| |
| |||||||
Log-Analyse und Auswertung: AOL verschickt selbstständig weitergeleitete E-MailWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.04.2014, 18:13
| #1 |
| |  AOL verschickt selbstständig weitergeleitete E-Mail Hallo, habe heute erfahren, dass von mir E-Mails an Bekannte verschickt werden obwohl ich keine E-Mails geschrieben und verschickt habe. Kommen als weitergeleitete E-Mails an und auf Englisch. Allerdings ist keine von diesen E-Mails in dem Ordner "Verschickt" enthalten. Auch habe ich heute erfahren, dass sich der Test mit meiner AOL-Adresse auf https://www.sicherheitstest.bsi.de/ positiv war. Ich habe auch den Kaspersky Internet Security laufen lassen, der hatte aber nichts gefunden. Hier sind schonmal die Log-Dateien: FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2014
Ran by Mama (administrator) on PCMAMA on 21-04-2014 17:19:52
Running from C:\Users\Mama\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(America Online, Inc.) C:\Program Files (x86)\Common Files\aol\1305555921\ee\aolsoftware.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AOL, LLC.) C:\Program Files (x86)\AOL 9.0 VR\waol.exe
(AOL, LLC.) C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1305555921\ee\AOLSoftware.exe [50736 2006-09-26] (America Online, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3838763673-1115839168-2840729140-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL 9.0 VR\AOL.EXE [50480 2007-06-21] (AOL, LLC.)
HKU\S-1-5-21-3838763673-1115839168-2840729140-1000\...\MountPoints2: {77cdf816-dc9e-11e1-97cb-9541aa7aac1d} - F:\AutoRun.exe
HKU\S-1-5-21-3838763673-1115839168-2840729140-1000\...\MountPoints2: {77cdf825-dc9e-11e1-97cb-9541aa7aac1d} - F:\AutoRun.exe
HKU\S-1-5-21-3838763673-1115839168-2840729140-1000\...\MountPoints2: {de2fb934-8bc1-11e1-9474-fa926bfa4118} - G:\LaunchU3.exe -a
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\olrsubmission.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\omnipage.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\scannerwizard.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\youcam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
URLSearchHook: HKCU - (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {56DDBA8C-0531-4AA0-8543-EF60A1FAF78A} URL = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
SearchScopes: HKLM-x32 - {56DDBA8C-0531-4AA0-8543-EF60A1FAF78A} URL = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
SearchScopes: HKCU - DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}
SearchScopes: HKCU - {56DDBA8C-0531-4AA0-8543-EF60A1FAF78A} URL = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: MP3 Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - MP3 Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\eujbdgjb.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\eujbdgjb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-15]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-29]
==================== Services (Whitelisted) =================
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-29] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-29] (Kaspersky Lab ZAO)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-02-19] (Windows (R) 2003 DDK 3790 provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-11-08] (TuneUp Software)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-21 17:19 - 2014-04-21 17:20 - 00016420 _____ () C:\Users\Mama\Desktop\FRST.txt
2014-04-21 17:19 - 2014-04-21 17:19 - 00000000 ____D () C:\FRST
2014-04-21 17:17 - 2014-04-21 17:18 - 02060288 _____ (Farbar) C:\Users\Mama\Desktop\FRST64.exe
2014-04-21 17:16 - 2014-04-21 17:16 - 00000470 _____ () C:\Users\Mama\Desktop\defogger_disable.log
2014-04-21 17:16 - 2014-04-21 17:16 - 00000000 _____ () C:\Users\Mama\defogger_reenable
2014-04-21 17:15 - 2014-04-21 17:15 - 00050477 _____ () C:\Users\Mama\Desktop\Defogger.exe
2014-04-15 12:31 - 2014-04-15 12:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-04-15 07:49 - 2014-04-15 07:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-15 07:49 - 2014-04-15 07:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-06 16:01 - 2014-04-06 16:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-04-21 17:20 - 2014-04-21 17:19 - 00016420 _____ () C:\Users\Mama\Desktop\FRST.txt
2014-04-21 17:20 - 2014-01-30 15:52 - 00000000 ____D () C:\Users\Mama\AppData\Roaming\NetSpeedMonitor
2014-04-21 17:19 - 2014-04-21 17:19 - 00000000 ____D () C:\FRST
2014-04-21 17:18 - 2014-04-21 17:17 - 02060288 _____ (Farbar) C:\Users\Mama\Desktop\FRST64.exe
2014-04-21 17:16 - 2014-04-21 17:16 - 00000470 _____ () C:\Users\Mama\Desktop\defogger_disable.log
2014-04-21 17:16 - 2014-04-21 17:16 - 00000000 _____ () C:\Users\Mama\defogger_reenable
2014-04-21 17:16 - 2011-05-16 13:24 - 00000000 ____D () C:\Users\Mama
2014-04-21 17:15 - 2014-04-21 17:15 - 00050477 _____ () C:\Users\Mama\Desktop\Defogger.exe
2014-04-21 16:59 - 2013-04-06 10:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-21 15:32 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-21 15:32 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 15:05 - 2010-11-06 05:49 - 01720585 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 14:53 - 2012-05-10 09:51 - 00181637 _____ () C:\Windows\setupact.log
2014-04-21 14:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-18 13:57 - 2010-11-06 22:19 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-04-18 13:57 - 2010-11-06 22:19 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-04-18 13:57 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 08:08 - 2011-05-16 15:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-15 14:01 - 2011-05-16 14:38 - 00068328 _____ () C:\Users\Mama\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-15 13:59 - 2009-07-14 06:45 - 00311184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-15 12:31 - 2014-04-15 12:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-15 12:31 - 2011-05-16 13:25 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-15 12:31 - 2011-05-16 13:25 - 00000000 ____D () C:\ProgramData\Skype
2014-04-15 12:29 - 2011-05-16 15:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-04-15 07:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-04-15 07:49 - 2014-04-15 07:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-15 07:49 - 2014-04-15 07:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-10 12:09 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-10 07:57 - 2013-08-15 07:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 07:56 - 2011-05-22 17:56 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 06:42 - 2013-03-15 16:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-06 16:02 - 2014-04-06 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-31 09:35 - 2011-05-16 14:24 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-25 14:31 - 2013-10-17 16:47 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-03-25 14:31 - 2013-06-08 21:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
Files to move or delete:
====================
C:\Users\Mama\installer_driver_logitech_lx7_cordless_optical_2_60_Deutsch.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-22 19:15
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-04-2014
Ran by Mama at 2014-04-21 17:20:59
Running from C:\Users\Mama\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
„Messenger“ pagalbinė priemonė (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AOL Deinstallation (HKLM-x32\...\AOL Deinstallation) (Version: - )
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.12.2.0 - Ask.com) <==== ATTENTION
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.5.0621 - Atheros)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
BatteryLifeExtender (HKLM-x32\...\{74A579FB-EB06-497D-B194-01590D6FE51A}) (Version: 1.0.5 - Samsung)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.44 - Broadcom Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG4200 series Benutzerregistrierung (HKLM-x32\...\Canon MG4200 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
