Thomas_5 | 08.10.2014 20:49 | Teil 3 (es kommt noch Teil 4)
Addition-1.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by Gabi at 2014-10-07 22:11:47
Running from C:\Users\Gabi\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACDSee Foto-Editor (HKLM-x32\...\{53AD87D3-72AE-4D07-8A7A-1F4D54E83777}) (Version: 4.00.208 - ACD Systems Ltd.)
ACDSee Foto-Manager 2009 (HKLM-x32\...\{300578F9-9EFF-4B93-9AB1-C0E5707EF463}) (Version: 11.0.115 - ACD Systems International)
ACDSee Image Decoder Update (HKLM-x32\...\{047A167B-0C6B-41F3-B5E6-E968F92468C1}) (Version: 2.0.5 - ACD Systems)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced Driver Updater (HKLM-x32\...\Advanced Driver Updater_is1) (Version: 2.1.1086.15131 - Systweak Inc)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 14 v.14.0.5 (HKLM-x32\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Movie Studio Pro v.1.0.7 (HKLM-x32\...\{91B33C97-EC92-2CD7-E21F-4FEF6AA572AA}_is1) (Version: 1.0.7 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 10 v.10.3.0 (HKLM-x32\...\{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1) (Version: 10.03.00 - Ashampoo GmbH & Co. KG)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.7.8981 - )
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.174.0 - Microsoft Corporation)
Browser Guard (HKLM-x32\...\Browser Guard) (Version: - )
BurnAware Free 6.9.3 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware)
BurnAware Free Download Packages (HKCU\...\BurnAware Free Download Packages) (Version: - ) <==== ATTENTION
Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version: - )
Canon MP600 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.2.21 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)
Document Express DjVu Plug-in (HKLM-x32\...\{DB90B88C-DDA6-4831-B73D-58B4B8F3D349}) (Version: 6.1.27549 - Caminova, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2014.1.24.0 - ) <==== ATTENTION
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
Free YouTube Download version 3.2.43.806 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.43.806 - DVDVideoSoft Ltd.)
Freemake Video Converter Free Download Packages (HKCU\...\Freemake Video Converter Free Download Packages) (Version: - ) <==== ATTENTION
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Inpaint 5.2 (HKLM-x32\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
IrfanView Download Packages (HKCU\...\IrfanView Download Packages) (Version: - ) <==== ATTENTION
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Lizardtech DjVu Control (HKLM-x32\...\{105CFC7C-6992-11D5-BD9D-000102C10FD8}) (Version: - )
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Media Center SDK 6.0 (HKLM-x32\...\{E363B2CF-627B-492D-8881-702D0AE4F50C}) (Version: 7.0.0.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden
Ocster Backup Pro (HKLM\...\Ocster Backup) (Version: 8.15 - Ocster GmbH & Co. KG)
Oracle Data Provider for .NET Help (HKLM-x32\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 10.2.020 - Oracle Corporation)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PIXELA AAC LC CODEC (HKLM-x32\...\PIXELA AAC LC CODEC) (Version: 1.1.0.1 - Canon Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7084 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Skype Free Download Packages (HKCU\...\Skype Free Download Packages) (Version: - ) <==== ATTENTION
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Transfer Utility LE (HKLM-x32\...\{F2C2709B-FB3D-458C-B12E-9AAA5EDCA670}) (Version: 1.00.004 - PIXELA)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{4B93560B-F33D-4A67-A224-F5E1C329BD22}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
