| |
| |||||||
Log-Analyse und Auswertung: Windows 7: PC ist sehr langsam und hängt unregelmäßig einige SekundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.09.2013, 21:14
| #1 |
| |  Windows 7: PC ist sehr langsam und hängt unregelmäßig einige Sekunden Hallo zusammen, seit einigen Tagen ist mein Rechner extrem unbeständig in seiner Leistung. Trotz geringer CPU-Auslastung bringen ihn bereits kleine Aufgaben zum Hängen. Darüber hinaus hängt sich der PC zwischendurch für einige Sekunden auf und arbeitet, gefühlt, nicht weiter. Vielen Dank für eure Hilfe! Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:50 on 12/09/2013 (Hindersmann)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2013 Ran by Hindersmann (administrator) on HINDERSMANN-PC on 12-09-2013 21:51:57 Running from D:\Users\Hindersmann\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) D:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (ASUS) D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (Microsoft Corporation) D:\Windows\system32\WLANExt.exe (ASUS) D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (NVIDIA Corporation) D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) D:\Windows\system32\nvvsvc.exe (ASUS) D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (Intel Corporation) D:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Cisco Systems, Inc.) D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe () D:\Windows\SysWOW64\DptfParticipantProcessorService.exe () D:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe (Intel(R) Corporation) D:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) D:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe (pdfforge GmbH) D:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) D:\Program Files (x86)\PDF Architect\ConversionService.exe (Intel(R) Corporation) D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Intel® Corporation) D:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel Corporation) D:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (ASUSTek Computer Inc.) D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe (Stefan Hirschmann) D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\NoteBookFanControl.exe (ASUS) D:\Program Files\ASUS\P4G\BatteryLife.exe (ASUS) D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Google Inc.) D:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.) D:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe (ASUSTek Computer Inc.) D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Intel Corporation) D:\Windows\System32\igfxtray.exe (Intel Corporation) D:\Windows\System32\hkcmd.exe (Intel Corporation) D:\Windows\System32\igfxpers.exe (Realtek Semiconductor) D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ASUSTeK Computer Inc.) D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ELAN Microelectronics Corp.) D:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) D:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (ELAN Microelectronics Corp.) D:\Program Files\Elantech\ETDCtrlHelper.exe (ASUSTek Computer Inc.) D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Adobe Systems Inc.) D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (NVIDIA Corporation) D:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) D:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) D:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (OldTimer Tools) D:\Users\Hindersmann\Desktop\OTL.exe (Microsoft Corporation) D:\Windows\system32\taskmgr.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - D:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [RTHDVCPL] - D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "D:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [ASUSQuickGesture(x86)] - D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.) HKLM\...\Run: [ASUSTPLoader(x64)] - D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek) HKLM\...\Run: [ASUSQuickGesture(x64)] - D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.) HKLM\...\Run: [ETDCtrl] - D:\Program Files\Elantech\ETDCtrl.exe [2892584 2011-12-12] (ELAN Microelectronics Corp.) HKCU\...\Run: [GoogleChromeAutoLaunch_928877A4C7DF6A5F4EDCBFA23A443A70] - D:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392 2013-09-02] (Google Inc.) MountPoints2: {4ec2eb6d-1938-11e2-82ef-c485083c725f} - F:\Password.exe MountPoints2: {f82d4048-a2d6-11e2-bbb4-c485083c725f} - F:\auvisio.exe HKLM-x32\...\Run: [USB3MON] - D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation) HKLM-x32\...\Run: [ATKOSD2] - D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ATKMEDIA] - D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [HControlUser] - D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Adobe ARM] - D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.) AppInit_DLLs: D:\Windows\system32\nvinitx.dll [250504 2013-03-15] (NVIDIA Corporation) AppInit_DLLs-x32: d:\windows\syswow64\nvinit.dll [205184 2013-03-15] (NVIDIA Corporation) Startup: D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> D:\Users\Hindersmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB2BBF1DA552DCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B44DC485083C725C&affID=119779&tt=250613_gr3&tsp=4924 SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=o0&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869 BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: ASUS Browser Extension x64 - {78234974-0C4B-4111-BDEB-D9A104418772} - D:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.) BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - D:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: ASUS Browser Extension x86 - {78234974-0C4B-4111-BDEB-D9A104418771} - D:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.) BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - D:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default FF user.js: detected! => D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\user.js FF Plugin: @adobe.com/FlashPlayer - D:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 - D:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 - D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect - D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin: adobe.com/AdobeExManDetect - D:\Program Files (x86)\Adobe\Photoshop\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - D:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - D:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - D:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - D:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - D:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF Plugin-x32: @nvidia.com/3DVision - D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Acrobat - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader - D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect - D:\Program Files (x86)\Adobe\Photoshop\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF SearchPlugin: D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\searchplugins\babylon.xml FF SearchPlugin: D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\searchplugins\delta.xml FF SearchPlugin: D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\searchplugins\sweetim.xml FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: EPUBReader - D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} FF Extension: fpw - D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\Extensions\fpw@informatik.tu-darmstadt.de.xpi FF Extension: groovesharkUnlocker - D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\Extensions\groovesharkUnlocker@overlord1337.xpi FF Extension: hdvc - D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\Extensions\hdvc@hdvc.com.xpi FF Extension: No Name - D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi FF Extension: No Name - D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - D:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - D:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ FF Extension: Norton Toolbar - D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ FF Extension: Norton Vulnerability Protection - D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ Chrome: ======= CHR Extension: (YouTube) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Grooveshark Germany unlocker) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0 CHR Extension: (Adobe Acrobat - Create PDF) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0 CHR Extension: (ProxTube) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclefogcenncfmmekelnpgpehiglcjln\1.2.4_0 CHR Extension: (ZenMate for Google Chrome\u2122) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme\2.9_0 CHR Extension: (AdBlock) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0 CHR Extension: (IP