| |
| |||||||
Log-Analyse und Auswertung: AOL verschickt selbstständig weitergeleitete E-MailWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.04.2014, 18:13
| #1 |
| |  AOL verschickt selbstständig weitergeleitete E-Mail Hallo, habe heute erfahren, dass von mir E-Mails an Bekannte verschickt werden obwohl ich keine E-Mails geschrieben und verschickt habe. Kommen als weitergeleitete E-Mails an und auf Englisch. Allerdings ist keine von diesen E-Mails in dem Ordner "Verschickt" enthalten. Auch habe ich heute erfahren, dass sich der Test mit meiner AOL-Adresse auf https://www.sicherheitstest.bsi.de/ positiv war. Ich habe auch den Kaspersky Internet Security laufen lassen, der hatte aber nichts gefunden. Hier sind schonmal die Log-Dateien: FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2014
Ran by Mama (administrator) on PCMAMA on 21-04-2014 17:19:52
Running from C:\Users\Mama\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(America Online, Inc.) C:\Program Files (x86)\Common Files\aol\1305555921\ee\aolsoftware.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AOL, LLC.) C:\Program Files (x86)\AOL 9.0 VR\waol.exe
(AOL, LLC.) C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1305555921\ee\AOLSoftware.exe [50736 2006-09-26] (America Online, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3838763673-1115839168-2840729140-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL 9.0 VR\AOL.EXE [50480 2007-06-21] (AOL, LLC.)
HKU\S-1-5-21-3838763673-1115839168-2840729140-1000\...\MountPoints2: {77cdf816-dc9e-11e1-97cb-9541aa7aac1d} - F:\AutoRun.exe
HKU\S-1-5-21-3838763673-1115839168-2840729140-1000\...\MountPoints2: {77cdf825-dc9e-11e1-97cb-9541aa7aac1d} - F:\AutoRun.exe
HKU\S-1-5-21-3838763673-1115839168-2840729140-1000\...\MountPoints2: {de2fb934-8bc1-11e1-9474-fa926bfa4118} - G:\LaunchU3.exe -a
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\olrsubmission.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\omnipage.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\scannerwizard.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\youcam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
URLSearchHook: HKCU - (No Name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {56DDBA8C-0531-4AA0-8543-EF60A1FAF78A} URL = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
SearchScopes: HKLM-x32 - {56DDBA8C-0531-4AA0-8543-EF60A1FAF78A} URL = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
SearchScopes: HKCU - DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}
SearchScopes: HKCU - {56DDBA8C-0531-4AA0-8543-EF60A1FAF78A} URL = hxxp://deutsch.ircfast.com/de/index.php?rvs=google
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: MP3 Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - MP3 Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\eujbdgjb.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\eujbdgjb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-15]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-29]
==================== Services (Whitelisted) =================
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-29] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-29] (Kaspersky Lab ZAO)
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2011-02-19] (Windows (R) 2003 DDK 3790 provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-11-08] (TuneUp Software)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-21 17:19 - 2014-04-21 17:20 - 00016420 _____ () C:\Users\Mama\Desktop\FRST.txt
2014-04-21 17:19 - 2014-04-21 17:19 - 00000000 ____D () C:\FRST
2014-04-21 17:17 - 2014-04-21 17:18 - 02060288 _____ (Farbar) C:\Users\Mama\Desktop\FRST64.exe
2014-04-21 17:16 - 2014-04-21 17:16 - 00000470 _____ () C:\Users\Mama\Desktop\defogger_disable.log
2014-04-21 17:16 - 2014-04-21 17:16 - 00000000 _____ () C:\Users\Mama\defogger_reenable
2014-04-21 17:15 - 2014-04-21 17:15 - 00050477 _____ () C:\Users\Mama\Desktop\Defogger.exe
2014-04-15 12:31 - 2014-04-15 12:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-04-15 07:49 - 2014-04-15 07:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-15 07:49 - 2014-04-15 07:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-06 16:01 - 2014-04-06 16:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-04-21 17:20 - 2014-04-21 17:19 - 00016420 _____ () C:\Users\Mama\Desktop\FRST.txt
2014-04-21 17:20 - 2014-01-30 15:52 - 00000000 ____D () C:\Users\Mama\AppData\Roaming\NetSpeedMonitor
2014-04-21 17:19 - 2014-04-21 17:19 - 00000000 ____D () C:\FRST
2014-04-21 17:18 - 2014-04-21 17:17 - 02060288 _____ (Farbar) C:\Users\Mama\Desktop\FRST64.exe
2014-04-21 17:16 - 2014-04-21 17:16 - 00000470 _____ () C:\Users\Mama\Desktop\defogger_disable.log
2014-04-21 17:16 - 2014-04-21 17:16 - 00000000 _____ () C:\Users\Mama\defogger_reenable
2014-04-21 17:16 - 2011-05-16 13:24 - 00000000 ____D () C:\Users\Mama
2014-04-21 17:15 - 2014-04-21 17:15 - 00050477 _____ () C:\Users\Mama\Desktop\Defogger.exe
2014-04-21 16:59 - 2013-04-06 10:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-21 15:32 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-21 15:32 - 2009-07-14 06:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 15:05 - 2010-11-06 05:49 - 01720585 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 14:53 - 2012-05-10 09:51 - 00181637 _____ () C:\Windows\setupact.log