VideoPad Video-Editor (HKLM-x32\...\VideoPad) (Version: 3.25 - NCH Software)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
WavePad Audio-Editor (HKLM-x32\...\WavePad) (Version: 5.71 - NCH Software)
Windows Internet Explorer 10 (x32 Version: 10.0 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
07-10-2014 15:56:41 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02BAD771-29AE-4F87-86E2-66724A4AE0AD} - System32\Tasks\{EFE0F532-2A73-4D21-8AED-C0836875B018} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {053A5F36-8158-460E-92F5-5269606A2376} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: {05792E62-12F2-44BE-89D2-47E5850BF6D2} - System32\Tasks\{A60B9513-5CA7-461C-B77C-9F1E2250410E} => C:\Program Files (x86)\SYBEX\Die große Druck-Box\Druckbox.exe
Task: {068D666E-6AA6-44B3-8018-F9E7469CC7F1} - System32\Tasks\{DFB0BA80-18E0-4EEC-86C3-EAF7F33D5BB8} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {06EB6EA9-685B-48A5-A88B-B17BA213A01C} - System32\Tasks\{2DAB612D-4CCC-4DAB-9F94-FB2B9EF0B9E3} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {0B54D784-BADC-45E9-B85A-947E461A000C} - System32\Tasks\{D5D0C80E-CFBD-4E8E-A106-1038B1435F23} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {0E601114-0C97-4CF7-8592-1FEBBD63B008} - System32\Tasks\{16930FA3-9E2F-41EF-A083-5F1D19AFE9D3} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2014-05-15] (Microsoft Corporation)
Task: {0EB211BD-53FC-46B3-99D3-FFAF4B6E62DF} - System32\Tasks\{80E296E5-37D4-409E-9D44-F5E897EA8744} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe
Task: {106D5C8B-0887-4182-A073-558F6CC015AA} - System32\Tasks\{975DF8E9-A2F1-4163-9C55-8C0AA4FF8A3F} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {1170F6B0-C61C-43A9-9453-514F9DEFC700} - System32\Tasks\{0E365111-C9A7-43CD-9015-AD0B4EDEC820} => Firefox.exe
Task: {12177FBD-A7F7-454E-91C2-0FD4F20678E2} - System32\Tasks\{FE3E02D9-54EB-4A9C-A76D-D0F3CE15C9CC} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {18A906B9-5326-4355-875E-83445512BAA2} - System32\Tasks\{748362AD-96C7-493C-8A0B-0EB4C75B3241} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe
Task: {1A299CF4-EE5C-4645-8873-65819DBCBA09} - System32\Tasks\{8EB85395-6DF1-42D1-BCC9-6A2C39D0A06D} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe
Task: {1C99D807-C487-4F14-9A8D-1B92041FB628} - System32\Tasks\{C6B60480-C4B3-4B93-BF85-919436F9DCF1} => C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
Task: {22A1E30A-D0A8-4E63-BAB6-6658ECB5570F} - System32\Tasks\{AEE9FDE0-A111-4974-999F-B408490B8D8C} => C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFMgr.exe
Task: {2413C613-3EEA-42A9-A9EE-4050623C5F7E} - System32\Tasks\{D7BE9AF5-D625-4F96-8078-C3E51416D6DD} => C:\Program Files (x86)\Wetterbox\Wetterbox.exe [2010-02-05] (t-online.de )
Task: {256667D3-6382-4C66-BC05-FE38C9A93824} - System32\Tasks\{B7573703-CF10-4CAD-9D0F-458B6E29B54A} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\starter_avp.exe
Task: {284BB469-B242-4F40-AF2E-543E705B46D3} - System32\Tasks\{644C7C4C-8210-40F1-BEE8-A8BB25545919} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {2856A28F-8AE5-481E-A0C2-069AA946DBF8} - System32\Tasks\{21DBD499-C613-48BA-A0F0-186C4F747769} => C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFMgr.exe