Address) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjndloejlcbpkholmagjbddfkjmmploh\1.10_0 CHR Extension: (Porsche) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3_0 CHR Extension: (IP Address) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml\7.1_0 CHR Extension: (Downloaders) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0 CHR Extension: (Norton Identity Protection) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0 CHR Extension: (Chrome In-App Payments service) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (YouTube Unblocker) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.4.4_0 CHR Extension: (Type Fu) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\okboeogmnhjpgbeaokfogelclpblaemo\2.0.0_0 CHR Extension: (Gmail) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx CHR HKLM-x32\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - D:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx ==================== Services (Whitelisted) ================= R2 ASUS InstantOn; D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 DptfParticipantProcessorService; D:\Windows\SysWOW64\DptfParticipantProcessorService.exe [18944 2012-02-20] () R2 DptfPolicyConfigTDPService; D:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [19968 2012-02-20] () R2 Intel(R) ME Service; D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MSSQL$SQLEXPRESS; D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) S3 MyWiFiDHCPDNS; D:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] () R2 N360; D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 PDF Architect Helper Service; D:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; D:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) S4 SQLAgent$SQLEXPRESS; D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) R2 ZeroConfigService; D:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [1525336 2013-09-04] (Symantec Corporation) R1 BHDrvx64; D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [1525336 2013-09-04] (Symantec Corporation) S3 bsitf; D:\Program Files (x86)\ASUS\WinFlash\bsitf64.sys [13440 2010-01-05] (ASUSTek Computer Inc.) S3 bsitf; D:\Program Files (x86)\ASUS\WinFlash\bsitf64.sys [13440 2010-01-05] (ASUSTek Computer Inc.) R1 ccSet_N360; D:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R3 CVPNDRVA; D:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () R3 CVPNDRVA; D:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () R3 DptfDevDram; D:\Windows\System32\DRIVERS\DptfDevDram.sys [107288 2012-02-20] (Intel Corporation) R3 DptfDevFan; D:\Windows\System32\DRIVERS\DptfDevFan.sys [42776 2012-02-20] (Intel Corporation) R3 DptfDevGen; D:\Windows\System32\DRIVERS\DptfDevGen.sys [64792 2012-02-20] (Intel Corporation) R3 DptfDevPch; D:\Windows\System32\DRIVERS\DptfDevPch.sys [96024 2012-02-20] (Intel Corporation) R3 DptfDevProc; D:\Windows\System32\DRIVERS\DptfDevProc.sys [220952 2012-02-20] (Intel Corporation) R3 DptfManager; D:\Windows\System32\DRIVERS\DptfManager.sys [357656 2012-02-20] (Intel Corporation) R1 dtsoftbus01; D:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-28] (DT Soft Ltd) R1 eeCtrl; D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-30] (Symantec Corporation) R1 eeCtrl; D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-30] (Symantec Corporation) R3 EraserUtilRebootDrv; D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-30] (Symantec Corporation) R3 ETDKbdf; D:\Windows\System32\DRIVERS\ETDKbdf.sys [15656 2011-12-12] (ELAN Microelectronics Corp.) R1 IDSVia64; D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130911.001\IDSvia64.sys [520280 2013-08-29] (Symantec Corporation) R1 IDSVia64; D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130911.001\IDSvia64.sys [520280 2013-08-29] (Symantec Corporation) R3 NAVENG; D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130912.001\ENG64.SYS [126040 2013-08-30] (Symantec Corporation) R3 NAVENG; D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130912.001\ENG64.SYS [126040 2013-08-30] (Symantec Corporation) R3 NAVEX15; D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130912.001\EX64.SYS [2099288 2013-08-30] (Symantec Corporation) R3 NAVEX15; D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130912.001\EX64.SYS [2099288 2013-08-30] (Symantec Corporation) R3 SRTSP; D:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R1 SRTSPX; D:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) R0 SymDS; D:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R0 SymEFA; D:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) R3 SymEvent; D:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-30] (Symantec Corporation) R1 SymIRON; D:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R1 SymNetS; D:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) S1 UimBus; D:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-09-13] (Windows (R) 2000 DDK provider) S1 Uim_IM; D:\Windows\System32\Drivers\Uim_IMx64.sys [633552 2012-09-13] (Paragon) S1 Uim_VIM; D:\Windows\System32\Drivers\uim_vimx64.sys [390224 2012-09-13] (Paragon) S3 VSPerfDrv100; D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation) S3 VSPerfDrv100; D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation) S3 EagleX64; \??\D:\Windows\system32\drivers\EagleX64.sys [x] R3 WinRing0_1_2_0; \??\D:\Users\Hindersmann\AppData\Local\Temp\tmp950D.tmp [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-12 21:51 - 2013-09-12 21:51 - 00000000 ____D D:\FRST 2013-09-12 21:50 - 2013-09-12 21:51 - 01949660 _____ (Farbar) D:\Users\Hindersmann\Desktop\FRST64.exe 2013-09-12 21:50 - 2013-09-12 21:50 - 00000484 _____ D:\Users\Hindersmann\Desktop\defogger_disable.log 2013-09-12 21:50 - 2013-09-12 21:50 - 00000000 _____ D:\Users\Hindersmann\defogger_reenable 2013-09-12 21:49 - 2013-09-12 21:49 - 00050477 _____ D:\Users\Hindersmann\Desktop\Defogger.exe 2013-09-12 21:46 - 2013-09-12 21:46 - 00098680 _____ D:\Users\Hindersmann\Desktop\Extras.Txt 2013-09-12 21:45 - 2013-09-12 21:45 - 00163256 _____ D:\Users\Hindersmann\Desktop\OTL.Txt 2013-09-12 21:38 - 2013-09-12 21:38 - 00602112 _____ (OldTimer Tools) D:\Users\Hindersmann\Desktop\OTL.exe 2013-09-12 20:39 - 2013-08-30 10:11 - 769845165 _____ D:\Users\Hindersmann\Downloads\mfhmavabrandijuliamrpete_720.mp4 2013-09-12 16:45 - 2013-09-12 16:45 - 00000000 ____D D:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-12 16:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\mbam.sys 2013-09-12 16:44 - 2013-09-12 16:44 - 00000085 _____ D:\Windows\wininit.ini 2013-09-12 16:41 - 2013-09-12 16:41 - 00000000 ____D D:\Windows\System32\Tasks\Safer-Networking 2013-09-12 16:40 - 2013-09-12 16:43 - 00000000 ____D D:\ProgramData\Spybot - Search & Destroy 2013-09-11 17:28 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) D:\Windows\system32\ie4uinit.exe 2013-09-11 17:28 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) D:\Windows\system32\iertutil.dll 2013-09-11 17:28 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) D:\Windows\system32\ieui.dll 2013-09-11 17:28 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) D:\Windows\system32\iesysprep.dll 2013-09-11 17:28 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) D:\Windows\system32\iesetup.dll 2013-09-11 17:28 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) D:\Windows\system32\iernonce.dll 2013-09-11 17:28 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iertutil.dll 2013-09-11 17:28 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieui.dll 2013-09-11 17:28 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iesysprep.dll 2013-09-11 17:28 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iesetup.dll 2013-09-11 17:28 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iernonce.dll 2013-09-11 17:28 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.tlb 2013-09-11 17:28 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.tlb 2013-09-11 17:28 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) D:\Windows\system32\RegisterIEPKEYs.exe 2013-09-11 17:28 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) D:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-11 17:27 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) D:\Windows\system32\wininet.dll 2013-09-11 17:27 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) D:\Windows\system32\urlmon.dll 2013-09-11 17:27 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.dll 2013-09-11 17:27 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) D:\Windows\system32\msfeeds.dll 2013-09-11 17:27 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) D:\Windows\system32\jsproxy.dll 2013-09-11 17:27 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) D:\Windows\system32\ieframe.dll 2013-09-11 17:27 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) D:\Windows\system32\jscript9.dll 