Canon MG4200 series On-screen Manual (HKLM-x32\...\Canon MG4200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MP520 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series) (Version: - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.06 - Piriform)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 2.0.3911 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Doplnok programu Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0.0.13 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{F9557866-B4C8-4CE5-8508-0E386BDC20B2}) (Version: 4.3.3 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.11 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM-x32\...\{C4582EED-A3FB-4358-8F3F-8C994460DF28}) (Version: 1.0.3 - Samsung)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-x64 7.0.7.0_WHQL (HKLM\...\Elantech) (Version: 7.0.7.0 - ELAN Microelectronics Corp.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Logitech SetPoint 6.22 (HKLM\...\sp6) (Version: 6.22.24 - Logitech)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Assistent (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger kísérő (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Pratilac (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Suradnik (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 사이트 공유 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 浏览器插件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger-kumppani (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pomocnik Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.0.2 - Samsung)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spremljevalec Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.193 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.193 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.193 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Компаньон Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Помощник на Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
25-03-2014 06:48:32 Windows Update
02-04-2014 04:47:28 Windows Update
10-04-2014 04:43:39 Windows Update
10-04-2014 05:56:02 Windows Update
15-04-2014 05:28:13 Windows Update
15-04-2014 05:48:50 Windows Update
15-04-2014 10:27:37 Windows Update
16-04-2014 06:04:06 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0DF61724-7884-4CA2-8764-49D056BAA9A3} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {3B48B969-F78E-4F7A-BDBB-A28AFB4F047E} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {74626A38-2425-4A33-B5F2-8BDF286A2456} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-06-01] (Samsung Electronics. Co. Ltd.)
Task: {85EE2CF0-591E-4A8D-BB90-87BB2538239E} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {87A33AEF-CE9C-4FC0-9D76-D0C353EE36D8} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: {96909D6D-592C-494B-A1EA-E2B2CACC686E} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {BC8C7339-D9A7-4DD6-9648-745C43D52232} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-05-06] (Samsung Electronics)
Task: {BCBDA5EF-4868-465B-B44A-53BD245BF385} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {BF91EC49-523D-4CA3-8DCA-95A8D859390E} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)
Task: {D18A08E9-8299-47EE-A6BD-DF6F67EF7909} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2013-12-11] (TuneUp Software)
Task: {EFE6B142-B33E-45A2-81D5-4E2BEA39187F} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2011-05-17] () <==== ATTENTION
Task: {F4C7DBAB-FD39-45A3-A468-DE0FD6F7A965} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.)
==================== Loaded Modules (whitelisted) =============
2010-11-06 05:52 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2014-04-06 16:01 - 2014-04-06 16:02 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2004-01-09 22:02 - 2004-01-09 22:02 - 00045056 _____ () C:\Program Files (x86)\AOL 9.0 VR\zlib.dll
2002-04-22 23:08 - 2002-04-22 23:08 - 00053248 _____ () C:\Program Files (x86)\AOL 9.0 VR\xmlparse.dll
2002-04-22 23:08 - 2002-04-22 23:08 - 00081920 _____ () C:\Program Files (x86)\AOL 9.0 VR\xmltok.dll
2013-12-07 18:54 - 2013-12-07 18:54 - 16237448 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: HW_OPENEYE_OUC_Mobile Partner => "C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe"
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
==================== Faulty Device Manager Devices =============
Name: WebCam SCB-0350M
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/11/2014 06:44:25 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CNQMUPDT.EXE, Version: 2.0.0.0, Zeitstempel: 0x4f7a7000
Name des fehlerhaften Moduls: CNMDWLD.DLL, Version: 1.0.0.0, Zeitstempel: 0x4f5eedc8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000023c6
ID des fehlerhaften Prozesses: 0x7e0
Startzeit der fehlerhaften Anwendung: 0xCNQMUPDT.EXE0
Pfad der fehlerhaften Anwendung: CNQMUPDT.EXE1
Pfad des fehlerhaften Moduls: CNQMUPDT.EXE2
Berichtskennung: CNQMUPDT.EXE3
Error: (03/08/2014 08:32:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: waol.exe, Version: 9.5.0.1, Zeitstempel: 0x4655457d
Name des fehlerhaften Moduls: tai2.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4610f6c1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x700028e4
ID des fehlerhaften Prozesses: 0xfa4
Startzeit der fehlerhaften Anwendung: 0xwaol.exe0
Pfad der fehlerhaften Anwendung: waol.exe1
Pfad des fehlerhaften Moduls: waol.exe2
Berichtskennung: waol.exe3
Error: (03/05/2014 03:37:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: waol.exe, Version: 9.5.0.1, Zeitstempel: 0x4655457d
Name des fehlerhaften Moduls: tai2.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4610f6c1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x700028e4
ID des fehlerhaften Prozesses: 0xa5c
Startzeit der fehlerhaften Anwendung: 0xwaol.exe0
Pfad der fehlerhaften Anwendung: waol.exe1
Pfad des fehlerhaften Moduls: waol.exe2
Berichtskennung: waol.exe3
Error: (03/04/2014 02:38:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 27.0.1.5156, Zeitstempel: 0x52fc0faa
Name des fehlerhaften Moduls: xul.dll, Version: 27.0.1.5156, Zeitstempel: 0x52fc0f79
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001560c7
ID des fehlerhaften Prozesses: 0x5f8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (09/23/2013 00:59:17 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: waol.exe, Version: 9.5.0.1, Zeitstempel: 0x4655457d
Name des fehlerhaften Moduls: tai2.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4610f6c1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0c2728e4
ID des fehlerhaften Prozesses: 0x111c
Startzeit der fehlerhaften Anwendung: 0xwaol.exe0
Pfad der fehlerhaften Anwendung: waol.exe1
Pfad des fehlerhaften Moduls: waol.exe2
Berichtskennung: waol.exe3
Error: (08/08/2013 11:02:56 AM) (Source: Application Hang) (User: )
Description: Programm waol.exe, Version 9.5.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c48
Startzeit: 01ce94143e766e1c
Endzeit: 31
Anwendungspfad: C:\Program Files (x86)\AOL 9.0 VR\waol.exe
Berichts-ID: 4163d525-0009-11e3-9b0c-b060a43aa11f
Error: (08/01/2013 04:35:21 PM) (Source: Application Hang) (User: )
Description: Programm waol.exe, Version 9.5.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 17a4
Startzeit: 01ce8ec41ae55c60
Endzeit: 32
Anwendungspfad: C:\Program Files (x86)\AOL 9.0 VR\waol.exe
Berichts-ID: 8d432a69-fab7-11e2-9dfd-bf0386a8611e
Error: (08/01/2013 04:33:32 PM) (Source: Application Hang) (User: )
Description: Programm waol.exe, Version 9.5.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b74
Startzeit: 01ce8ec0c71102de
Endzeit: 32
Anwendungspfad: C:\Program Files (x86)\AOL 9.0 VR\waol.exe
Berichts-ID: 489acc8b-fab7-11e2-9dfd-bf0386a8611e
Error: (07/05/2013 07:30:15 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TuneUpSystemStatusCheck.exe, Version: 12.0.3600.77, Zeitstempel: 0x4fc4dcd3
Name des fehlerhaften Moduls: msi.dll, Version: 5.0.7600.16992, Zeitstempel: 0x4f8024c1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0009726e
ID des fehlerhaften Prozesses: 0x1a6c
Startzeit der fehlerhaften Anwendung: 0xTuneUpSystemStatusCheck.exe0
Pfad der fehlerhaften Anwendung: TuneUpSystemStatusCheck.exe1
Pfad des fehlerhaften Moduls: TuneUpSystemStatusCheck.exe2
Berichtskennung: TuneUpSystemStatusCheck.exe3
System errors:
=============
Error: (04/19/2014 05:02:19 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 19.04.2014 um 17:00:59 unerwartet heruntergefahren.