Task: {33876F9F-A8EB-491D-8DBC-F14DD846CFE1} - System32\Tasks\{28DBB7A7-6CD0-4781-B081-10048E698970} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {35A4AD38-C6FE-4CB1-956C-492E4FD00101} - System32\Tasks\{54516D7D-DE58-4952-BDB5-73924135CD01} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {3CC6A791-14B7-4970-B342-9A3D349C78EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {3EF4827F-2181-45DB-99AF-C07C2DD54E7A} - System32\Tasks\{AB114C1D-7266-4AF7-A30E-11B26BE1615F} => C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFMgr.exe
Task: {4F4374BC-3B7E-4A54-A1AA-8FD6ECA70275} - System32\Tasks\{105CE8C3-2ADC-430B-9358-49BB8319D8D3} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe
Task: {53ACADDE-C9AF-4C03-86E9-CF2585090F4E} - System32\Tasks\{A8D91B62-F815-4F1D-A2DB-5D26AE327BC2} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe
Task: {558ECEFA-C5F8-4FC0-9B26-0615C0130AAC} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
Task: {5598CCE9-982E-4477-A692-83B791D7C25D} - System32\Tasks\{BF9D57C8-4EB3-4197-B121-7DF9281C6E83} => C:\Program Files (x86)\Common Files\ACD Systems\DE\DevDetect.exe
Task: {5FF0F40F-9D9C-4DDC-BF28-00EC30AF6836} - System32\Tasks\{F9E1DD75-D3E2-4306-A4E9-77AD1E3E440F} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {661A0E7E-68C6-495E-A657-0315DE890E51} - System32\Tasks\AdvancedDriverUpdater_UPDATES => C:\Program Files (x86)\Advanced Driver Updater\adu.exe [2013-03-08] (Systweak Inc)
Task: {670F6793-B7C9-46E0-88CC-001E8D22E252} - System32\Tasks\Ashampoo UnInstaller 5 => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe
Task: {6BAB4395-D4C6-477B-9F19-2F6F6A337259} - System32\Tasks\{9E7A4809-517D-41C6-A7FA-F9E5DF7A8CDF} => C:\Program Files (x86)\DATA BECKER\Skat-Ass 3 - Gläserne Karten\skat.exe
Task: {6DDAE403-6E11-4128-8F90-A2832FEA1DAB} - System32\Tasks\{338410F2-A2FB-4A54-BE0A-4F0DA5D119FE} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe
Task: {74A7EC1B-857B-4488-82AF-03DED0AB0BE0} - System32\Tasks\{9E010073-9998-45F1-A581-5125A55A7A68} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {796B0B0F-B897-4953-B1B2-7E9EEBE90FE4} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe <==== ATTENTION
Task: {7B336E60-CD95-4216-9BCE-1C335774A8E7} - System32\Tasks\{BF75E81F-4726-488E-9F11-553D186A9250} => C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
Task: {7DF9475A-4849-4086-B12E-83014A46C879} - System32\Tasks\{CDB43B5A-D121-4DF5-A8DC-EF60D4BBE90A} => C:\Program Files (x86)\DATA BECKER\Skat-Ass 3 - Gläserne Karten\skat.exe
Task: {7EEA12D3-BBBA-4E8F-A91B-469BB8627671} - System32\Tasks\{465C18D9-E052-47EA-8392-BA413D7901C4} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {847A94C0-07D3-41E5-A581-33085976608B} - System32\Tasks\{43DAF3C9-689E-4D7D-85B9-95CFDB2B56C2} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {85652B33-BBBA-4797-803B-01BD530137DC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {894AD76D-CC3B-46B3-924E-F0276E7B039D} - System32\Tasks\{D754773D-5842-4673-856C-06A2F649C881} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe
Task: {8A4BF58B-94B6-48DA-BC69-967673A37364} - System32\Tasks\{2A6D5D12-AC3F-4F56-9629-72EA3F526508} => C:\Program Files (x86)\SYBEX\Die große Druck-Box\Druckbox.exe
Task: {8F33458C-9E20-4AEF-A183-9F68E06DA86A} - System32\Tasks\{F3401210-6A4F-4340-8F3E-AB35C777A196} => C:\Program Files (x86)\DATA BECKER\Visitenkarten-Druckerei 10\BC05.exe
Task: {8F8DB379-D692-4E24-9CEF-F2819BE786E2} - System32\Tasks\{3EB5B1CC-807D-4893-992D-30D23BD96179} => C:\Program Files\Netzmanager\netzmanager.exe
Task: {90329D18-9C6D-455A-B027-4985FF013982} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25] (Google Inc.)
