7 bytes JMP 0000000165fabe46
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000772a5181 3 bytes JMP 0000000165fabee2
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 4 00000000772a5185 3 bytes [EE, CC, CC]
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000772a5254 7 bytes JMP 0000000165fab542
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000772a53d5 7 bytes JMP 0000000165fab45d
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000772a54c2 7 bytes JMP 0000000165fab7e4
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000772a55e2 7 bytes JMP 0000000165fab74e
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000772a567c 7 bytes JMP 0000000165faac75
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000772a589f 7 bytes JMP 0000000165faab9f
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000772a5a22 7 bytes JMP 0000000165fab3cf
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigA 00000000772a5a83 7 bytes JMP 0000000165fabc75
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigW 00000000772a5b29 7 bytes JMP 0000000165fabbdc
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!ControlServiceExA 00000000772a5ca0 7 bytes JMP 0000000165faa34f
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!ControlServiceExW 00000000772a5d8c 7 bytes JMP 0000000165faa2d6
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!OpenSCManagerW 00000000772a63ad 7 bytes JMP 0000000165faa89d
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!OpenSCManagerA 00000000772a64f0 7 bytes JMP 0000000165faa929
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2A 00000000772a6633 7 bytes JMP 0000000165fabdaa
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2W 00000000772a680c 7 bytes JMP 0000000165fabd0e
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!OpenServiceW 00000000772a714b 7 bytes JMP 0000000165faaa12
.text C:\windows\system32\svchost.exe[4272] C:\windows\SysWOW64\sechost.dll!OpenServiceA 00000000772a7245 7 bytes JMP 0000000165faaa9e
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoRegisterPSClsid 0000000076cc3316 5 bytes JMP 0000000165fb196d
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoResumeClassObjects + 7 0000000076cce5f4 7 bytes JMP 0000000165fb1f3e
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!OleRun 0000000076ccf910 5 bytes JMP 0000000165fb1df9
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoRegisterClassObject 0000000076cd121d 5 bytes JMP 0000000165fb2a6e
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoRevokeClassObject 0000000076cd2a9d 5 bytes JMP 0000000165fb13ca
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!OleUninitialize 0000000076cde982 6 bytes JMP 0000000165fb1d18
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!OleInitialize 0000000076cdef3b 5 bytes JMP 0000000165fb1ca8
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoGetPSClsid 0000000076ce3b0f 5 bytes JMP 0000000165fb1ae5
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoGetClassObject 0000000076cfa394 5 bytes JMP 0000000165fb2ffc
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoInitializeEx 0000000076d008cc 5 bytes JMP 0000000165fb1b58
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoUninitialize 0000000076d07197 5 bytes JMP 0000000165fb1bda
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076d1590c 5 bytes JMP 0000000165fb42ca
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076d1594f 5 bytes JMP 0000000165fb2405
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 0000000076d2b16d 7 bytes JMP 0000000165fb1e69
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!CoGetInstanceFromFile 0000000076d8149a 5 bytes JMP 0000000165fb34bc
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\ole32.dll!OleRegEnumFormatEtc 0000000076dccd0d 5 bytes JMP 0000000165fb1d83
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\OLEAUT32.dll!RegisterActiveObject 000000007758279e 5 bytes JMP 0000000165fb165d
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\OLEAUT32.dll!RevokeActiveObject 0000000077583294 5 bytes JMP 0000000165fb177e
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\OLEAUT32.dll!GetActiveObject 0000000077598f58 5 bytes JMP 0000000165fb17f1
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775e1465 2 bytes [5E, 77]
.text C:\windows\system32\svchost.exe[4272] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775e14bb 2 bytes [5E, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtClose 0000000077b1f970 5 bytes JMP 0000000165fc6f86
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtQueryObject 0000000077b1f988 5 bytes JMP 0000000165fc741f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtOpenKey 0000000077b1f9b8 5 bytes JMP 0000000165fc1027
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 0000000077b1f9d0 5 bytes JMP 0000000165fc08b2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtQueryKey 0000000077b1fa20 5 bytes JMP 0000000165fc072c
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077b1fa38 5 bytes JMP 0000000165fc083a
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtCreateKey 0000000077b1fad0 5 bytes JMP 0000000165fc13d1
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000077b1fbc8 5 bytes JMP 0000000165fc53c5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtEnumerateKey 0000000077b1fcdc 5 bytes JMP 0000000165fc06b4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077b1fcf4 5 bytes JMP 0000000165fc59b5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 0000000077b1fd28 5 bytes JMP 0000000165fc4a3a
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077b1fdd4 5 bytes JMP 0000000165fc7001
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 0000000077b1fdec 5 bytes JMP 0000000165fc5b37
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077b20044 5 bytes JMP 0000000165fc57ed
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077b20154 5 bytes JMP 0000000165fc092a