Error: (04/17/2014 08:40:23 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (04/17/2014 07:07:01 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (04/16/2014 07:14:13 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (04/15/2014 11:56:56 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "NIKLAS-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{85B09D50-0417-4B5A-890D-332E8B1BD9BB}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (04/09/2014 03:27:32 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (04/09/2014 06:50:44 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (04/04/2014 10:36:30 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (04/03/2014 00:23:04 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (03/26/2014 07:54:27 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-02-21 14:21:50.380
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-21 14:21:50.380
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-21 14:21:50.380
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-21 14:21:50.330
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-21 14:21:50.330
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-21 14:21:50.330
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-29 19:26:25.221
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-29 19:26:25.221
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-29 19:25:22.400
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-29 19:25:22.400
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 46%
Total physical RAM: 3892.55 MB
Available physical RAM: 2070.06 MB
Total Pagefile: 7783.24 MB
Available Pagefile: 5520.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:112 GB) (Free:69.51 GB) NTFS
Drive d: () (Fixed) (Total:165.99 GB) (Free:153.96 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: E3DC05D6)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=166 GB) - (Type=OF Extended)
==================== End Of Log ============================
Gmer.txt: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-21 17:50:57
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Mama\AppData\Local\Temp\awldapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000778d1465 2 bytes [8D, 77]
.text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778d14bb 2 bytes [8D, 77]
.text ... * 2
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 373 0000000077721185 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077721195 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 395 000000007772131b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000777213cf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007772187e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 727 0000000077721ad7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077721bac 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077721d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 721 0000000077721e91 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077721ebf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 0000000077721f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077721f95 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077721fa7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 572 00000000777221ec 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 693 0000000077722265 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 49 00000000777224c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 563 00000000777226c3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 318 000000007772280e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077722863 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077722970 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 239 0000000077722a6f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077722af7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 371 0000000077722bf3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077722c10 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077722c32 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077722c8f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077722cf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 328 0000000077723018 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 823 0000000077723207 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000777236f0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000777237a1 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077723815 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text ... * 3
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077723956 8 bytes [D0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077723994 8 bytes [C0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 653 0000000077723c2d 16 bytes [B0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007776f780 8 bytes {JMP QWORD [RIP-0x4bf0e]}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007776f900 8 bytes {JMP QWORD [RIP-0x4bfb0]}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007776f930 8 bytes {JMP QWORD [RIP-0x4c195]}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007776fa50 8 bytes {JMP QWORD [RIP-0x4c203]}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007776fb00 8 bytes {JMP QWORD [RIP-0x4c2f1]}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077770130 8 bytes {JMP QWORD [RIP-0x4c501]}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077770380 8 bytes {JMP QWORD [RIP-0x4c759]}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077770be0 8 bytes {JMP QWORD [RIP-0x4d252]}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007402146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000740216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074021a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074021a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074021a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074021a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000778d1465 2 bytes [8D, 77]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778d14bb 2 bytes [8D, 77]
.text ... * 2
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 373 0000000077721185 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077721195 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 395 000000007772131b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000777213cf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007772187e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 727 0000000077721ad7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077721bac 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077721d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 721 0000000077721e91 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077721ebf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 0000000077721f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077721f95 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077721fa7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 572 00000000777221ec 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 693 0000000077722265 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 49 00000000777224c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 563 00000000777226c3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 318 000000007772280e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077722863 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077722970 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 239 0000000077722a6f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077722af7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 371 0000000077722bf3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077722c10 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077722c32 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077722c8f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077722cf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 328 0000000077723018 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 823 0000000077723207 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000777236f0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000777237a1 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077723815 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text ... * 3