Task: {96987873-4F4F-4757-9B5C-58BAFCC841BE} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {971D492A-A3A0-4618-87C9-017E8472A04D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation)
Task: {9B79E0AD-BB8B-483E-93F3-0D0CEF74C9DF} - System32\Tasks\Fifth => C:\Users\Gabi\AppData\Roaming\Fifth\Fifth.exe [2014-03-04] () <==== ATTENTION
Task: {9E1DD50F-FC41-4E4F-9BFD-1EAD4F270FF7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3834002493-4226875369-3535069347-1000
Task: {A05925C6-2CDE-40BF-A026-1BFCE77C1527} - System32\Tasks\{C048A249-E48A-4BC2-B15F-0656BF27CD91} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-10] (Mozilla Corporation)
Task: {A411E66A-04F8-4DC8-A593-7BEEE4FC8332} - System32\Tasks\{E02CA656-60DC-425D-AABD-242A412B746E} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe
Task: {A7AFD7CB-818A-4F4A-B457-2E056AA4F30C} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: {A7E6E67A-5808-49DF-9000-0677CD3FD176} - System32\Tasks\{082DAF34-EDA8-4AA9-A383-820499D2C4BE} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {A94B14D7-E7B5-43CA-B0F4-1ECD9D8A6C51} - System32\Tasks\{263E2A6B-FA6C-49FB-9759-B42DDE9A1DE6} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.104.259/de/abandoninstall?page=tsChrome&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {AE0ECA0A-9100-4606-B346-9533B0740B85} - System32\Tasks\OMESupervisor => C:\Users\Gabi\AppData\Local\omesuperv.exe [2014-03-04] () <==== ATTENTION
Task: {AEE815BD-928E-4B21-BF78-46CF8A65685C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {B0DC6A06-C9EB-439A-9E53-A44B57FE51B8} - System32\Tasks\{A34CF5D2-DAC1-432A-81AF-6425F048C6FA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {B8987F0B-334B-44D1-A148-B40D5D8609CE} - System32\Tasks\{97F0DC32-C1D9-4A2B-9146-8537D344C587} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe
Task: {BA763B54-1804-4A7F-A217-A4B373ECDE60} - System32\Tasks\{A20E6AF9-41D6-405A-9C39-FF7DAC239F01} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {BB3AFC41-279A-44CB-96B2-D6311FF68DE2} - System32\Tasks\{5CADFEFE-2B94-4C93-87C6-636B34D6999E} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {BF4D038D-7799-4F95-B5EB-83FCCD4B1AC6} - System32\Tasks\{8A366ACA-B741-43B8-A420-7E8198D17C16} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {C47F34BA-36CE-414F-8177-CA148D440196} - System32\Tasks\{EE0E0267-9856-43FB-B84C-E310DC9A0704} => C:\Program Files (x86)\DATA BECKER\Visitenkarten-Druckerei 10\BC05.exe
Task: {CFEA226E-049F-42F2-ABCA-D61A7452E32C} - System32\Tasks\{4F3981A5-7150-42B7-92C3-DAF194629515} => C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\UI5.exe
Task: {D2169E60-748D-4B7A-8DC5-CEDB3C66EB10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25] (Google Inc.)