2013-09-11 17:27 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) D:\Windows\system32\jscript.dll 2013-09-11 17:27 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wininet.dll 2013-09-11 17:27 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) D:\Windows\SysWOW64\urlmon.dll 2013-09-11 17:27 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.dll 2013-09-11 17:27 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieframe.dll 2013-09-11 17:27 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript9.dll 2013-09-11 17:27 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript.dll 2013-09-11 17:27 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msfeeds.dll 2013-09-11 17:27 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jsproxy.dll 2013-09-11 16:55 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) D:\Windows\system32\Drivers\ataport.sys 2013-09-11 16:55 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) D:\Windows\system32\ntoskrnl.exe 2013-09-11 16:55 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) D:\Windows\system32\ntdll.dll 2013-09-11 16:55 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) D:\Windows\system32\wow64win.dll 2013-09-11 16:55 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) D:\Windows\system32\wow64.dll 2013-09-11 16:55 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) D:\Windows\system32\wow64cpu.dll 2013-09-11 16:55 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) D:\Windows\system32\winsrv.dll 2013-09-11 16:55 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) D:\Windows\system32\ntvdm64.dll 2013-09-11 16:55 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) D:\Windows\system32\kernel32.dll 2013-09-11 16:55 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) D:\Windows\system32\KernelBase.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) D:\Windows\system32\csrsrv.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) D:\Windows\system32\apisetschema.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ntkrnlpa.exe 2013-09-11 16:55 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ntoskrnl.exe 2013-09-11 16:55 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ntdll.dll 2013-09-11 16:55 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) D:\Windows\SysWOW64\kernel32.dll 2013-09-11 16:55 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) D:\Windows\SysWOW64\KernelBase.dll 2013-09-11 16:55 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wow32.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) D:\Windows\SysWOW64\apisetschema.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) D:\Windows\system32\conhost.exe 2013-09-11 16:55 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) D:\Windows\system32\smss.exe 2013-09-11 16:55 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) D:\Windows\SysWOW64\setup16.exe 2013-09-11 16:55 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ntvdm64.dll 2013-09-11 16:55 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) D:\Windows\SysWOW64\instnm.exe 2013-09-11 16:55 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) D:\Windows\SysWOW64\user.exe 2013-09-11 16:55 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-11 16:55 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-11 16:54 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) D:\Windows\system32\win32k.sys 2013-09-11 16:54 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) D:\Windows\system32\shell32.dll 2013-09-11 16:54 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) D:\Windows\system32\shdocvw.dll 2013-09-11 16:54 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) D:\Windows\SysWOW64\shell32.dll 2013-09-11 16:54 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) D:\Windows\SysWOW64\shdocvw.dll 2013-09-08 12:44 - 2013-09-12 19:09 - 00000000 ____D D:\Users\Hindersmann\Desktop\5-076 Übungsdateien 2013-09-06 17:24 - 2013-09-06 17:24 - 00000000 ____D D:\Users\Hindersmann\Downloads\Sportmuffel 2013-09-05 20:43 - 2013-09-05 20:43 - 00000000 ____D D:\Program Files (x86)\Microsoft Silverlight 2013-09-03 18:41 - 2013-09-05 17:00 - 00000000 ____D D:\Users\Hindersmann\DigSig 2013-09-01 17:42 - 2013-09-01 17:42 - 00000000 ____D D:\Windows\System32\Tasks\Norton 360 2013-08-29 23:26 - 2013-09-01 17:37 - 00003206 _____ D:\Windows\System32\Tasks\Norton WSC Integration 2013-08-29 23:26 - 2013-08-30 10:54 - 00177312 _____ (Symantec Corporation) D:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2013-08-29 23:26 - 2013-08-30 10:54 - 00007631 _____ D:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2013-08-29 23:26 - 2013-08-29 23:26 - 00000000 ____D D:\Program Files\Symantec 2013-08-29 23:26 - 2013-08-29 23:26 - 00000000 ____D D:\Program Files\Common Files\Symantec Shared 2013-08-29 23:23 - 2013-09-01 17:37 - 00000000 ____D D:\Windows\system32\Drivers\N360x64 2013-08-29 23:23 - 2013-08-29 23:27 - 00000000 ____D D:\ProgramData\Norton 2013-08-29 23:23 - 2013-08-29 23:23 - 00000000 ____D D:\Program Files (x86)\Norton 360 2013-08-29 23:14 - 2013-08-29 23:14 - 00000000 ____D D:\Users\Hindersmann\Downloads\Norton360.Final.German 2013-08-21 21:15 - 2013-09-12 20:19 - 00034554 _____ D:\Windows\PFRO.log 2013-08-16 08:31 - 2013-09-12 21:19 - 00004043 _____ D:\Windows\setupact.log 2013-08-16 08:31 - 2013-08-16 08:32 - 00000000 ____D D:\Users\Hindersmann\Desktop\Elektrotechnik 2013-08-16 08:31 - 2013-08-16 08:31 - 00000000 _____ D:\Windows\setuperr.log 2013-08-15 22:06 - 2013-09-11 17:27 - 00000000 ____D D:\Windows\system32\MRT 2013-08-14 15:49 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) D:\Windows\system32\wintrust.dll 2013-08-14 15:49 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) D:\Windows\system32\crypt32.dll 2013-08-14 15:49 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) D:\Windows\system32\cryptsvc.dll 2013-08-14 15:49 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) D:\Windows\system32\cryptnet.dll 2013-08-14 15:49 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wintrust.dll 2013-08-14 15:49 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) D:\Windows\SysWOW64\crypt32.dll 2013-08-14 15:49 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) D:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 15:49 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) D:\Windows\SysWOW64\cryptnet.dll 2013-08-14 15:48 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) D:\Windows\system32\WMVDECOD.DLL 2013-08-14 15:48 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) D:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 15:48 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) D:\Windows\system32\tzres.dll 2013-08-14 15:48 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) D:\Windows\SysWOW64\tzres.dll 2013-08-14 15:48 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) D:\Windows\system32\rpcrt4.dll 2013-08-14 15:48 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) D:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 15:48 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) D:\Windows\system32\Drivers\tcpip.sys 2013-08-14 15:48 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) D:\Windows\system32\Drivers\tssecsrv.sys ==================== One Month Modified Files and Folders ======= 2013-09-12 21:51 - 2013-09-12 21:51 - 00000000 ____D D:\FRST 2013-09-12 21:51 - 2013-09-12 21:50 - 01949660 _____ (Farbar) D:\Users\Hindersmann\Desktop\FRST64.exe 2013-09-12 21:50 - 2013-09-12 21:50 - 00000484 _____ D:\Users\Hindersmann\Desktop\defogger_disable.log 2013-09-12 21:50 - 2013-09-12 21:50 - 00000000 _____ D:\Users\Hindersmann\defogger_reenable 2013-09-12 21:50 - 2012-09-30 21:37 - 00000000 ____D D:\Users\Hindersmann 2013-09-12 21:49 - 2013-09-12 21:49 - 00050477 _____ D:\Users\Hindersmann\Desktop\Defogger.exe 2013-09-12 21:46 - 2013-09-12 21:46 - 00098680 _____ D:\Users\Hindersmann\Desktop\Extras.Txt 2013-09-12 21:46 - 2012-10-14 23:13 - 00001120 _____ D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-12 21:45 - 2013-09-12 21:45 - 00163256 _____ D:\Users\Hindersmann\Desktop\OTL.Txt 2013-09-12 21:38 - 2013-09-12 21:38 - 00602112 _____ (OldTimer Tools) D:\Users\Hindersmann\Desktop\OTL.exe 2013-09-12 21:27 - 2012-10-01 01:34 - 00000000 ____D D:\Users\Hindersmann\AppData\Roaming\vlc 2013-09-12 21:26 - 2009-07-14 19:58 - 00773946 _____ D:\Windows\system32\perfh007.dat 2013-09-12 21:26 - 2009-07-14 19:58 - 00177318 _____ D:\Windows\system32\perfc007.dat 2013-09-12 21:26 - 2009-07-14 07:13 - 01806990 _____ D:\Windows\system32\PerfStringBackup.INI 2013-09-12 21:26 - 2009-07-14 06:45 - 00015600 ____H D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-12 21:26 - 2009-07-14 06:45 - 00015600 ____H D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-12 