2014-04-21 14:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-18 13:57 - 2010-11-06 22:19 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-04-18 13:57 - 2010-11-06 22:19 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-04-18 13:57 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 08:08 - 2011-05-16 15:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-15 14:01 - 2011-05-16 14:38 - 00068328 _____ () C:\Users\Mama\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-15 13:59 - 2009-07-14 06:45 - 00311184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-15 12:31 - 2014-04-15 12:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-15 12:31 - 2011-05-16 13:25 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-15 12:31 - 2011-05-16 13:25 - 00000000 ____D () C:\ProgramData\Skype
2014-04-15 12:29 - 2011-05-16 15:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-04-15 07:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-04-15 07:50 - 2014-04-15 07:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-04-15 07:49 - 2014-04-15 07:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-15 07:49 - 2014-04-15 07:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-10 12:09 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-10 07:57 - 2013-08-15 07:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 07:56 - 2011-05-22 17:56 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 06:42 - 2013-03-15 16:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-06 16:02 - 2014-04-06 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-31 09:35 - 2011-05-16 14:24 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-25 14:31 - 2013-10-17 16:47 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-03-25 14:31 - 2013-06-08 21:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
Files to move or delete:
====================
C:\Users\Mama\installer_driver_logitech_lx7_cordless_optical_2_60_Deutsch.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-22 19:15
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-04-2014
Ran by Mama at 2014-04-21 17:20:59
Running from C:\Users\Mama\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
„Messenger“ pagalbinė priemonė (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AOL Deinstallation (HKLM-x32\...\AOL Deinstallation) (Version: - )
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.12.2.0 - Ask.com) <==== ATTENTION
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.5.0621 - Atheros)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
BatteryLifeExtender (HKLM-x32\...\{74A579FB-EB06-497D-B194-01590D6FE51A}) (Version: 1.0.5 - Samsung)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.44 - Broadcom Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG4200 series Benutzerregistrierung (HKLM-x32\...\Canon MG4200 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
Canon MG4200 series On-screen Manual (HKLM-x32\...\Canon MG4200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MP520 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series) (Version: - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.06 - Piriform)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 2.0.3911 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Doplnok programu Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0.0.13 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{F9557866-B4C8-4CE5-8508-0E386BDC20B2}) (Version: 4.3.3 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.11 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM-x32\...\{C4582EED-A3FB-4358-8F3F-8C994460DF28}) (Version: 1.0.3 - Samsung)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-x64 7.0.7.0_WHQL (HKLM\...\Elantech) (Version: 7.0.7.0 - ELAN Microelectronics Corp.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Logitech SetPoint 6.22 (HKLM\...\sp6) (Version: 6.22.24 - Logitech)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Assistent (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger kísérő (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Pratilac (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Suradnik (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 사이트 공유 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 浏览器插件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger-kumppani (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pomocnik Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.0.2 - Samsung)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spremljevalec Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3600.193 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.193 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.193 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Компаньон Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Помощник на Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
25-03-2014 06:48:32 Windows Update
02-04-2014 04:47:28 Windows Update
10-04-2014 04:43:39 Windows Update
10-04-2014 05:56:02 Windows Update
15-04-2014 05:28:13 Windows Update
15-04-2014 05:48:50 Windows Update
15-04-2014 10:27:37 Windows Update
16-04-2014 06:04:06 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0DF61724-7884-4CA2-8764-49D056BAA9A3} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {3B48B969-F78E-4F7A-BDBB-A28AFB4F047E} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {74626A38-2425-4A33-B5F2-8BDF286A2456} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-06-01] (Samsung Electronics. Co. Ltd.)