Task: {D4272719-3868-4884-A970-831A6CA33768} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D7182F84-461D-45E4-8FDC-129C38C5E621} - System32\Tasks\{105A440F-9E8E-42C5-A748-DD8EADA8806B} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {DE954CDE-798E-4E69-B460-3A2F3127FF10} - System32\Tasks\{5DB777F1-762D-4651-BCA7-35B55C2265C6} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: {DEA23593-53A0-467E-AA02-6B5B42C82F1A} - System32\Tasks\{25E094D2-9767-42EC-90A0-892447BFE019} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {DF628A14-5E6C-4E41-9B9A-0B0B788C22C9} - System32\Tasks\{FBAC92AE-D39B-4816-94CF-D8F2C22C0BAD} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe
Task: {E3ADE583-B6C3-4C4C-9E8C-0E748AECCC6D} - System32\Tasks\{A96C6382-D8C3-40AE-9E0A-FC4DB6A55BB5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {E49BEDBC-E14E-4857-B001-BBD40F81C7A9} - System32\Tasks\{BCBCB7CF-C380-4F68-8B5F-1C6B713DC81D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {E50AB573-B841-4E33-8140-A8D5FE95E0BA} - System32\Tasks\{317A7A4E-2D2E-4FE7-A2B8-E7CE255820D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [2014-03-20] (Kaspersky Lab ZAO)
Task: {E7E2BD4B-CAB0-4C67-8422-AA82F3B97B47} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2014-03-04] (Trusted Software ApS) <==== ATTENTION
Task: {EAE9BD8C-2D63-4F21-81DB-49ABF3E93CEB} - System32\Tasks\{61C6D3EB-D82F-423D-A8AA-A1E23C7910F6} => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe
Task: {EB265778-8AED-4C65-80E4-CF63880F14DB} - System32\Tasks\{2144E255-C3B4-470C-BDB5-929B9E4FF282} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe
Task: {ECFA4AA8-AB31-4D9D-AC60-5AF7A44ECE1D} - System32\Tasks\One-Click Optimizer => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe [2013-11-19] (Ashampoo Development GmbH & Co. KG)
Task: {F03BCAE4-B30D-40B2-A6FE-609D972EC20C} - System32\Tasks\{1978A92C-F1CC-4F1D-864F-81F946E1AE1A} => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe
Task: {F7BF52E4-2A39-4AA7-8CC7-BC29A8EF610D} - System32\Tasks\{2F5112BB-3685-49A2-BAB6-1BAB4B641E39} => C:\Program Files (x86)\Axonic\click.to\clicktoapp.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job => C:\Program Files (x86)\Advanced Driver Updater\adu.exe
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\One-Click Optimizer.job => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2012-11-05 20:51 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-02-18 14:40 - 2013-02-18 14:40 - 00114176 _____ () C:\Windows\system32\ipstrmgr.exe
2014-02-04 15:27 - 2014-02-04 15:27 - 00023896 _____ () c:\Program Files\Ocster Backup\bin\backupService-ox.exe
2014-02-04 15:27 - 2014-02-04 15:27 - 00103256 _____ () c:\Program Files\Ocster Backup\bin\backupServiceLib.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 11059032 _____ () c:\Program Files\Ocster Backup\bin\backupCore.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00156504 _____ () c:\Program Files\Ocster Backup\bin\deemon.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 04862296 _____ () c:\Program Files\Ocster Backup\bin\ox.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00494424 _____ () c:\Program Files\Ocster Backup\bin\veem.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00060248 _____ () c:\Program Files\Ocster Backup\bin\minizutil.dll
2014-02-03 20:56 - 2014-02-03 20:56 - 00020992 _____ () c:\Program Files\Ocster Backup\bin\zlibutil.dll
2013-09-23 21:24 - 2013-09-23 21:24 - 00076288 _____ () c:\Program Files\Ocster Backup\bin\zdll.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00052568 _____ () c:\Program Files\Ocster Backup\bin\lzmaUtil.dll
2014-02-03 15:56 - 2014-02-03 15:56 - 00049664 _____ () c:\Program Files\Ocster Backup\bin\lzma.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00506200 _____ () c:\Program Files\Ocster Backup\bin\twirl.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00343896 _____ () c:\Program Files\Ocster Backup\bin\tomb.dll
2014-02-03 20:58 - 2014-02-03 20:58 - 00314880 _____ () c:\Program Files\Ocster Backup\bin\party.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00112984 _____ () c:\Program Files\Ocster Backup\bin\scoolite.dll
2014-02-03 15:55 - 2014-02-03 15:55 - 00626688 _____ () c:\Program Files\Ocster Backup\bin\sqlite.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00210264 _____ () c:\Program Files\Ocster Backup\bin\netutil.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00312664 _____ () C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
2014-02-04 15:27 - 2014-02-04 15:27 - 06249816 _____ () C:\Program Files\Ocster Backup\bin\backupClientLib.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00389464 _____ () C:\Program Files\Ocster Backup\bin\updateman.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00506200 _____ () C:\Program Files\Ocster Backup\bin\twirl.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00343896 _____ () C:\Program Files\Ocster Backup\bin\tomb.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 04862296 _____ () C:\Program Files\Ocster Backup\bin\ox.dll
2013-09-23 21:24 - 2013-09-23 21:24 - 00076288 _____ () C:\Program Files\Ocster Backup\bin\zdll.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 11059032 _____ () C:\Program Files\Ocster Backup\bin\backupCore.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00156504 _____ () C:\Program Files\Ocster Backup\bin\deemon.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00494424 _____ () C:\Program Files\Ocster Backup\bin\veem.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00060248 _____ () C:\Program Files\Ocster Backup\bin\minizutil.dll
2014-02-03 20:56 - 2014-02-03 20:56 - 00020992 _____ () C:\Program Files\Ocster Backup\bin\zlibutil.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00052568 _____ () C:\Program Files\Ocster Backup\bin\lzmaUtil.dll
2014-02-03 15:56 - 2014-02-03 15:56 - 00049664 _____ () C:\Program Files\Ocster Backup\bin\lzma.dll
2014-02-03 20:58 - 2014-02-03 20:58 - 00314880 _____ () C:\Program Files\Ocster Backup\bin\party.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00112984 _____ () C:\Program Files\Ocster Backup\bin\scoolite.dll
2014-02-03 15:55 - 2014-02-03 15:55 - 00626688 _____ () C:\Program Files\Ocster Backup\bin\sqlite.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00210264 _____ () C:\Program Files\Ocster Backup\bin\netutil.dll