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077723956 8 bytes [D0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077723994 8 bytes [C0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 653 0000000077723c2d 16 bytes [B0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007776f780 8 bytes {JMP QWORD [RIP-0x4bf0e]}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007776f900 8 bytes {JMP QWORD [RIP-0x4bfb0]}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007776f930 8 bytes {JMP QWORD [RIP-0x4c195]}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007776fa50 8 bytes {JMP QWORD [RIP-0x4c203]}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007776fb00 8 bytes {JMP QWORD [RIP-0x4c2f1]}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077770130 8 bytes {JMP QWORD [RIP-0x4c501]}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077770380 8 bytes {JMP QWORD [RIP-0x4c759]}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077770be0 8 bytes {JMP QWORD [RIP-0x4d252]}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007402146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000740216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074021a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074021a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074021a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074021a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 373 0000000077721185 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077721195 8 bytes {JMP 0xd}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 395 000000007772131b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000777213cf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007772187e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 727 0000000077721ad7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077721bac 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077721d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 721 0000000077721e91 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077721ebf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 0000000077721f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077721f95 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077721fa7 8 bytes {JMP 0xb}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 572 00000000777221ec 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 693 0000000077722265 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 49 00000000777224c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 563 00000000777226c3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 318 000000007772280e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077722863 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077722970 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 239 0000000077722a6f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077722af7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 371 0000000077722bf3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077722c10 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077722c32 8 bytes {JMP 0x10}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077722c8f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077722cf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 328 0000000077723018 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 823 0000000077723207 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000777236f0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000777237a1 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077723815 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text ... * 3
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077723956 8 bytes [D0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077723994 8 bytes [C0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 653 0000000077723c2d 16 bytes [B0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007776f780 8 bytes {JMP QWORD [RIP-0x4bf0e]}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007776f900 8 bytes {JMP QWORD [RIP-0x4bfb0]}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007776f930 8 bytes {JMP QWORD [RIP-0x4c195]}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007776fa50 8 bytes {JMP QWORD [RIP-0x4c203]}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007776fb00 8 bytes {JMP QWORD [RIP-0x4c2f1]}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077770130 8 bytes {JMP QWORD [RIP-0x4c501]}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077770380 8 bytes {JMP QWORD [RIP-0x4c759]}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077770be0 8 bytes {JMP QWORD [RIP-0x4d252]}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007402146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000740216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074021a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074021a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074021a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074021a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
21.04.2014, 19:14
| #2 |
| /// the machine /// TB-Ausbilder    | AOL verschickt selbstständig weitergeleitete E-Mail hi,
__________________Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Scan mit Combofix
__________________ |
|
22.04.2014, 18:36
| #3 |
| | AOL verschickt selbstständig weitergeleitete E-Mail Hier ist die Logdatei.
__________________Combofix.txt: Code:
ATTFilter ComboFix 14-04-20.01 - Mama 22.04.2014 19:18:25.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3893.2729 [GMT 2:00]
ausgeführt von:: c:\users\Mama\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mama\installer_driver_logitech_lx7_cordless_optical_2_60_Deutsch.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-03-22 bis 2014-04-22 ))))))))))))))))))))))))))))))
.
.
2014-04-22 17:24 . 2014-04-22 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-22 17:11 . 2014-04-22 17:11 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E259DDF0-77DE-4154-B8BA-168EABE1FC98}\offreg.dll
2014-04-22 17:10 . 2014-04-22 17:10 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-04-22 05:21 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E259DDF0-77DE-4154-B8BA-168EABE1FC98}\mpengine.dll
2014-04-21 15:19 . 2014-04-21 15:23 -------- d-----w- C:\FRST
2014-04-15 10:31 . 2014-04-15 10:31 -------- d-----r- c:\program files (x86)\Skype
2014-04-15 10:31 . 2014-04-15 10:31 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-04-15 05:50 . 2014-04-15 05:50 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2014-04-15 05:50 . 2014-04-15 05:50 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-04-15 05:49 . 2014-04-15 05:49 -------- d-----w- c:\program files\Microsoft Silverlight
2014-04-15 05:49 . 2014-04-15 05:49 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-10 05:56 . 2011-05-22 15:56 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2011-05-16 12:24 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-25 12:31 . 2013-10-17 14:47 625248 ----a-w- c:\windows\system32\drivers\klif.sys
2014-03-25 12:31 . 2013-06-08 19:18 115296 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-02-18 13:29 . 2013-10-17 14:47 29280 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2014-02-13 11:07 . 2012-05-04 09:11 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-13 11:07 . 2011-06-27 18:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-29 18:56 . 2013-06-06 16:38 178272 ----a-w- c:\windows\system32\drivers\kneps.sys
2014-01-29 18:56 . 2013-10-17 14:47 458336 ----a-w- c:\windows\system32\drivers\kl1.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files (x86)\Common Files\AOL\1305555921\ee\AOLSoftware.exe" [2006-09-26 50736]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbmdm.sys [x]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbnmea.sys [x]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbser.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 413720]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
IE: &AOL Toolbar-Suche - c:\program files (x86)\aol\aol toolbar 4.0\resources\de-DE\local\search.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\eujbdgjb.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-22 19:28:14
ComboFix-quarantined-files.txt 2014-04-22 17:28
.
Vor Suchlauf: 8 Verzeichnis(se), 75.776.561.152 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 75.594.129.408 Bytes frei
.