Task: {85EE2CF0-591E-4A8D-BB90-87BB2538239E} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {87A33AEF-CE9C-4FC0-9D76-D0C353EE36D8} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: {96909D6D-592C-494B-A1EA-E2B2CACC686E} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {BC8C7339-D9A7-4DD6-9648-745C43D52232} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-05-06] (Samsung Electronics)
Task: {BCBDA5EF-4868-465B-B44A-53BD245BF385} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {BF91EC49-523D-4CA3-8DCA-95A8D859390E} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)
Task: {D18A08E9-8299-47EE-A6BD-DF6F67EF7909} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2013-12-11] (TuneUp Software)
Task: {EFE6B142-B33E-45A2-81D5-4E2BEA39187F} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2011-05-17] () <==== ATTENTION
Task: {F4C7DBAB-FD39-45A3-A468-DE0FD6F7A965} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.)
==================== Loaded Modules (whitelisted) =============
2010-11-06 05:52 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2014-04-06 16:01 - 2014-04-06 16:02 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2004-01-09 22:02 - 2004-01-09 22:02 - 00045056 _____ () C:\Program Files (x86)\AOL 9.0 VR\zlib.dll
2002-04-22 23:08 - 2002-04-22 23:08 - 00053248 _____ () C:\Program Files (x86)\AOL 9.0 VR\xmlparse.dll
2002-04-22 23:08 - 2002-04-22 23:08 - 00081920 _____ () C:\Program Files (x86)\AOL 9.0 VR\xmltok.dll
2013-12-07 18:54 - 2013-12-07 18:54 - 16237448 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: HW_OPENEYE_OUC_Mobile Partner => "C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe"
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
==================== Faulty Device Manager Devices =============
Name: WebCam SCB-0350M
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/11/2014 06:44:25 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CNQMUPDT.EXE, Version: 2.0.0.0, Zeitstempel: 0x4f7a7000
Name des fehlerhaften Moduls: CNMDWLD.DLL, Version: 1.0.0.0, Zeitstempel: 0x4f5eedc8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000023c6
ID des fehlerhaften Prozesses: 0x7e0
Startzeit der fehlerhaften Anwendung: 0xCNQMUPDT.EXE0
Pfad der fehlerhaften Anwendung: CNQMUPDT.EXE1
Pfad des fehlerhaften Moduls: CNQMUPDT.EXE2
Berichtskennung: CNQMUPDT.EXE3
Error: (03/08/2014 08:32:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: waol.exe, Version: 9.5.0.1, Zeitstempel: 0x4655457d
Name des fehlerhaften Moduls: tai2.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4610f6c1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x700028e4
ID des fehlerhaften Prozesses: 0xfa4
Startzeit der fehlerhaften Anwendung: 0xwaol.exe0
Pfad der fehlerhaften Anwendung: waol.exe1
Pfad des fehlerhaften Moduls: waol.exe2
Berichtskennung: waol.exe3
Error: (03/05/2014 03:37:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: waol.exe, Version: 9.5.0.1, Zeitstempel: 0x4655457d
Name des fehlerhaften Moduls: tai2.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4610f6c1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x700028e4
ID des fehlerhaften Prozesses: 0xa5c
Startzeit der fehlerhaften Anwendung: 0xwaol.exe0
Pfad der fehlerhaften Anwendung: waol.exe1
Pfad des fehlerhaften Moduls: waol.exe2
Berichtskennung: waol.exe3
Error: (03/04/2014 02:38:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 27.0.1.5156, Zeitstempel: 0x52fc0faa
Name des fehlerhaften Moduls: xul.dll, Version: 27.0.1.5156, Zeitstempel: 0x52fc0f79
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001560c7
ID des fehlerhaften Prozesses: 0x5f8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (09/23/2013 00:59:17 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: waol.exe, Version: 9.5.0.1, Zeitstempel: 0x4655457d
Name des fehlerhaften Moduls: tai2.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4610f6c1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0c2728e4
ID des fehlerhaften Prozesses: 0x111c
Startzeit der fehlerhaften Anwendung: 0xwaol.exe0
Pfad der fehlerhaften Anwendung: waol.exe1
Pfad des fehlerhaften Moduls: waol.exe2
Berichtskennung: waol.exe3
Error: (08/08/2013 11:02:56 AM) (Source: Application Hang) (User: )
Description: Programm waol.exe, Version 9.5.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c48
Startzeit: 01ce94143e766e1c
Endzeit: 31
Anwendungspfad: C:\Program Files (x86)\AOL 9.0 VR\waol.exe
Berichts-ID: 4163d525-0009-11e3-9b0c-b060a43aa11f
Error: (08/01/2013 04:35:21 PM) (Source: Application Hang) (User: )
Description: Programm waol.exe, Version 9.5.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 17a4
Startzeit: 01ce8ec41ae55c60
Endzeit: 32
Anwendungspfad: C:\Program Files (x86)\AOL 9.0 VR\waol.exe
Berichts-ID: 8d432a69-fab7-11e2-9dfd-bf0386a8611e
Error: (08/01/2013 04:33:32 PM) (Source: Application Hang) (User: )
Description: Programm waol.exe, Version 9.5.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b74
Startzeit: 01ce8ec0c71102de
Endzeit: 32
Anwendungspfad: C:\Program Files (x86)\AOL 9.0 VR\waol.exe
Berichts-ID: 489acc8b-fab7-11e2-9dfd-bf0386a8611e
Error: (07/05/2013 07:30:15 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TuneUpSystemStatusCheck.exe, Version: 12.0.3600.77, Zeitstempel: 0x4fc4dcd3
Name des fehlerhaften Moduls: msi.dll, Version: 5.0.7600.16992, Zeitstempel: 0x4f8024c1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0009726e
ID des fehlerhaften Prozesses: 0x1a6c
Startzeit der fehlerhaften Anwendung: 0xTuneUpSystemStatusCheck.exe0
Pfad der fehlerhaften Anwendung: TuneUpSystemStatusCheck.exe1
Pfad des fehlerhaften Moduls: TuneUpSystemStatusCheck.exe2
Berichtskennung: TuneUpSystemStatusCheck.exe3
System errors:
=============
Error: (04/19/2014 05:02:19 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 19.04.2014 um 17:00:59 unerwartet heruntergefahren.
Error: (04/17/2014 08:40:23 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (04/17/2014 07:07:01 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (04/16/2014 07:14:13 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (04/15/2014 11:56:56 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "NIKLAS-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{85B09D50-0417-4B5A-890D-332E8B1BD9BB}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (04/09/2014 03:27:32 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (04/09/2014 06:50:44 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (04/04/2014 10:36:30 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (04/03/2014 00:23:04 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (03/26/2014 07:54:27 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-02-21 14:21:50.380