2014-02-04 15:27 - 2014-02-04 15:27 - 00147288 _____ () C:\Program Files\Ocster Backup\bin\featback.dll
2011-01-06 15:27 - 2011-01-06 15:27 - 03666944 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe
2010-05-23 19:24 - 2010-05-23 19:24 - 01282048 _____ () C:\Program Files\Rainlendar2\LIBEAY32.dll
2010-05-23 19:24 - 2010-05-23 19:24 - 00243712 _____ () C:\Program Files\Rainlendar2\SSLEAY32.dll
2010-05-23 19:30 - 2010-05-23 19:30 - 00160768 _____ () C:\Program Files\Rainlendar2\lua51.dll
2011-01-06 15:27 - 2011-01-06 15:27 - 00306688 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2010-05-23 19:30 - 2010-05-23 19:30 - 00013824 _____ () C:\Program Files\Rainlendar2\lfs.dll
2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-04-14 21:41 - 2014-04-14 21:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-02-03 20:19 - 2014-02-03 20:19 - 00045056 _____ () c:\Program Files\Ocster Backup\bin\oxHelper.exe
2014-02-03 20:19 - 2014-02-03 20:19 - 00045056 _____ () C:\Program Files\Ocster Backup\bin\oxHelper.exe
2014-01-26 15:19 - 2013-11-19 10:11 - 00885096 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2011-03-16 12:11 - 2011-03-16 12:14 - 04743168 _____ () c:\oracle10g\bin\orajox10.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: 70e6ca8c => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: Ashampoo Core Tuner 2 => C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe -TRAY
MSCONFIG\startupreg: Ashampoo WinOptimizer Live-Tuner => "C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTuner.exe" -TRAY
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: NPSStartup =>
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PCSuiteTrayApplication => C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\pdf24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-3834002493-4226875369-3535069347-500 - Administrator - Disabled)
Gabi (S-1-5-21-3834002493-4226875369-3535069347-1000 - Administrator - Enabled) => C:\Users\Gabi
Gast (S-1-5-21-3834002493-4226875369-3535069347-501 - Limited - Enabled)
_ocster_backup_ (S-1-5-21-3834002493-4226875369-3535069347-1011 - Administrator - Enabled) => C:\Users\_ocster_backup_
==================== Faulty Device Manager Devices =============
Name: ttnfd
Description: ttnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ttnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/07/2014 06:58:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (10/05/2014 08:30:24 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "I:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (10/04/2014 09:13:03 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::
Error: (10/04/2014 09:08:49 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::
Error: (10/04/2014 09:08:01 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::
Error: (10/04/2014 09:07:19 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::
Error: (10/04/2014 09:06:55 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::
Error: (10/04/2014 09:05:48 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::
Error: (10/04/2014 09:04:02 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::
Error: (10/03/2014 07:17:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm thunderbird.exe, Version 24.6.0.5274 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1430
Startzeit: 01cfdf2d845b6af3
Endzeit: 0
Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Berichts-ID:
System errors:
=============
Error: (10/07/2014 10:00:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
ttnfd
Error: (10/07/2014 09:58:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/07/2014 09:58:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Search erreicht.
Error: (10/07/2014 09:57:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "OracleORACLE_Home10gTNSListener" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/07/2014 09:57:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst OracleORACLE_Home10gTNSListener erreicht.
Error: (10/07/2014 09:36:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
ttnfd
Error: (10/07/2014 09:34:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/07/2014 09:34:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Search erreicht.
Error: (10/07/2014 04:28:35 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (10/07/2014 03:48:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
ttnfd
Microsoft Office Sessions:
=========================
Error: (10/07/2014 06:58:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Gabi\Documents\SoftonicDownloader_fuer_internet-explorer-9.exe
Error: (10/05/2014 08:30:24 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: I:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (10/04/2014 09:13:03 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::
Error: (10/04/2014 09:08:49 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::
Error: (10/04/2014 09:08:01 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::
Error: (10/04/2014 09:07:19 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::
Error: (10/04/2014 09:06:55 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::
Error: (10/04/2014 09:05:48 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::
Error: (10/04/2014 09:04:02 AM) (Source: ThreadLib) (EventID: 0) (User: )
Description: ThreadLib::Thread Exception::
Error: (10/03/2014 07:17:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: thunderbird.exe24.6.0.5274143001cfdf2d845b6af30C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
CodeIntegrity Errors:
===================================
Date: 2014-09-16 20:34:24.086
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-16 20:34:24.008
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-16 20:34:23.977
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-16 20:34:23.977
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-16 19:36:27.946
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-16 19:36:27.821
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-15 12:44:13.936
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-15 12:44:13.936
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-15 12:44:13.920
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-15 12:44:13.905
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 49%
Total physical RAM: 4091.49 MB
Available physical RAM: 2083.32 MB
Total Pagefile: 8181.16 MB