21:22 - 2013-06-16 22:22 - 01734361 _____ D:\Windows\WindowsUpdate.log 2013-09-12 21:19 - 2013-08-16 08:31 - 00004043 _____ D:\Windows\setupact.log 2013-09-12 21:19 - 2013-06-28 13:56 - 00000530 _____ D:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job 2013-09-12 21:19 - 2013-04-05 07:31 - 00000212 _____ D:\Windows\Tasks\AutoKMS.job 2013-09-12 21:19 - 2012-10-14 23:13 - 00001116 _____ D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-12 21:19 - 2012-10-01 16:49 - 00000000 ____D D:\Users\Hindersmann\AppData\Roaming\Dropbox 2013-09-12 21:19 - 2012-09-30 21:57 - 00000828 _____ D:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-09-12 21:19 - 2012-09-30 21:48 - 00000000 ____D D:\ProgramData\NVIDIA 2013-09-12 21:19 - 2009-07-14 07:08 - 00000006 ____H D:\Windows\Tasks\SA.DAT 2013-09-12 21:02 - 2013-06-25 16:35 - 00000000 ____D D:\Program Files (x86)\Azureus 2013-09-12 21:02 - 2013-02-25 21:47 - 00000000 ____D D:\Program Files (x86)\WISO 2013-09-12 21:02 - 2012-09-30 21:51 - 00000000 ___HD D:\Program Files (x86)\InstallShield Installation Information 2013-09-12 20:58 - 2012-10-01 14:42 - 00000000 ____D D:\Program Files (x86)\Adobe 2013-09-12 20:57 - 2012-10-20 15:55 - 00000000 ____D D:\Program Files\Common Files\Adobe 2013-09-12 20:56 - 2012-10-14 23:13 - 00000000 ____D D:\Program Files (x86)\Google 2013-09-12 20:54 - 2013-03-19 17:04 - 00000000 ____D D:\Program Files (x86)\Steam 2013-09-12 20:54 - 2012-10-01 02:03 - 00000884 _____ D:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-12 20:46 - 2012-10-01 22:17 - 00000000 ____D D:\Users\Hindersmann\Documents\Outlook-Dateien 2013-09-12 20:19 - 2013-08-21 21:15 - 00034554 _____ D:\Windows\PFRO.log 2013-09-12 19:09 - 2013-09-08 12:44 - 00000000 ____D D:\Users\Hindersmann\Desktop\5-076 Übungsdateien 2013-09-12 18:51 - 2013-06-25 17:49 - 00000000 ____D D:\Program Files (x86)\hdvidcodec.com 2013-09-12 16:45 - 2013-09-12 16:45 - 00000000 ____D D:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-12 16:44 - 2013-09-12 16:44 - 00000085 _____ D:\Windows\wininit.ini 2013-09-12 16:43 - 2013-09-12 16:40 - 00000000 ____D D:\ProgramData\Spybot - Search & Destroy 2013-09-12 16:41 - 2013-09-12 16:41 - 00000000 ____D D:\Windows\System32\Tasks\Safer-Networking 2013-09-12 16:39 - 2012-09-30 22:07 - 00000000 ____D D:\Users\Hindersmann\AppData\Roaming\DAEMON Tools Lite 2013-09-11 17:42 - 2013-03-18 22:30 - 00000000 ____D D:\Users\Hindersmann\AppData\Local\think-cell 2013-09-11 17:35 - 2013-04-14 19:26 - 05052760 _____ D:\Windows\system32\FNTCACHE.DAT 2013-09-11 17:35 - 2012-09-30 22:30 - 00000000 ____D D:\Windows\Panther 2013-09-11 17:35 - 2012-09-30 21:37 - 00000000 ___RD D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-11 17:35 - 2012-09-30 21:37 - 00000000 ___RD D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-11 17:27 - 2013-08-15 22:06 - 00000000 ____D D:\Windows\system32\MRT 2013-09-11 17:25 - 2012-10-01 01:39 - 79143768 _____ (Microsoft Corporation) D:\Windows\system32\MRT.exe 2013-09-11 17:24 - 2012-10-01 17:08 - 00000000 ____D D:\ProgramData\Microsoft Help 2013-09-09 17:40 - 2012-11-26 23:22 - 00000000 ____D D:\Users\Hindersmann\workspace 2013-09-08 13:23 - 2012-09-30 21:57 - 00000830 _____ D:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-09-08 12:53 - 2013-04-05 07:31 - 00000202 _____ D:\Windows\Tasks\AutoKMSDaily.job 2013-09-06 17:24 - 2013-09-06 17:24 - 00000000 ____D D:\Users\Hindersmann\Downloads\Sportmuffel 2013-09-05 20:43 - 2013-09-05 20:43 - 00000000 ____D D:\Program Files (x86)\Microsoft Silverlight 2013-09-05 17:00 - 2013-09-03 18:41 - 00000000 ____D D:\Users\Hindersmann\DigSig 2013-09-01 17:42 - 2013-09-01 17:42 - 00000000 ____D D:\Windows\System32\Tasks\Norton 360 2013-09-01 17:37 - 2013-08-29 23:26 - 00003206 _____ D:\Windows\System32\Tasks\Norton WSC Integration 2013-09-01 17:37 - 2013-08-29 23:23 - 00000000 ____D D:\Windows\system32\Drivers\N360x64 2013-08-30 10:54 - 2013-08-29 23:26 - 00177312 _____ (Symantec Corporation) D:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2013-08-30 10:54 - 2013-08-29 23:26 - 00007631 _____ D:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2013-08-30 10:11 - 2013-09-12 20:39 - 769845165 _____ D:\Users\Hindersmann\Downloads\mfhmavabrandijuliamrpete_720.mp4 2013-08-29 23:27 - 2013-08-29 23:23 - 00000000 ____D D:\ProgramData\Norton 2013-08-29 23:26 - 2013-08-29 23:26 - 00000000 ____D D:\Program Files\Symantec 2013-08-29 23:26 - 2013-08-29 23:26 - 00000000 ____D D:\Program Files\Common Files\Symantec Shared 2013-08-29 23:23 - 2013-08-29 23:23 - 00000000 ____D D:\Program Files (x86)\Norton 360 2013-08-29 23:14 - 2013-08-29 23:14 - 00000000 ____D D:\Users\Hindersmann\Downloads\Norton360.Final.German 2013-08-21 17:03 - 2012-11-04 17:27 - 00000000 ____D D:\Program Files (x86)\Mozilla Firefox 2013-08-21 17:03 - 2012-09-30 22:08 - 00000000 ____D D:\Program Files (x86)\Mozilla Maintenance Service 2013-08-19 23:03 - 2009-07-14 05:20 - 00000000 ____D D:\Windows\rescache 2013-08-19 13:49 - 2013-05-29 20:43 - 00000000 ____D D:\Users\Hindersmann\Documents\MATLAB 2013-08-19 13:16 - 2012-10-01 17:08 - 00000000 ____D D:\Users\Hindersmann\AppData\Local\Microsoft Help 2013-08-16 08:32 - 2013-08-16 08:31 - 00000000 ____D D:\Users\Hindersmann\Desktop\Elektrotechnik 2013-08-16 08:31 - 2013-08-16 08:31 - 00000000 _____ D:\Windows\setuperr.log Files to move or delete: ==================== D:\Users\Hindersmann\AppData\Local\Temp\SpotifyUninstall.exe ==================== Bamital & volsnap Check ================= D:\Windows\System32\winlogon.exe => MD5 is legit D:\Windows\System32\wininit.exe => MD5 is legit D:\Windows\SysWOW64\wininit.exe => MD5 is legit D:\Windows\explorer.exe => MD5 is legit D:\Windows\SysWOW64\explorer.exe => MD5 is legit D:\Windows\System32\svchost.exe => MD5 is legit D:\Windows\SysWOW64\svchost.exe => MD5 is legit D:\Windows\System32\services.exe => MD5 is legit D:\Windows\System32\User32.dll => MD5 is legit D:\Windows\SysWOW64\User32.dll => MD5 is legit D:\Windows\System32\userinit.exe => MD5 is legit D:\Windows\SysWOW64\userinit.exe => MD5 is legit D:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-11 04:15 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2013 Ran by Hindersmann at 2013-09-12 21:52:13 Running from D:\Users\Hindersmann\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 64 Bit HP CIO Components Installer (Version: 6.2.2) 8500A909_BasicWeb (x32 Version: 140.0.000.000) 8500A909_Help_BasicWeb (x32 Version: 1.00.0000) Adobe Acrobat XI Pro (x32 Version: 11.0.04) Adobe AIR (x32 Version: 3.4.0.2710) Adobe Flash Player 11 ActiveX (x32 Version: 11.6.602.180) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Help Manager (x32 Version: 4.0.244) Adobe Photoshop CS6 (x32 Version: 13.0) Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8) Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122) ASUS Power4Gear Hybrid (Version: 1.2.2) ASUS Smart Gesture (x32 Version: 1.0.32) ATK Package (x32 Version: 1.0.0020) AX88772B Windows 7 Drivers (x32 Version: 1.0.2.0) bpd_scan (x32 Version: 3.00.0000) BPDSoftware (x32 Version: 140.0.000.000) BPDSoftware_Ini (x32 Version: 1.00.0000) BufferChm (x32 Version: 140.0.213.000) Canon MG5100 series MP Drivers CCleaner (Version: 4.04) Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7) CPUID CPU-Z 1.63.0 Crystal Reports for Visual Studio (x32 Version: 12.51.0.240) DAEMON Tools Lite (x32 Version: 4.47.1.0333) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Dotfuscator Software Services - Community Edition - DEU (x32 Version: 5.0.2300.0) Dotfuscator Software Services - Community Edition (x32 Version: 5.0.2300.0) Dropbox (HKCU Version: 2.0.22) ETDWare PS/2-X64 10.6.6.0 (Version: 10.6.6.0) FileZilla Client 3.5.3 (x32 Version: 3.5.3) Google Chrome (x32 Version: 29.0.1547.66) Google Update Helper (x32 Version: 1.3.21.153) GPL Ghostscript (Version: 9.06) HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät (Version: 28.0.1313.0) HP Officejet Pro 8500 A909 Series (Version: 14.0) HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (Version: 28.0.1315.0) IAR Embedded Workbench Demo for H8 1.52D (x32) InstantOn for NB (x32 Version: 2.3.3) Intel PROSet Wireless Intel(R) Dynamic Platform & Thermal Framework (x32 Version: 6.0.1.1067) Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252) Intel(R) OpenCL CPU Runtime (x32) Intel(R) Processor Graphics (x32 Version: 8.15.10.2761) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.2.0.0284) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.1.2.0206) Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.5.235) Intel® PROSet/Wireless WiFi-Software (Version: 15.02.0000.1258) Intel® Trusted Connect Service Client (Version: 1.24.388.1) Java 7 Update 25 (x32 Version: 7.0.250) Java 7 Update 9 (64-bit) (Version: 7.0.90) Java