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-21 14:21:50.380
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-21 14:21:50.380
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-21 14:21:50.330
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-21 14:21:50.330
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-21 14:21:50.330
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-29 19:26:25.221
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-29 19:26:25.221
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-29 19:25:22.400
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-29 19:25:22.400
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 46%
Total physical RAM: 3892.55 MB
Available physical RAM: 2070.06 MB
Total Pagefile: 7783.24 MB
Available Pagefile: 5520.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:112 GB) (Free:69.51 GB) NTFS
Drive d: () (Fixed) (Total:165.99 GB) (Free:153.96 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: E3DC05D6)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=166 GB) - (Type=OF Extended)
==================== End Of Log ============================
Gmer.txt: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-21 17:50:57
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Mama\AppData\Local\Temp\awldapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000778d1465 2 bytes [8D, 77]
.text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[1872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778d14bb 2 bytes [8D, 77]
.text ... * 2
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 373 0000000077721185 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077721195 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 395 000000007772131b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000777213cf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007772187e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 727 0000000077721ad7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077721bac 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077721d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 721 0000000077721e91 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077721ebf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 0000000077721f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077721f95 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077721fa7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 572 00000000777221ec 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 693 0000000077722265 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 49 00000000777224c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 563 00000000777226c3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 318 000000007772280e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077722863 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077722970 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 239 0000000077722a6f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077722af7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 371 0000000077722bf3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077722c10 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077722c32 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077722c8f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077722cf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 328 0000000077723018 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 823 0000000077723207 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000777236f0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000777237a1 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077723815 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text ... * 3
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077723956 8 bytes [D0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077723994 8 bytes [C0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 653 0000000077723c2d 16 bytes [B0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007776f780 8 bytes {JMP QWORD [RIP-0x4bf0e]}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007776f900 8 bytes {JMP QWORD [RIP-0x4bfb0]}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007776f930 8 bytes {JMP QWORD [RIP-0x4c195]}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007776fa50 8 bytes {JMP QWORD [RIP-0x4c203]}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007776fb00 8 bytes {JMP QWORD [RIP-0x4c2f1]}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077770130 8 bytes {JMP QWORD [RIP-0x4c501]}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077770380 8 bytes {JMP QWORD [RIP-0x4c759]}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077770be0 8 bytes {JMP QWORD [RIP-0x4d252]}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007402146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000740216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074021a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074021a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074021a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074021a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000778d1465 2 bytes [8D, 77]
.text C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778d14bb 2 bytes [8D, 77]
.text ... * 2
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 373 0000000077721185 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077721195 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 395 000000007772131b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000777213cf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007772187e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 727 0000000077721ad7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077721bac 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077721d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 721 0000000077721e91 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077721ebf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 0000000077721f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077721f95 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077721fa7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 572 00000000777221ec 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 693 0000000077722265 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 49 00000000777224c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 563 00000000777226c3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 318 000000007772280e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077722863 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077722970 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 239 0000000077722a6f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077722af7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 371 0000000077722bf3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077722c10 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077722c32 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077722c8f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077722cf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 328 0000000077723018 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 823 0000000077723207 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000777236f0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000777237a1 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077723815 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text ... * 3