Available Pagefile: 4794.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:465.76 GB) (Free:235.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (30 Sep 2014) (CDROM) (Total:4.38 GB) (Free:4.38 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2B279F71)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================ Teil 4
Gmer.txt Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-07 21:11:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 STM3500418AS rev.CC38 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Gabi\AppData\Local\Temp\kwtyaaod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800037b0000 45 bytes [00, 02, 04, 00, 00, 00, B6, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800037b002f 16 bytes [00, 00, 00, 54, 0F, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000775ffaa8 5 bytes JMP 0000000172b618dd
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077600038 5 bytes JMP 0000000172b61ed6
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000072db13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000072db146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000072db16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000072db16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000072db19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000072db19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000072db1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000072db1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072db1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1716] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000072db1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000774011f5 8 bytes {JMP 0xd}
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077401390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007740143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 000000007740158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007740191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077401b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077401bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077401d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077401eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077401edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077401f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077401fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077401fd7 8 bytes {JMP 0xb}
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077402272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077402301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077402792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774027b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000774027d2 8 bytes {JMP 0x10}
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007740282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077402890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077402d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077402d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077403023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007740323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000774033c0 16 bytes {JMP 0x4e}
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077403a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077403ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077403b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077403d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077404190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077451380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077451500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077451530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077451650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077451700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077451d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077451f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774527e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000072db13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000072db146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000072db16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000072db16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000072db19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000072db19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000072db1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000072db1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072db1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357.exe[1448] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000072db1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Kernel IAT/EAT - GMER 2.1 ----
IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88002146fb0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Program Files\Windows Sidebar\sidebar.exe[3936] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtClose] [6b03500] C:\Windows\TEMP\logishrd\LVPrcInj02.dll
IAT C:\Program Files\Windows Sidebar\sidebar.exe[3936] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [6b03960] C:\Windows\TEMP\logishrd\LVPrcInj02.dll
IAT C:\Program Files\Windows Sidebar\sidebar.exe[3936] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [6b032f0] C:\Windows\TEMP\logishrd\LVPrcInj02.dll
IAT C:\Program Files\Windows Sidebar\sidebar.exe[3936] @ C:\Windows\system32\KERNELBASE.dll[ntdll.dll!NtDuplicateObject] [6b033d0] C:\Windows\TEMP\logishrd\LVPrcInj02.dll
---- EOF - GMER 2.1 ---- File Gmer-1.txt Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-08 18:21:09
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 STM3500418AS rev.CC38 465,76GB
Running: Gmer-19357(2).exe; Driver: C:\Users\Gabi\AppData\Local\Temp\kwtyaaod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800037b2000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800037b202f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077e6faa8 5 bytes JMP 00000001732718dd
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077e70038 5 bytes JMP 0000000173271ed6
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75]
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75]
.text ... * 2
.text C:\Windows\SysWOW64\svchost.exe[1580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75]