- - End Of File - - DF92D928B13F158130A6715A3799884C
|
|
23.04.2014, 08:48
| #4 |
| /// the machine /// TB-Ausbilder | AOL verschickt selbstständig weitergeleitete E-Mail Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.04.2014, 17:13
| #5 |
| | AOL verschickt selbstständig weitergeleitete E-Mail Hi, hier sind die vier Logdateien: mbam.txt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 23.04.2014 Suchlauf-Zeit: 17:20:39 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.23.06 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 CPU: x64 Dateisystem: NTFS Benutzer: Mama Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 283959 Verstrichene Zeit: 25 Min, 24 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) AdwCleaner[S0].txt: Code:
ATTFilter # AdwCleaner v3.201 - Bericht erstellt am 23/04/2014 um 17:29:17
# Aktualisiert 22/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzername : Mama - PCMAMA
# Gestartet von : C:\Users\Mama\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Program Files (x86)\Viewpoint
Ordner Gelöscht : C:\Users\Mama\AppData\LocalLow\AskToolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Schlüssel Gelöscht : HKLM\Software\MetaStream
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7600.17267
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\eujbdgjb.default\prefs.js ]
Zeile gelöscht : user_pref("plugin.blocklisted.npviewpoint", true);
*************************
AdwCleaner[R0].txt - [2944 octets] - [23/04/2014 17:25:44]
AdwCleaner[S0].txt - [2749 octets] - [23/04/2014 17:29:17]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2809 octets] ##########
JRT.txt: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mama on 23.04.2014 at 17:34:17,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\eujbdgjb.default\minidumps [13 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.04.2014 at 17:42:44,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Mama (administrator) on PCMAMA on 23-04-2014 17:56:01
Running from C:\Users\Mama\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(America Online, Inc.) C:\Program Files (x86)\Common Files\aol\1305555921\ee\aolsoftware.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1305555921\ee\AOLSoftware.exe [50736 2006-09-26] (America Online, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {56DDBA8C-0531-4AA0-8543-EF60A1FAF78A} URL = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
SearchScopes: HKCU - {56DDBA8C-0531-4AA0-8543-EF60A1FAF78A} URL = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-3838763673-1115839168-2840729140-1000\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-29]
==================== Services (Whitelisted) =================
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-29] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-29] (Kaspersky Lab ZAO)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-02-19] (Windows (R) 2003 DDK 3790 provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-11-08] (TuneUp Software)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-23 17:55 - 2014-04-23 17:55 - 00000000 ____D () C:\Users\Mama\Desktop\FRST-OlderVersion
2014-04-23 17:42 - 2014-04-23 17:42 - 00000755 _____ () C:\Users\Mama\Desktop\JRT.txt
2014-04-23 17:34 - 2014-04-23 17:34 - 00000000 ____D () C:\Windows\ERUNT
2014-04-23 17:32 - 2014-04-23 17:32 - 00002889 _____ () C:\Users\Mama\Desktop\AdwCleaner[S0].txt
2014-04-23 17:25 - 2014-04-23 17:29 - 00000000 ____D () C:\AdwCleaner
2014-04-23 17:22 - 2014-04-23 17:22 - 00001133 _____ () C:\Users\Mama\Desktop\mbam.txt
2014-04-23 16:52 - 2014-04-23 16:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-23 16:52 - 2014-04-23 16:52 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-23 16:52 - 2014-04-23 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-23 16:52 - 2014-04-23 16:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-23 16:52 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-23 16:52 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-23 16:52 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-23 16:50 - 2014-04-23 16:50 - 01345299 _____ () C:\Users\Mama\Desktop\adwcleaner.exe
2014-04-23 16:50 - 2014-04-23 16:50 - 01016261 _____ (Thisisu) C:\Users\Mama\Desktop\JRT.exe
2014-04-23 16:49 - 2014-04-23 16:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mama\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-22 19:28 - 2014-04-22 19:28 - 00014043 _____ () C:\ComboFix.txt
2014-04-22 19:17 - 2014-04-22 19:28 - 00000000 ____D () C:\Qoobox
2014-04-22 19:17 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-22 19:17 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-22 19:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-22 19:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-22 19:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-22 19:17 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-22 19:17 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-22 19:17 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-22 19:16 - 2014-04-22 19:26 - 00000000 ____D () C:\Windows\erdnt
2014-04-22 19:13 - 2014-04-22 19:14 - 05196870 ____R (Swearware) C:\Users\Mama\Desktop\ComboFix.exe
2014-04-22 19:10 - 2014-04-22 19:10 - 00001228 _____ () C:\Users\Mama\Desktop\Revo Uninstaller.lnk
2014-04-22 19:10 - 2014-04-22 19:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-22 19:07 - 2014-04-22 19:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mama\Desktop\revosetup95.exe
2014-04-21 17:50 - 2014-04-21 17:50 - 00037759 _____ () C:\Users\Mama\Desktop\Gmer.txt
2014-04-21 17:26 - 2014-04-21 17:26 - 00380416 _____ () C:\Users\Mama\Desktop\Gmer-19357.exe
2014-04-21 17:20 - 2014-04-21 17:23 - 00035765 _____ () C:\Users\Mama\Desktop\Addition.txt
2014-04-21 17:19 - 2014-04-23 17:56 - 00013372 _____ () C:\Users\Mama\Desktop\FRST.txt
2014-04-21 17:19 - 2014-04-23 17:56 - 00000000 ____D () C:\FRST
2014-04-21 17:17 - 2014-04-23 17:55 - 02061312 _____ (Farbar) C:\Users\Mama\Desktop\FRST64.exe
2014-04-21 17:16 - 2014-04-21 17:16 - 00000470 _____ () C:\Users\Mama\Desktop\defogger_disable.log
2014-04-21 17:16 - 2014-04-21 17:16 - 00000000 _____ () C:\Users\Mama\defogger_reenable
2014-04-21 17:15 - 2014-04-21 17:15 - 00050477 _____ () C:\Users\Mama\Desktop\Defogger.exe
2014-04-15 12:31 - 2014-04-15 12:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-04-15 07:49 - 2014-04-15 07:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-15 07:49 - 2014-04-15 07:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-06 16:01 - 2014-04-06 16:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-04-23 17:56 - 2014-04-21 17:19 - 00013372 _____ () C:\Users\Mama\Desktop\FRST.txt