Auto Updater (x32 Version: 2.1.9.5) Java SE Development Kit 7 Update 9 (64-bit) (Version: 1.7.0.90) JDownloader 0.9 (x32 Version: 0.9) KeePass Password Safe 1.24 (x32 Version: 1.24) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MATLAB R2013a (Version: 8.1) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000) Microsoft ASP.NET MVC 2 - DEU (x32 Version: 2.0.50331.0) Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (x32 Version: 2.0.50331.0) Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (x32 Version: 2.0.50217.0) Microsoft ASP.NET MVC 2 (x32 Version: 2.0.50217.0) Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0) Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.1.99.0) Microsoft Help Viewer 1.0 (Version: 1.0.30319) Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (x32 Version: 5.1.20513.0) Microsoft SQL Server 2008 (64-bit) Microsoft SQL Server 2008 Browser (x32 Version: 10.1.2531.0) Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22) Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0) Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0) Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0) Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0) Microsoft SQL Server 2008 R2 Data-Tier Application Project (x32 Version: 10.50.1447.4) Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4) Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1447.4) Microsoft SQL Server 2008 R2 Transact-SQL Language Service (x32 Version: 10.50.1447.4) Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (x32 Version: 10.50.1447.4) Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0) Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0) Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0) Microsoft SQL Server Database Publishing Wizard 1.4 (x32 Version: 10.1.2512.8) Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4) Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1447.4) Microsoft SQL Server VSS Writer (Version: 10.1.2531.0) Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (Version: 1.0.3010.0) Microsoft Sync Framework SDK v1.0 SP1 de (x32 Version: 1.0.3010.0) Microsoft Sync Framework Services v1.0 SP1 (x64) de (Version: 1.0.3010.0) Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (Version: 2.0.3010.0) Microsoft Team Foundation Server 2010 Object Model - DEU (Version: 10.0.30319) Microsoft Team Foundation Server 2010-Objektmodell - DEU (Version: 10.0.30319) Microsoft Visio 2010 Service Pack 1 (SP1) (x32) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (x32 Version: 10.0.30319) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319) Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (Version: 10.0.30319) Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319) Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU (Version: 10.0.30319) Microsoft Visual Studio 2010 Performance Collection Tools - DEU (Version: 10.0.30319) Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.30319) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303) Microsoft Visual Studio 2010 Ultimate - DEU (x32 Version: 10.0.30319) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303) Microsoft Visual Studio Macro Tools - DEU Language Pack (x32 Version: 9.0.30729) Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) MiKTeX 2.9 (x32 Version: 2.9) Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1) Mozilla Maintenance Service (x32 Version: 23.0.1) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MSXML 4.0 SP2 Parser und SDK (x32 Version: 4.20.9818.0) Need for Speed Most Wanted (x32) NetBeans IDE 7.2.1 (Version: 7.2.1) Network64 (Version: 140.0.215.000) Nexon Game Manager (x32) Norton 360 (x32 Version: 20.4.0.40) NVIDIA 3D Vision Treiber 314.22 (Version: 314.22) NVIDIA Grafiktreiber 314.22 (Version: 314.22) NVIDIA HD-Audiotreiber 1.3.13.1 (Version: 1.3.13.1) NVIDIA Install Application (Version: 2.1002.115.743) NVIDIA Optimus 1.12.12 (Version: 1.12.12) NVIDIA PhysX (x32 Version: 9.12.1031) NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422) NVIDIA Systemsteuerung 314.22 (Version: 314.22) NVIDIA Update 1.12.12 (Version: 1.12.12) NVIDIA Update Components (Version: 1.12.12) Opera 12.15 (x32 Version: 12.15.1748) PDF Architect (x32 Version: 1.1.83.9982) PDFCreator (x32 Version: 1.7.0) Programmer's Notepad (x32 Version: 2.3.4.2350) PSpice Student 9.1 (x32) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6685) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.39025) Scan (x32 Version: 140.0.167.000) Secure Download Manager (x32 Version: 3.1.0) Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) (Version: 10.1.2531.0) Skype™ 6.5 (x32 Version: 6.5.158) SpeedFan (remove only) (x32) Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0) Steam (x32 Version: 1.0.0.0) SumatraPDF (x32 Version: 2.2.1) swMSM (x32 Version: 12.0.0.1) TeXnicCenter Version 2.0 Beta 1 (Version: 2.0 Beta 1) think-cell (x32 Version: 5.3.22.242) Toolbox (x32 Version: 140.0.428.000) Unterstützungsdateien für Microsoft SQL Server 2008-Setup (Version: 10.1.2731.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32) Visual Studio 2010 Prerequisites - English (Version: 10.0.30319) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (x32 Version: 4.0.8080.0) VLC media player 2.0.3 (x32 Version: 2.0.3) Web Deployment Tool (Version: 1.1.0618) WebReg (x32 Version: 140.0.213.017) WinFlash (x32 Version: 2.41.1) WinRAR 4.20 (64-Bit) (Version: 4.20.0) WISO Steuer-Sparbuch 2013 (x32 Version: 20.00.8137) XAMPP 1.8.1 (x32) X-Proxy (HKCU Version: 3.3.0.2) ==================== Restore Points ========================= 11-09-2013 15:04:17 Windows Update 12-09-2013 18:55:47 Removed Google Earth. 12-09-2013 19:01:12 Entfernt Paragon Backup and Recovery™ 2013 Plus Edition. 12-09-2013 19:02:49 Entfernt WISO Steuer 2012 ==================== Hosts content: ========================== 2009-07-14 04:34 - 2012-11-22 17:56 - 00003308 ____A D:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {1F134FF2-209A-4FD5-A8C5-7222D7C559B5} - System32\Tasks\NoteBookFanControl => D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\NoteBookFanControl.exe [2013-01-29] (Stefan Hirschmann) Task: {322D65C9-039A-493F-9CB3-207AF98C8295} - System32\Tasks\MATLAB R2013a Startup Accelerator => D:\Program Files\MATLAB\bin\win64\MATLABStartupAccelerator.exe [2013-01-16] () Task: {3510C74C-E7B2-40DF-A624-443ED46117D0} - System32\Tasks\GoogleUpdateTaskMachineCore => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14] (Google Inc.) Task: {3A7054D5-D07B-4378-B53D-F8873B8EB674} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {43177FEF-B178-48C8-9302-8B67A2FC821A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => D:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation) Task: {4BA5F4A0-11C2-4D33-A77B-76871E2FBCE3} - System32\Tasks\Microsoft\Windows Defender\Mp Scheduled Scan => D:\Program Files\Windows Defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {4CD7B3DA-F975-4212-8292-2B000DA62692} - System32\Tasks\ATKOSD2 => D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-06-25] (ASUSTek Computer Inc.) Task: {50E48E30-BF07-45C4-837F-7C9CBBAD9EA2} - System32\Tasks\Norton WSC Integration => D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation) Task: {8FBB32AC-E012-4A7F-A43C-3B2B457ED8AB} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {A640F7C1-C1B4-40B8-A2D4-C1DB9A96B69A} - System32\Tasks\AutoKMSDaily => D:\Windows\AutoKMS.exe Task: {C42E8B1F-D9FC-4429-B419-88A7FA8F514E} - System32\Tasks\ASUS P4G => D:\Program Files\ASUS\P4G\BatteryLife.exe [2012-05-15] (ASUS) Task: {CA6C453F-80A1-4888-AA31-B8C35BC20582} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => D:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation) Task: {D0919686-810B-4592-AB62-3D7814DEA67D} - System32\Tasks\AutoKMS => D:\Windows\AutoKMS.exe Task: {D929D056-31B6-405F-A89E-CEFC0BEB4102} - System32\Tasks\Adobe Flash Player Updater => D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13] (Adobe Systems Incorporated) Task: {DF46D3C6-B505-4616-81AC-C692E2B63303} - System32\Tasks\GoogleUpdateTaskMachineUA => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14] (Google Inc.) Task: {E33FEE13-EDFE-4502-8B92-B2B75AAF7AE1} - System32\Tasks\Norton 360\Norton Error Analyzer => D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {FFAE253B-0EAB-499A-8098-F2B71BDCE016} - System32\Tasks\Norton 360\Norton Error Processor => D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation) Task: D:\Windows\Tasks\Adobe Flash Player Updater.job => D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: D:\Windows\Tasks\AutoKMS.job => D:\Windows\AutoKMS.exe Task: D:\Windows\Tasks\AutoKMSDaily.job => D:\Windows\AutoKMS.exe Task: D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: D:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => D:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: D:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => D:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: D:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job => D:\Program Files\MATLAB\bin\win64\MATLABStartupAccelerator.exe ==================== Loaded Modules (whitelisted) ============= 2013-01-09 21:38 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) D:\Windows\system32\taskhost.exe 2012-09-30 21:47 - 2013-03-15 07:53 - 00250504 _____ (NVIDIA Corporation) D:\Windows\system32\nvinitx.dll 2013-08-30 10:52 - 2013-05-21 06:44 - 00144368 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe 2009-07-14 01:37 - 2009-07-14 03:39 - 00120320 _____ (Microsoft Corporation) D:\Windows\system32\Dwm.exe 2012-09-30 21:47 - 2013-03-15 07:53 - 01118776 _____ (NVIDIA Corporation) D:\Windows\system32\nvumdshimx.dll 2012-09-30 22:36 - 2010-11-20 05:25 - 00464384 _____ (Microsoft Corporation) D:\Windows\system32\taskeng.exe 2012-10-01 01:36 - 2011-02-25 08:19 - 02871808 _____ (Microsoft Corporation) D:\Windows\Explorer.EXE 2013-04-05 00:12 - 2013-04-05 00:12 - 00164016 _____ (Dropbox, Inc.) D:\Users\Hindersmann\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll 2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () D:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2013-08-30 10:50 - 2013-05-29 04:41 - 02656592 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\buShell.dll 2013-08-30 10:50 - 2013-05-21 06:44 - 01060232 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\ccL120U.dll 2013-08-30 10:50 - 2013-05-23 07:25 - 00114056 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\EFACli64.dll 2013-08-30 10:50 - 2013-05-21 06:44 - 00119176 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\ccVrTrst.dll 2013-08-30 10:50 - 2013-05-21 06:44 - 00475528 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\ccSet.dll 2013-08-30 10:50 - 2013-05-21 06:44 - 00231304 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\ccIPC.dll 2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () D:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2013-08-30 10:50 - 2013-05-30 03:23 - 00553264 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\diStRptr.dll 2013-08-30 10:50 - 2013-05-29 04:41 - 00663888 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\buComm.dll 2013-08-30 10:50 - 2013-05-28 19:52 - 01728336 ____R (SwapDrive, Inc.) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\BuEng.dll 2013-08-30 10:50 - 2013-05-21 06:44 - 00443784 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\ccGEvt.dll 2012-09-30 22:08 - 2012-06-09 19:20 - 00196096 _____ (Alexander Roshal) D:\Program Files\WinRAR\rarext.dll 2013-08-30 10:50 - 2013-06-04 06:45 - 00243536 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\NavShExt.dll 2012-09-30 21:48 - 2013-03-15 06:16 - 01016096 _____ (NVIDIA Corporation) D:\Windows\system32\nv3dappshext.dll 2012-09-30 21:47 - 2013-03-15 07:53 - 02864144 _____ (NVIDIA Corporation) D:\Windows\system32\nvapi64.dll 2013-08-11 13:12 - 2013-08-11 13:12 - 00178800 _____ (Sony DADC Austria AG.) d:\windows\SysWOW64\cmdlineext_x64.dll 2012-09-30 21:48 - 2013-03-15 06:16 - 00076064 _____ (NVIDIA Corporation) D:\Windows\system32\Nv3DAppShExtR.dll 2013-02-15 16:46 - 2013-01-29 02:49 - 00544256 _____ (Stefan Hirschmann) D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\NoteBookFanControl.exe 2013-02-15 16:46 - 2013-01-29 02:49 - 00028672 _____ (Stefan Hirschmann) D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\NoteBookFanControlLib.dll 2013-02-15 16:46 - 2012-12-25 10:54 - 00170496 _____ (CodePlex Community) D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\Microsoft.Win32.TaskScheduler.dll 2013-02-15 16:46 - 2013-01-27 23:03 - 00257536 _____ () D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\OpenHardwareMonitorLib.dll 2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () D:\Program Files\ASUS\P4G\DevMng.dll 2012-06-13 19:34 - 2012-06-13 19:34 - 00170304 _____ (Intel Corporation) D:\Windows\System32\igfxtray.exe 2012-06-13 19:34 - 2012-06-13 19:34 - 00438784 _____ (Intel Corporation) D:\Windows\system32\igfxrDEU.lrc 2012-06-13 19:34 - 2012-06-13 19:34 - 00398656 _____ (Intel Corporation) D:\Windows\System32\hkcmd.exe 2012-06-13 19:34 - 2012-06-13 19:34 - 00440128 _____ (Intel Corporation) D:\Windows\System32\igfxpers.exe 2012-06-13 19:34 - 2012-06-13 19:34 - 00094208 _____ () D:\Windows\System32\IccLibDll_x64.dll 2012-09-30 21:51 - 2012-07-13 18:53 - 12936848 _____ (Realtek Semiconductor) D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 2012-09-30 21:51 - 2012-06-20 17:26 - 00110592 _____ (Real Sound Lab SIA) D:\Windows\system32\CONEQMSAPOGUILibrary.dll 2009-07-14 01:57 - 2009-07-14 03:39 - 00045568 _____ (Microsoft Corporation) D:\Windows\System32\rundll32.exe 2013-09-12 21:38 - 2013-09-12 21:38 - 00602112 _____ (OldTimer Tools) D:\Users\Hindersmann\Desktop\OTL.exe 2012-09-30 22:36 - 2010-11-20 05:25 - 00257024 _____ (Microsoft Corporation) D:\Windows\system32\taskmgr.exe 2013-09-12 21:50 - 2013-09-12 21:51 - 01949660 _____ (Farbar) D:\Users\Hindersmann\Desktop\FRST64.exe 2013-08-30 10:51 - 2013-05-21 06:44 - 00705928 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccL120U.dll 2013-08-30 10:52 - 2013-05-21 06:44 - 00089480 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccVrTrst.dll 2013-08-30 10:50 - 2013-05-23 07:25 - 00086408 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\EFACli.dll 2013-08-30 10:52 - 2013-05-21 06:44 - 00157576 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvc.dll 2013-08-30 10:52 - 2013-05-21 06:40 - 00410576 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\srtsp32.dll 2013-08-30 10:51 - 2013-05-21 06:44 - 00159624 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccIPC.dll 2013-08-30 10:52 - 2013-06-04 06:42 - 00548688 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\NPCTRAY.DLL 2013-08-30 10:52 - 2013-05-21 06:44 - 00345480 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSet.dll 2013-08-30 10:50 - 2013-06-04 06:43 - 00962384 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\uiMain.dll 2013-08-30 10:50 - 2013-05-28 09:42 - 02430800 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SYMHTMDX.DLL 2013-08-30 10:52 - 2013-05-30 03:22 - 00320816 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\diStRptr.dll 2013-09-02 16:18 - 2013-06-28 07:17 - 01849168 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\isDataPr.dll 2013-08-30 10:50 - 2013-05-30 04:13 - 01337136 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\MClnTask.dll 2013-08-30 10:50 - 2013-06-04 06:42 - 00548176 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\ASHELPER.DLL 2013-08-30 10:51 - 2013-06-04 06:42 - 00579408 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\ASOEHOOK.DLL 2013-08-30 10:50 - 2013-06-04 06:42 - 00537424 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\AVPAPP32.DLL 2013-08-30 10:51 - 2013-05-29 04:41 - 00263504 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\BUUIPLG.DLL 2013-08-30 10:51 - 2013-05-24 04:09 - 00502664 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\AVIfc.dll 2013-08-30 10:51 - 2013-05-21 06:44 - 00289160 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccGEvt.dll 2013-08-30 10:51 - 2013-05-21 06:44 - 00401288 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccJobMgr.dll 2013-08-30 10:52 - 2013-05-21 00:50 - 02651472 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\CLTALDIS.DLL 2013-08-30 10:52 - 2013-06-04 06:42 - 00528208 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\FWSESAL.DLL 2013-08-30 10:54 - 2013-06-10 19:10 - 00629072 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\MUI\20.4.0.40\07\01\cltRes.loc 2013-08-30 10:50 - 2013-05-21 00:50 - 00932176 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\cltPE.dll 2013-08-30 10:50 - 2013-05-21 00:50 - 01035088 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\cltLMS.dll 2013-09-02 16:18 - 2013-07-03 23:42 - 00821552 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\NAHELPER.DLL 2013-08-30 10:50 - 2013-05-31 03:46 - 00999760 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\CODATAPR.DLL 2013-08-30 10:52 - 2013-05-31 03:48 - 00551760 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coShdObj.dll 2013-08-30 10:50 - 2013-05-31 03:48 - 01397584 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\COACTMGR.DLL 2013-08-30 10:52 - 2012-05-30 08:51 - 00699280 ____R () D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\wincfi39.dll 2013-08-30 10:50 - 2013-06-04 06:42 - 00502608 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\NUEX.DLL 2013-08-30 10:50 - 2013-05-30 04:13 - 01078576 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\DataStor.dll 2013-08-30 10:50 - 2013-05-30 04:13 - 00965936 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Comm.dll 2013-08-30 10:52 - 2013-06-04 06:43 - 00243024 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\QSPLUGIN.DLL 2013-08-30 10:52 - 2012-05-15 03:27 - 00588216 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\SDKCMN.DLL 2013-08-30 10:50 - 2013-05-29 04:41 - 00272208 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\buDataCl.dll 2013-08-30 10:52 - 2013-06-04 06:43 - 00916304 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\UIALERT.DLL 2013-08-30 10:52 - 2013-05-30 04:13 - 00028464 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\USERCTXT.DLL 2013-08-30 10:51 - 2013-05-29 04:41 - 00442192 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\buComm.dll 2013-08-30 10:51 - 2013-05-28 19:52 - 01439056 ____R (SwapDrive, Inc.) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\BuEng.dll 2013-08-30 10:52 - 2013-04-23 11:02 - 00115536 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\tuDataPr.dll 2013-08-30 10:50 - 2013-06-04 06:42 - 03857232 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ncw.dll 2013-08-30 10:50 - 2013-05-24 04:09 - 00284552 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\AppMgr32.dll 2013-04-05 00:12 - 2013-04-05 00:12 - 00130736 _____ (Dropbox, Inc.) D:\Users\Hindersmann\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll 2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () D:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2012-09-30 21:47 - 2013-03-15 07:53 - 00205184 _____ (NVIDIA Corporation) d:\windows\syswow64\nvinit.dll 2012-09-23 20:43 - 2012-09-23 20:43 - 00010240 _____ () D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu 2012-01-08 15:41 - 2012-01-08 15:41 - 00093696 _____ () D:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2013-09-04 20:51 - 2013-09-02 22:35 - 00709584 _____ () D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll 2013-09-04 20:51 - 2013-09-02 22:35 - 00099792 _____ () D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll 2013-09-04 20:51 - 2013-09-02 22:35 - 04053456 _____ () D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll 2013-09-04 20:51 - 2013-09-02 22:35 - 00410576 _____ () D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll 2013-09-04 20:51 - 2013-09-02 22:35 - 01604560 _____ () D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll 2013-09-04 20:51 - 2013-09-02 22:35 - 13599184 _____ () D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: D:\Users\Hindersmann\Lokale Einstellungen:3DKIm1g6EW6OBMRtHWiaBQmID AlternateDataStreams: D:\Users\Hindersmann\AppData\Local:3DKIm1g6EW6OBMRtHWiaBQmID AlternateDataStreams: D:\Users\Hindersmann\AppData\Local\Anwendungsdaten:3DKIm1g6EW6OBMRtHWiaBQmID AlternateDataStreams: D:\Users\Hindersmann\AppData\Local\epDmpGdpihRZQ:uPYHcBRiwDMRwNxgN1AwTc ==================== Faulty Device Manager Devices ============= Name: Cisco Systems VPN Adapter for 64-bit Windows Description: Cisco Systems VPN Adapter for 64-bit Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/12/2013 09:08:13 PM) (Source: Application Hang) (User: ) Description: Programm IEXPLORE.EXE, Version 10.0.9200.16686 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e20 Startzeit: 01ceafeb03c4f3df Endzeit: 11 Anwendungspfad: D:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: Error: (09/12/2013 08:33:00 PM) (Source: Chrome) (User: NT-AUTORITÄT) Description: Chrome has encountered a fatal error. ver=29.0.1547.66;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\cfe4259e-1ee7-4008-876d-39d881c8a0b8.dmp Error: (09/11/2013 06:41:25 AM) (Source: Microsoft-Windows-Defrag) (User: ) Description: Volume "Volume (X:)" wurde aufgrund eines Fehlers nicht defragmentiert: Der Datenträger wurde vom System getrennt. (0x89000011) Error: (09/08/2013 11:16:53 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.6129.5000, Zeitstempel: 0x5082f354 Name des fehlerhaften Moduls: mso.dll, Version: 14.0.6129.5000, Zeitstempel: 0x5082efbe Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004a150 ID des fehlerhaften Prozesses: 0x19a4 Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0 Pfad der fehlerhaften Anwendung: WINWORD.EXE1 Pfad des fehlerhaften Moduls: WINWORD.EXE2 Berichtskennung: WINWORD.EXE3 Error: (09/02/2013 07:09:16 PM) (Source: Chrome) (User: NT-AUTORITÄT) Description: Chrome has encountered a fatal error. ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\66666ffd-9027-4121-9207-80c355b2c96d.dmp Error: (09/02/2013 04:36:25 PM) (Source: Chrome) (User: NT-AUTORITÄT) Description: Chrome has encountered a fatal error. ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\01bd28c5-2a77-42c5-ac80-615703772244.dmp Error: (08/25/2013 00:21:36 PM) (Source: Chrome) (User: NT-AUTORITÄT) Description: Chrome has encountered a fatal error. ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\514754c9-2b93-4443-ac77-582e12a2ffe0.dmp Error: (08/23/2013 08:41:36 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 23.0.1.4974, Zeitstempel: 0x520bc252 Name des fehlerhaften Moduls: xul.dll, Version: 23.0.1.4974, Zeitstempel: 0x520bc166 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0017af08 ID des fehlerhaften Prozesses: 0x1858 Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (08/22/2013 10:07:59 PM) (Source: Chrome) (User: NT-AUTORITÄT) Description: Chrome has encountered a fatal error. ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\0d32d15c-d1b2-481e-ae88-3d56fe421f97.dmp Error: (08/21/2013 07:31:22 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) Description: X:\Dropbox\-Importants\Hindersmann\Mamas Fotos\20130407_195219.jpgACCESS_VIOLATION0x71988c32AVEPROC_TestFile() System errors: ============= Error: (09/12/2013 09:21:31 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (09/12/2013 09:21:31 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (09/12/2013 09:19:48 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/12/2013 09:19:27 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: UimBus Uim_IM Uim_VIM Error: (09/12/2013 09:19:18 PM) (Source: Ntfs) (User: ) Description: Auf dem Volume "X:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Error: (09/12/2013 09:19:18 PM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "X:" den Befehl "chkdsk" aus. Error: (09/12/2013 09:02:22 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (09/12/2013 09:02:22 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (09/12/2013 09:00:37 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/12/2013 08:59:53 PM) (Source: Ntfs) (User: ) Description: Auf dem Volume "X:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Microsoft Office Sessions: ========================= Error: (09/12/2013 09:08:13 PM) (Source: Application Hang)(User: ) Description: IEXPLORE.EXE10.0.9200.16686e2001ceafeb03c4f3df11D:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Error: (09/12/2013 08:33:00 PM) (Source: Chrome)(User: NT-AUTORITÄT) Description: Chrome has encountered a fatal error. ver=29.0.1547.66;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\cfe4259e-1ee7-4008-876d-39d881c8a0b8.dmp Error: (09/11/2013 06:41:25 AM) (Source: Microsoft-Windows-Defrag)(User: ) Description: Volume (X:)Der Datenträger wurde vom System getrennt. (0x89000011) Error: (09/08/2013 11:16:53 PM) (Source: Application Error)(User: ) Description: WINWORD.EXE14.0.6129.50005082f354mso.dll14.0.6129.50005082efbec00000050004a15019a401ceacadb7a973c8D:\PROGRA~2\MIF5BA~1\Office14\WINWORD.EXED:\Program Files (x86)\Common Files\Microsoft Shared\office14\mso.dllfb058412-18cb-11e3-bc9a-c485083c725f Error: (09/02/2013 07:09:16 PM) (Source: Chrome)(User: NT-AUTORITÄT) Description: Chrome has encountered a fatal error. ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\66666ffd-9027-4121-9207-80c355b2c96d.dmp Error: (09/02/2013 04:36:25 PM) (Source: Chrome)(User: NT-AUTORITÄT) Description: Chrome has encountered a fatal error. ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\01bd28c5-2a77-42c5-ac80-615703772244.dmp Error: (08/25/2013 00:21:36 PM) (Source: Chrome)(User: NT-AUTORITÄT) Description: Chrome has encountered a fatal error. ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\514754c9-2b93-4443-ac77-582e12a2ffe0.dmp Error: (08/23/2013 08:41:36 PM) (Source: Application Error)(User: ) Description: firefox.exe23.0.1.4974520bc252xul.dll23.0.1.4974520bc166c00000050017af08185801ce9fff508eb0c2D:\Program Files (x86)\Mozilla Firefox\firefox.exeD:\Program Files (x86)\Mozilla Firefox\xul.dlla31ffac2-0c23-11e3-8d65-c485083c725f Error: (08/22/2013 10:07:59 PM) (Source: Chrome)(User: NT-AUTORITÄT) Description: Chrome has encountered a fatal error. ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\0d32d15c-d1b2-481e-ae88-3d56fe421f97.dmp Error: (08/21/2013 07:31:22 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT) Description: X:\Dropbox\-Importants\Hindersmann\Mamas Fotos\20130407_195219.jpgACCESS_VIOLATION0x71988c32AVEPROC_TestFile() CodeIntegrity Errors: =================================== Date: 2013-02-14 22:31:14.643 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-14 22:31:14.580 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-14 17:25:22.150 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-14 17:25:22.116 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 25% Total physical RAM: 10125.56 MB Available physical RAM: 7590.81 MB Total Pagefile: 20249.31 MB Available Pagefile: 17344.61 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Daten) (Fixed) (Total:931.51 GB) (Free:191.97 GB) NTFS Drive d: (Volume) (Fixed) (Total:119.24 GB) (Free:19.1 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive x: (Volume) (Fixed) (Total:22.36 GB) (Free:7.3 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 6557BC93) Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1536 GB) (Disk ID: BFD3409A) Partition 1: (Not Active) - (Size=22 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 88D7BB49) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Geändert von HansaHans (12.09.2013 um 21:20 Uhr) |