.text C:\Windows\SysWOW64\svchost.exe[1580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075be1465 2 bytes [BE, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075be14bb 2 bytes [BE, 75]
.text ... * 2
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077c711f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077c71390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c7143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077c7158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c7191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077c71b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077c71bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c71d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077c71eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c71edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077c71f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077c71fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077c71fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077c72272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077c72301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077c72792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077c727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077c727d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077c7282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077c72890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077c72d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077c72d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077c73023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077c7323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077c733c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077c73a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077c73ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077c73b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077c73d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077c74190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cc1380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cc1500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cc1530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cc1650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cc1700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cc1d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cc1f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cc27e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000731413cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007314146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000731416d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000731416e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000731419db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000731419fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073141a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073141a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073141a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4980] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073141a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077c711f5 8 bytes {JMP 0xd}
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 0000000077c71390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 0000000077c7143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 0000000077c7158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 0000000077c7191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 0000000077c71b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077c71bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077c71d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 0000000077c71eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077c71edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 0000000077c71f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077c71fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077c71fd7 8 bytes {JMP 0xb}
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 0000000077c72272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 0000000077c72301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 0000000077c72792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077c727b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077c727d2 8 bytes {JMP 0x10}
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077c7282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077c72890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077c72d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 0000000077c72d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 0000000077c73023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 0000000077c7323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 0000000077c733c0 16 bytes {JMP 0x4e}
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077c73a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077c73ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077c73b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 0000000077c73d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077c74190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077cc1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077cc1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077cc1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077cc1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077cc1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077cc1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077cc1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077cc27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000731413cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007314146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000731416d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000731416e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000731419db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000731419fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073141a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073141a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073141a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Gabi\Downloads\Gmer-19357(2).exe[4956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073141a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- EOF - GMER 2.1 ---- |