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077723956 8 bytes [D0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077723994 8 bytes [C0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 653 0000000077723c2d 16 bytes [B0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007776f780 8 bytes {JMP QWORD [RIP-0x4bf0e]}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007776f900 8 bytes {JMP QWORD [RIP-0x4bfb0]}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007776f930 8 bytes {JMP QWORD [RIP-0x4c195]}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007776fa50 8 bytes {JMP QWORD [RIP-0x4c203]}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007776fb00 8 bytes {JMP QWORD [RIP-0x4c2f1]}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077770130 8 bytes {JMP QWORD [RIP-0x4c501]}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077770380 8 bytes {JMP QWORD [RIP-0x4c759]}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077770be0 8 bytes {JMP QWORD [RIP-0x4d252]}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007402146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000740216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074021a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074021a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074021a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe[5376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074021a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 373 0000000077721185 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 0000000077721195 8 bytes {JMP 0xd}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 395 000000007772131b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000777213cf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007772187e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 727 0000000077721ad7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 0000000077721bac 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077721d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 721 0000000077721e91 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077721ebf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76 0000000077721f3c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 0000000077721f95 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 0000000077721fa7 8 bytes {JMP 0xb}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 572 00000000777221ec 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 693 0000000077722265 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 49 00000000777224c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 563 00000000777226c3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 318 000000007772280e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077722863 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077722970 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 239 0000000077722a6f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077722af7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 371 0000000077722bf3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 0000000077722c10 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077722c32 8 bytes {JMP 0x10}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 0000000077722c8f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 0000000077722cf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 328 0000000077723018 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 823 0000000077723207 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000777236f0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000777237a1 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 0000000077723815 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text ... * 3
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077723956 8 bytes [D0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077723994 8 bytes [C0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 653 0000000077723c2d 16 bytes [B0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007776f780 8 bytes {JMP QWORD [RIP-0x4bf0e]}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007776f900 8 bytes {JMP QWORD [RIP-0x4bfb0]}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007776f930 8 bytes {JMP QWORD [RIP-0x4c195]}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007776fa50 8 bytes {JMP QWORD [RIP-0x4c203]}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007776fb00 8 bytes {JMP QWORD [RIP-0x4c2f1]}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077770130 8 bytes {JMP QWORD [RIP-0x4c501]}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077770380 8 bytes {JMP QWORD [RIP-0x4c759]}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077770be0 8 bytes {JMP QWORD [RIP-0x4d252]}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000740213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007402146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000740216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000740216e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000740219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000740219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074021a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074021a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074021a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Mama\Desktop\Gmer-19357.exe[5188] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074021a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
| Themen zu AOL verschickt selbstständig weitergeleitete E-Mail |
| administrator, adobe, browser, canon, defender, e-mail, ebanking, error, explorer, fast start, firefox, flash player, helper, home, iexplore.exe, internet, kaspersky, mozilla, mp3, ordner, registry, scan, security, services.exe, software, svchost.exe, system, winlogon.exe |
Baum-Darstellung