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtDeleteFile 0000000077b20974 5 bytes JMP 0000000165fc55e0
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtDeleteKey 0000000077b2098c 5 bytes JMP 0000000165fbd7fa
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077b209d4 5 bytes JMP 0000000165fbd8c8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077b20b10 5 bytes JMP 0000000165fbd861
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077b20f00 5 bytes JMP 0000000165fc09a2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077b20f18 5 bytes JMP 0000000165fc0dff
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077b20fa8 5 bytes JMP 0000000165fc112f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 0000000077b212cc 5 bytes JMP 0000000165fc5bc7
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 0000000077b2140c 5 bytes JMP 0000000165fc0d83
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077b214b8 5 bytes JMP 0000000165fc7397
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077b216a8 5 bytes JMP 0000000165fbdd06
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077b219e8 5 bytes JMP 0000000165fc07b4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077b21b2c 5 bytes JMP 0000000165fc712e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!CreateProcessW 000000007760102d 5 bytes JMP 0000000165f99bba
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!CreateProcessA 0000000077601062 5 bytes JMP 0000000165f99cf8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007762126f 5 bytes JMP 0000000165f99f2e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!ReplaceFile 000000007762cb4c 5 bytes JMP 0000000165f97e04
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!ReplaceFileA 000000007767ed41 5 bytes JMP 0000000165f97d24
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!SetDllDirectoryW 0000000077680347 5 bytes JMP 0000000165f9a851
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!SetDllDirectoryA 00000000776803ef 5 bytes JMP 0000000165f9ab84
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!WinExec 0000000077682f19 5 bytes JMP 0000000165f9a3f3
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!AllocConsole 00000000776a68c6 5 bytes JMP 0000000165fc8595
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\kernel32.dll!AttachConsole 00000000776a698a 5 bytes JMP 0000000165fc85a7
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077512aa4 5 bytes JMP 0000000165f9ad8f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\USER32.dll!CreateWindowExW 00000000773d8b9a 5 bytes JMP 0000000165fc857d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\USER32.dll!CreateWindowExA 00000000773da5e6 5 bytes JMP 0000000165fc8565
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\GDI32.dll!AddFontResourceW 0000000075cfd26a 5 bytes JMP 0000000165fa81eb
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\GDI32.dll!AddFontResourceA 0000000075cfd773 5 bytes JMP 0000000165fa81cf
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesW 00000000757d1ec8 7 bytes JMP 0000000165fab1d3
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExW 00000000757dbc43 7 bytes JMP 0000000165fac0f4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameW 00000000757fdf7f 7 bytes JMP 0000000165fab87a
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameW 00000000757fe03b 7 bytes JMP 0000000165faba2b
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusExA 00000000757ff7be 7 bytes JMP 0000000165fac1ba
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000758114fd 5 bytes JMP 0000000165f9a070
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!GetServiceKeyNameA 0000000075830276 7 bytes JMP 0000000165fab932
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!GetServiceDisplayNameA 0000000075830319 7 bytes JMP 0000000165fabae3
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusA 0000000075830709 7 bytes JMP 0000000165fac036
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!EnumDependentServicesA 00000000758307ec 7 bytes JMP 0000000165fab28a
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ADVAPI32.dll!EnumServicesStatusW 0000000075830909 5 bytes JMP 0000000165fabf78
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!ControlService 00000000772a4d5c 3 bytes JMP 0000000165fab018
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!ControlService + 4 00000000772a4d60 3 bytes [EE, CC, CC]
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!CloseServiceHandle 00000000772a4dc3 7 bytes JMP 0000000165fab341
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!QueryServiceStatus 00000000772a4e4b 7 bytes JMP 0000000165fab0a4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!QueryServiceStatusEx 00000000772a4eaf 7 bytes JMP 0000000165fab137
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!StartServiceW 00000000772a4f35 7 bytes JMP 0000000165faae93
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!StartServiceA 00000000772a508d 7 bytes JMP 0000000165faaf29
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!QueryServiceObjectSecurity 00000000772a50f4 7 bytes JMP 0000000165fabe46
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000772a5181 3 bytes JMP 0000000165fabee2
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 4 00000000772a5185 3 bytes [EE, CC, CC]
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000772a5254 7 bytes JMP 0000000165fab542
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000772a53d5 7 bytes JMP 0000000165fab45d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000772a54c2 7 bytes JMP 0000000165fab7e4
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000772a55e2 7 bytes JMP 0000000165fab74e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!CreateServiceA 00000000772a567c 7 bytes JMP 0000000165faac75