2014-04-23 17:56 - 2014-04-21 17:19 - 00000000 ____D () C:\FRST
2014-04-23 17:55 - 2014-04-23 17:55 - 00000000 ____D () C:\Users\Mama\Desktop\FRST-OlderVersion
2014-04-23 17:55 - 2014-04-21 17:17 - 02061312 _____ (Farbar) C:\Users\Mama\Desktop\FRST64.exe
2014-04-23 17:55 - 2014-01-30 15:52 - 00000000 ____D () C:\Users\Mama\AppData\Roaming\NetSpeedMonitor
2014-04-23 17:51 - 2013-04-06 10:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-23 17:42 - 2014-04-23 17:42 - 00000755 _____ () C:\Users\Mama\Desktop\JRT.txt
2014-04-23 17:37 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-23 17:37 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-23 17:34 - 2014-04-23 17:34 - 00000000 ____D () C:\Windows\ERUNT
2014-04-23 17:32 - 2014-04-23 17:32 - 00002889 _____ () C:\Users\Mama\Desktop\AdwCleaner[S0].txt
2014-04-23 17:30 - 2012-05-10 09:51 - 00182253 _____ () C:\Windows\setupact.log
2014-04-23 17:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-23 17:29 - 2014-04-23 17:25 - 00000000 ____D () C:\AdwCleaner
2014-04-23 17:29 - 2010-11-06 05:49 - 01804707 _____ () C:\Windows\WindowsUpdate.log
2014-04-23 17:22 - 2014-04-23 17:22 - 00001133 _____ () C:\Users\Mama\Desktop\mbam.txt
2014-04-23 16:55 - 2014-04-23 16:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-23 16:52 - 2014-04-23 16:52 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-23 16:52 - 2014-04-23 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-23 16:52 - 2014-04-23 16:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-23 16:50 - 2014-04-23 16:50 - 01345299 _____ () C:\Users\Mama\Desktop\adwcleaner.exe
2014-04-23 16:50 - 2014-04-23 16:50 - 01016261 _____ (Thisisu) C:\Users\Mama\Desktop\JRT.exe
2014-04-23 16:50 - 2014-04-23 16:49 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mama\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-23 08:39 - 2012-03-07 18:27 - 00005140 _____ () C:\Windows\PFRO.log
2014-04-22 19:28 - 2014-04-22 19:28 - 00014043 _____ () C:\ComboFix.txt
2014-04-22 19:28 - 2014-04-22 19:17 - 00000000 ____D () C:\Qoobox
2014-04-22 19:26 - 2014-04-22 19:16 - 00000000 ____D () C:\Windows\erdnt
2014-04-22 19:25 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-22 19:24 - 2011-05-16 13:24 - 00000000 ____D () C:\Users\Mama
2014-04-22 19:14 - 2014-04-22 19:13 - 05196870 ____R (Swearware) C:\Users\Mama\Desktop\ComboFix.exe
2014-04-22 19:10 - 2014-04-22 19:10 - 00001228 _____ () C:\Users\Mama\Desktop\Revo Uninstaller.lnk
2014-04-22 19:10 - 2014-04-22 19:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-22 19:08 - 2014-04-22 19:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mama\Desktop\revosetup95.exe
2014-04-21 17:50 - 2014-04-21 17:50 - 00037759 _____ () C:\Users\Mama\Desktop\Gmer.txt
2014-04-21 17:26 - 2014-04-21 17:26 - 00380416 _____ () C:\Users\Mama\Desktop\Gmer-19357.exe
2014-04-21 17:23 - 2014-04-21 17:20 - 00035765 _____ () C:\Users\Mama\Desktop\Addition.txt
2014-04-21 17:16 - 2014-04-21 17:16 - 00000470 _____ () C:\Users\Mama\Desktop\defogger_disable.log
2014-04-21 17:16 - 2014-04-21 17:16 - 00000000 _____ () C:\Users\Mama\defogger_reenable
2014-04-21 17:15 - 2014-04-21 17:15 - 00050477 _____ () C:\Users\Mama\Desktop\Defogger.exe
2014-04-18 13:57 - 2010-11-06 22:19 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-04-18 13:57 - 2010-11-06 22:19 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-04-18 13:57 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 08:08 - 2011-05-16 15:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-15 14:01 - 2011-05-16 14:38 - 00068328 _____ () C:\Users\Mama\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-15 13:59 - 2009-07-14 06:45 - 00311184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-15 12:31 - 2014-04-15 12:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-15 12:31 - 2011-05-16 13:25 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-15 12:31 - 2011-05-16 13:25 - 00000000 ____D () C:\ProgramData\Skype
2014-04-15 12:29 - 2011-05-16 15:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-04-15 07:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-04-15 07:49 - 2014-04-15 07:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-15 07:49 - 2014-04-15 07:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-10 12:09 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-10 07:57 - 2013-08-15 07:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 07:56 - 2011-05-22 17:56 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 06:42 - 2013-03-15 16:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-06 16:02 - 2014-04-06 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-03 09:51 - 2014-04-23 16:52 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-23 16:52 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-23 16:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2011-05-16 14:24 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-25 14:31 - 2013-10-17 16:47 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-03-25 14:31 - 2013-06-08 21:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
Some content of TEMP:
====================
C:\Users\Mama\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-21 18:17
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- |
|
24.04.2014, 11:15
| #6 |
| /// the machine /// TB-Ausbilder | AOL verschickt selbstständig weitergeleitete E-MailESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> AOL verschickt selbstständig weitergeleitete E-Mail |
|
24.04.2014, 18:53
| #7 |
| | AOL verschickt selbstständig weitergeleitete E-Mail Hi, bisher hat wohl noch keiner weitere E-Mails von mir erhalten. Hatte zur gleichen Zeit, zu der weitergeleitete E-Mails verschickt wurden, auch weitergeleitete E-Mails erhalten, bekomme diese aber momentan auch nicht mehr. Aber wie kann ich denn jetzt sicher sein, dass das in den nächsten Tagen nicht nochmal passiert? Und wie sicher ist mein Computer jetzt(Online-Banking)? Hier einmal die Logdateien: eset.txt: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5c20e1e6e4794c429d98e09ef154c330
# engine=18012
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-24 12:05:31
# local_time=2014-04-24 02:05:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 73473 149970981 0 0
# scanned=161924
# found=0
# cleaned=0
# scan_time=3756
checkup.txt: Code:
ATTFilter Results of screen317's Security Check version 0.99.82
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2012
TuneUp Utilities Language Pack (de-DE)