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!CreateServiceW 00000000772a589f 7 bytes JMP 0000000165faab9f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!DeleteService 00000000772a5a22 7 bytes JMP 0000000165fab3cf
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigA 00000000772a5a83 7 bytes JMP 0000000165fabc75
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!QueryServiceConfigW 00000000772a5b29 7 bytes JMP 0000000165fabbdc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!ControlServiceExA 00000000772a5ca0 7 bytes JMP 0000000165faa34f
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!ControlServiceExW 00000000772a5d8c 7 bytes JMP 0000000165faa2d6
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!OpenSCManagerW 00000000772a63ad 7 bytes JMP 0000000165faa89d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!OpenSCManagerA 00000000772a64f0 7 bytes JMP 0000000165faa929
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2A 00000000772a6633 7 bytes JMP 0000000165fabdaa
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!QueryServiceConfig2W 00000000772a680c 7 bytes JMP 0000000165fabd0e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!OpenServiceW 00000000772a714b 7 bytes JMP 0000000165faaa12
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\SysWOW64\sechost.dll!OpenServiceA 00000000772a7245 7 bytes JMP 0000000165faaa9e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoRegisterPSClsid 0000000076cc3316 5 bytes JMP 0000000165fb196d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoResumeClassObjects + 7 0000000076cce5f4 7 bytes JMP 0000000165fb1f3e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!OleRun 0000000076ccf910 5 bytes JMP 0000000165fb1df9
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoRegisterClassObject 0000000076cd121d 5 bytes JMP 0000000165fb2a6e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoRevokeClassObject 0000000076cd2a9d 5 bytes JMP 0000000165fb13ca
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!OleUninitialize 0000000076cde982 6 bytes JMP 0000000165fb1d18
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!OleInitialize 0000000076cdef3b 5 bytes JMP 0000000165fb1ca8
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoGetPSClsid 0000000076ce3b0f 5 bytes JMP 0000000165fb1ae5
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoGetClassObject 0000000076cfa394 5 bytes JMP 0000000165fb2ffc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoInitializeEx 0000000076d008cc 5 bytes JMP 0000000165fb1b58
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoUninitialize 0000000076d07197 5 bytes JMP 0000000165fb1bda
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076d1590c 5 bytes JMP 0000000165fb42ca
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076d1594f 5 bytes JMP 0000000165fb2405
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 0000000076d2b16d 7 bytes JMP 0000000165fb1e69
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!CoGetInstanceFromFile 0000000076d8149a 5 bytes JMP 0000000165fb34bc
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\ole32.dll!OleRegEnumFormatEtc 0000000076dccd0d 5 bytes JMP 0000000165fb1d83
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\oleaut32.dll!RegisterActiveObject 000000007758279e 5 bytes JMP 0000000165fb165d
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\oleaut32.dll!RevokeActiveObject 0000000077583294 5 bytes JMP 0000000165fb177e
.text C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4552] C:\windows\syswow64\oleaut32.dll!GetActiveObject 0000000077598f58 5 bytes JMP 0000000165fb17f1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5400] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775e1465 2 bytes [5E, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5400] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775e14bb 2 bytes [5E, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe[3504] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775e1465 2 bytes [5E, 77]
.text C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe[3504] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775e14bb 2 bytes [5E, 77]
.text ... * 2
---- Kernel IAT/EAT - GMER 2.1 ----
IAT C:\windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88004b45ea4] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]
---- Threads - GMER 2.1 ----
Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [184:1864] 00000000772a7587
Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [184:4232] 000000005c7c758a
Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [184:3324] 0000000077b52e3e
Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [184:5300] 0000000077b53e59
Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [184:5164] 0000000077b53e59
Thread C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [184:3268] 0000000077b53e59
---- Processes - GMER 2.1 ----
Library Q:\140066.deu\Office14\MSOSYNC.EXE (*** suspicious ***) @ Q:\140066.deu\Office14\MSOSYNC.EXE [4272] 000000002df40000
Library Q:\140066.deu\Office14\1031\ospintl.dll (*** suspicious ***) @ Q:\140066.deu\Office14\MSOSYNC.EXE [4272] 0000000063ee0000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\RICHED20.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\MSOSYNC.EXE [4272] 000000005eea0000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSPTLS.DLL (*** suspicious ***) @ Q:\140066.deu\Office14\MSOSYNC.EXE [4272] 000000005f3d0000
Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\Csi.dll (*** suspicious ***) @ Q:\140066.deu\Office14\MSOSYNC.EXE [4272] 000000005d560000
---- EOF - GMER 2.1 ----
|
| Themen zu Nation Zoom endgültig vernichtet? |
| browser, computer, desktop, downloader, ebanking, error, failed, flash player, frage, google, helper, home, iexplore.exe, kaspersky, klelam.sys, mozilla, plug-in, realtek, registry, scan, security, shark, software, svchost.exe, symantec, system, usb, vcredist, virus |
Linear-Darstellung