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 11.9.900.152 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by Mama (administrator) on PCMAMA on 24-04-2014 19:20:56
Running from C:\Users\Mama\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(America Online, Inc.) C:\Program Files (x86)\Common Files\aol\1305555921\ee\aolsoftware.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1305555921\ee\AOLSoftware.exe [50736 2006-09-26] (America Online, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {56DDBA8C-0531-4AA0-8543-EF60A1FAF78A} URL = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
SearchScopes: HKCU - {56DDBA8C-0531-4AA0-8543-EF60A1FAF78A} URL = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-3838763673-1115839168-2840729140-1000\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-29]
==================== Services (Whitelisted) =================
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-29] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-29] (Kaspersky Lab ZAO)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-02-19] (Windows (R) 2003 DDK 3790 provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-11-08] (TuneUp Software)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-24 19:20 - 2014-04-24 19:20 - 00013372 _____ () C:\Users\Mama\Desktop\FRST.txt
2014-04-24 14:19 - 2014-04-24 14:19 - 00001000 _____ () C:\Users\Mama\Desktop\checkup.txt
2014-04-24 12:54 - 2014-04-24 12:54 - 00855379 _____ () C:\Users\Mama\Desktop\SecurityCheck.exe
2014-04-24 12:53 - 2014-04-24 12:53 - 02347384 _____ (ESET) C:\Users\Mama\Desktop\esetsmartinstaller_enu.exe
2014-04-23 17:55 - 2014-04-24 19:20 - 00000000 ____D () C:\Users\Mama\Desktop\FRST-OlderVersion
2014-04-23 17:42 - 2014-04-23 17:42 - 00000755 _____ () C:\Users\Mama\Desktop\JRT.txt
2014-04-23 17:34 - 2014-04-23 17:34 - 00000000 ____D () C:\Windows\ERUNT
2014-04-23 17:32 - 2014-04-23 17:32 - 00002889 _____ () C:\Users\Mama\Desktop\AdwCleaner[S0].txt
2014-04-23 17:25 - 2014-04-23 17:29 - 00000000 ____D () C:\AdwCleaner
2014-04-23 17:22 - 2014-04-23 17:22 - 00001133 _____ () C:\Users\Mama\Desktop\mbam.txt
2014-04-23 16:52 - 2014-04-23 16:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-23 16:52 - 2014-04-23 16:52 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-23 16:52 - 2014-04-23 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-04-23 16:52 - 2014-04-23 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-23 16:52 - 2014-04-23 16:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-23 16:52 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-23 16:52 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-23 16:52 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-23 16:50 - 2014-04-23 16:50 - 01345299 _____ () C:\Users\Mama\Desktop\adwcleaner.exe
2014-04-23 16:50 - 2014-04-23 16:50 - 01016261 _____ (Thisisu) C:\Users\Mama\Desktop\JRT.exe
2014-04-23 16:49 - 2014-04-23 16:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mama\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-22 19:28 - 2014-04-22 19:28 - 00014043 _____ () C:\ComboFix.txt
2014-04-22 19:17 - 2014-04-22 19:28 - 00000000 ____D () C:\Qoobox
2014-04-22 19:17 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-22 19:17 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-22 19:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-22 19:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-22 19:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-22 19:17 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-22 19:17 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-22 19:17 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-22 19:16 - 2014-04-22 19:26 - 00000000 ____D () C:\Windows\erdnt
2014-04-22 19:13 - 2014-04-22 19:14 - 05196870 ____R (Swearware) C:\Users\Mama\Desktop\ComboFix.exe
2014-04-22 19:10 - 2014-04-22 19:10 - 00001228 _____ () C:\Users\Mama\Desktop\Revo Uninstaller.lnk
2014-04-22 19:10 - 2014-04-22 19:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-22 19:07 - 2014-04-22 19:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mama\Desktop\revosetup95.exe
2014-04-21 17:50 - 2014-04-21 17:50 - 00037759 _____ () C:\Users\Mama\Desktop\Gmer.txt
2014-04-21 17:26 - 2014-04-21 17:26 - 00380416 _____ () C:\Users\Mama\Desktop\Gmer-19357.exe
2014-04-21 17:20 - 2014-04-21 17:23 - 00035765 _____ () C:\Users\Mama\Desktop\Addition.txt
2014-04-21 17:19 - 2014-04-24 19:20 - 00000000 ____D () C:\FRST
2014-04-21 17:19 - 2014-04-23 17:57 - 00025222 _____ () C:\Users\Mama\Desktop\FRST_alt.txt
2014-04-21 17:17 - 2014-04-24 19:20 - 02061824 _____ (Farbar) C:\Users\Mama\Desktop\FRST64.exe
2014-04-21 17:16 - 2014-04-21 17:16 - 00000470 _____ () C:\Users\Mama\Desktop\defogger_disable.log
2014-04-21 17:16 - 2014-04-21 17:16 - 00000000 _____ () C:\Users\Mama\defogger_reenable
2014-04-21 17:15 - 2014-04-21 17:15 - 00050477 _____ () C:\Users\Mama\Desktop\Defogger.exe
2014-04-15 12:31 - 2014-04-15 12:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-15 12:31 - 2014-04-15 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-04-15 07:49 - 2014-04-15 07:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-15 07:49 - 2014-04-15 07:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-06 16:01 - 2014-04-06 16:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-04-24 19:21 - 2014-04-24 19:20 - 00013372 _____ () C:\Users\Mama\Desktop\FRST.txt
2014-04-24 19:21 - 2014-01-30 15:52 - 00000000 ____D () C:\Users\Mama\AppData\Roaming\NetSpeedMonitor
2014-04-24 19:20 - 2014-04-23 17:55 - 00000000 ____D () C:\Users\Mama\Desktop\FRST-OlderVersion
2014-04-24 19:20 - 2014-04-21 17:19 - 00000000 ____D () C:\FRST
2014-04-24 19:20 - 2014-04-21 17:17 - 02061824 _____ (Farbar) C:\Users\Mama\Desktop\FRST64.exe
2014-04-24 19:19 - 2013-04-06 10:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-24 19:17 - 2012-05-10 09:51 - 00182589 _____ () C:\Windows\setupact.log
2014-04-24 19:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-24 16:19 - 2010-11-06 05:49 - 01843243 _____ () C:\Windows\WindowsUpdate.log
2014-04-24 16:18 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-24 16:18 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-24 16:10 - 2012-03-07 18:27 - 00005974 _____ () C:\Windows\PFRO.log
2014-04-24 14:19 - 2014-04-24 14:19 - 00001000 _____ () C:\Users\Mama\Desktop\checkup.txt
2014-04-24 12:54 - 2014-04-24 12:54 - 00855379 _____ () C:\Users\Mama\Desktop\SecurityCheck.exe
2014-04-24 12:53 - 2014-04-24 12:53 - 02347384 _____ (ESET) C:\Users\Mama\Desktop\esetsmartinstaller_enu.exe
2014-04-23 17:57 - 2014-04-21 17:19 - 00025222 _____ () C:\Users\Mama\Desktop\FRST_alt.txt
2014-04-23 17:42 - 2014-04-23 17:42 - 00000755 _____ () C:\Users\Mama\Desktop\JRT.txt
2014-04-23 17:34 - 2014-04-23 17:34 - 00000000 ____D () C:\Windows\ERUNT
2014-04-23 17:32 - 2014-04-23 17:32 - 00002889 _____ () C:\Users\Mama\Desktop\AdwCleaner[S0].txt
2014-04-23 17:29 - 2014-04-23 17:25 - 00000000 ____D () C:\AdwCleaner
2014-04-23 17:22 - 2014-04-23 17:22 - 00001133 _____ () C:\Users\Mama\Desktop\mbam.txt
2014-04-23 16:55 - 2014-04-23 16:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-23 16:52 - 2014-04-23 16:52 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-23 16:52 - 2014-04-23 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-04-23 16:52 - 2014-04-23 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-23 16:52 - 2014-04-23 16:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-23 16:50 - 2014-04-23 16:50 - 01345299 _____ () C:\Users\Mama\Desktop\adwcleaner.exe
2014-04-23 16:50 - 2014-04-23 16:50 - 01016261 _____ (Thisisu) C:\Users\Mama\Desktop\JRT.exe
2014-04-23 16:50 - 2014-04-23 16:49 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mama\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-22 19:28 - 2014-04-22 19:28 - 00014043 _____ () C:\ComboFix.txt
2014-04-22 19:28 - 2014-04-22 19:17 - 00000000 ____D () C:\Qoobox
2014-04-22 19:26 - 2014-04-22 19:16 - 00000000 ____D () C:\Windows\erdnt
2014-04-22 19:25 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-22 19:24 - 2011-05-16 13:24 - 00000000 ____D () C:\Users\Mama
2014-04-22 19:14 - 2014-04-22 19:13 - 05196870 ____R (Swearware) C:\Users\Mama\Desktop\ComboFix.exe
2014-04-22 19:10 - 2014-04-22 19:10 - 00001228 _____ () C:\Users\Mama\Desktop\Revo Uninstaller.lnk
2014-04-22 19:10 - 2014-04-22 19:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-22 19:08 - 2014-04-22 19:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mama\Desktop\revosetup95.exe
2014-04-21 17:50 - 2014-04-21 17:50 - 00037759 _____ () C:\Users\Mama\Desktop\Gmer.txt
2014-04-21 17:26 - 2014-04-21 17:26 - 00380416 _____ () C:\Users\Mama\Desktop\Gmer-19357.exe
2014-04-21 17:23 - 2014-04-21 17:20 - 00035765 _____ () C:\Users\Mama\Desktop\Addition.txt
2014-04-21 17:16 - 2014-04-21 17:16 - 00000470 _____ () C:\Users\Mama\Desktop\defogger_disable.log
2014-04-21 17:16 - 2014-04-21 17:16 - 00000000 _____ () C:\Users\Mama\defogger_reenable
2014-04-21 17:15 - 2014-04-21 17:15 - 00050477 _____ () C:\Users\Mama\Desktop\Defogger.exe
2014-04-18 13:57 - 2010-11-06 22:19 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-04-18 13:57 - 2010-11-06 22:19 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-04-18 13:57 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 08:08 - 2011-05-16 15:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-15 14:01 - 2011-05-16 14:38 - 00068328 _____ () C:\Users\Mama\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-15 13:59 - 2009-07-14 06:45 - 00311184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-15 12:31 - 2014-04-15 12:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-15 12:31 - 2014-04-15 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-15 12:31 - 2011-05-16 13:25 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-15 12:31 - 2011-05-16 13:25 - 00000000 ____D () C:\ProgramData\Skype
2014-04-15 12:29 - 2011-05-16 15:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-04-15 07:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-04-15 07:49 - 2014-04-15 07:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-15 07:49 - 2014-04-15 07:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-10 12:09 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-10 07:57 - 2013-08-15 07:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 07:56 - 2011-05-22 17:56 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 06:42 - 2013-03-15 16:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-06 16:02 - 2014-04-06 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-03 09:51 - 2014-04-23 16:52 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-23 16:52 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-23 16:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2011-05-16 14:24 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-25 14:31 - 2013-10-17 16:47 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-03-25 14:31 - 2013-06-08 21:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
Some content of TEMP:
====================
C:\Users\Mama\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-21 18:17
==================== End Of Log ============================
--- --- --- |
|
25.04.2014, 18:44
| #8 |
| /// the machine /// TB-Ausbilder | AOL verschickt selbstständig weitergeleitete E-Mail Java und Flash updaten. Auf dem Rechner war nur Adware. Passwort zum Account geändert? Ansonsten spricht nix gegen Online Banking. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.04.2014, 17:11
| #9 |
| | AOL verschickt selbstständig weitergeleitete E-Mail Hi, Java und Flash sind jetzt aktualisiert und das Passwort zum E-Mail Account habe ich auch schon geändert. Eine Frage habe ich aber noch: Weiter oben in der in der checkup.txt steht auch, dass das Windows service pack nicht aktuell sei, im Windows Update steht davon aber nichts, wo kann ich denn sehen welches ich installiert habe oder ob überhaupt eines installiert ist? Automatische Updates sind in Windows Update jedenfalls aktiviert. |
|
27.04.2014, 18:04
| #10 |
| /// the machine /// TB-Ausbilder | AOL verschickt selbstständig weitergeleitete E-Mail Rechtsclick auf Computer > Eigenschaften. Dort steht bei Dir win7, sollte aber Win7 Service Pack 1 stehen. Da fehlt das komplette Servicepack.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.04.2014, 18:49
| #11 |
| | AOL verschickt selbstständig weitergeleitete E-Mail Hi, das Service Pack 1 tauchte deswegen im Windows-Update nicht auf, da noch ein alter Intel-HD Treiber installiert war und dieser angeblich Probleme mit bestimmten Anwendungen verursachen kann. Jetzt ist jedenfalls alles erledigt, vielen Dank für deine Hilfe. |
|
29.04.2014, 17:17
| #12 |
| /// the machine /// TB-Ausbilder | AOL verschickt selbstständig weitergeleitete E-Mail Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu AOL verschickt selbstständig weitergeleitete E-Mail |
| administrator, adobe, browser, canon, defender, e-mail, ebanking, error, explorer, fast start, firefox, flash player, helper, home, iexplore.exe, internet, kaspersky, mozilla, mp3, ordner, registry, scan, security, services.exe, software, svchost.exe, system, winlogon.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