|
12.09.2013, 21:15
| #2 |
| | Windows 7: PC ist sehr langsam und hängt unregelmäßig einige SekundenCode:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-12 22:01:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\000000a2 SAMSUNG_ rev.2AR1 931,51GB
Running: gmer_2.1.19163.exe; Driver: D:\Users\HINDER~1\AppData\Local\Temp\axlcqpoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG D:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff80003403000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG D:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff8000340302f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007735efe0 5 bytes JMP 000000016fff0148
.text D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773899b0 7 bytes JMP 000000016fff00d8
.text D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773994d0 5 bytes JMP 000000016fff0180
.text D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077399640 5 bytes JMP 000000016fff0110
.text D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773ba500 7 bytes JMP 000000016fff01b8
.text D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\ole32.dll!CoCreateInstance 000007feff607490 11 bytes JMP 000007fffd5e0228
.text D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff61bf00 7 bytes JMP 000007fffd5e0260
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000767613e1 7 bytes JMP 00000001707412ad
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007677b1d3 5 bytes JMP 00000001707415be
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767f88b4 7 bytes JMP 0000000170741357
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767f8939 5 bytes JMP 00000001707416e0
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767f8c8f 5 bytes JMP 0000000170741028
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076701d1b 5 bytes JMP 00000001707411ef
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076701dc9 5 bytes JMP 0000000170741023
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076702aa4 5 bytes JMP 000000017074156e
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076702d0a 5 bytes JMP 0000000170741294
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000170741050
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001707410d2
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007625e9a2 5 bytes JMP 00000001707415d7
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007625ebdc 5 bytes JMP 00000001707411b8
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076e25ea5 5 bytes JMP 0000000170741609
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076e59d0b 5 bytes JMP 0000000170741249
.text D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000767613e1 7 bytes JMP 00000001707412ad
.text D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007677b1d3 5 bytes JMP 00000001707415be
.text D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767f88b4 7 bytes JMP 0000000170741357
.text D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767f8939 5 bytes JMP 00000001707416e0
.text D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767f8c8f 5 bytes JMP 0000000170741028
.text D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076701d1b 5 bytes JMP 00000001707411ef
.text D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076701dc9 5 bytes JMP 0000000170741023
.text D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076702aa4 5 bytes JMP 000000017074156e
.text D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076702d0a 5 bytes JMP 0000000170741294
.text D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000170741050
.text D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001707410d2
.text D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007625e9a2 5 bytes JMP 00000001707415d7
.text D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007625ebdc 5 bytes JMP 00000001707411b8
.text D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076e25ea5 5 bytes JMP 0000000170741609
.text D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076e59d0b 5 bytes JMP 0000000170741249
.text D:\Windows\system32\Dwm.exe[3812] D:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text D:\Windows\system32\Dwm.exe[3812] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text D:\Windows\system32\Dwm.exe[3812] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text D:\Windows\system32\Dwm.exe[3812] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text D:\Windows\system32\Dwm.exe[3812] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text D:\Windows\system32\Dwm.exe[3812] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text D:\Windows\system32\Dwm.exe[3812] D:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef54edc88 5 bytes JMP 000007fff54c00d8
.text D:\Windows\system32\Dwm.exe[3812] D:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef54ede10 5 bytes JMP 000007fff54c0110
.text D:\Windows\system32\taskeng.exe[3820] D:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text D:\Windows\system32\taskeng.exe[3820] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text D:\Windows\system32\taskeng.exe[3820] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text D:\Windows\system32\taskeng.exe[3820] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text D:\Windows\system32\taskeng.exe[3820] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text D:\Windows\system32\taskeng.exe[3820] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text D:\Windows\system32\taskeng.exe[3820] D:\Windows\system32\ole32.dll!CoCreateInstance 000007feff607490 11 bytes JMP 000007fffd5e0228
.text D:\Windows\system32\taskeng.exe[3820] D:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff61bf00 7 bytes JMP 000007fffd5e0260
.text D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\NoteBookFanControl.exe[3952] D:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\NoteBookFanControl.exe[3952] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\NoteBookFanControl.exe[3952] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\NoteBookFanControl.exe[3952] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text D:\Program Files\ASUS\P4G\BatteryLife.exe[3964] D:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007735efe0 5 bytes JMP 000000016fff0148
.text D:\Program Files\ASUS\P4G\BatteryLife.exe[3964] D:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773899b0 7 bytes JMP 000000016fff00d8
.text D:\Program Files\ASUS\P4G\BatteryLife.exe[3964] D:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773994d0 5 bytes JMP 000000016fff0180
.text D:\Program Files\ASUS\P4G\BatteryLife.exe[3964] D:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077399640 5 bytes JMP 000000016fff0110
.text D:\Program Files\ASUS\P4G\BatteryLife.exe[3964] D:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773ba500 7 bytes JMP 000000016fff01b8
.text D:\Program Files\ASUS\P4G\BatteryLife.exe[3964] D:\Windows\system32\ole32.dll!CoCreateInstance 000007feff607490 11 bytes JMP 000007fffd5e0228
.text D:\Program Files\ASUS\P4G\BatteryLife.exe[3964] D:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff61bf00 7 bytes JMP 000007fffd5e0260
.text D:\Windows\system32\taskeng.exe[3992] D:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text D:\Windows\system32\taskeng.exe[3992] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text D:\Windows\system32\taskeng.exe[3992] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text D:\Windows\system32\taskeng.exe[3992] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text D:\Windows\system32\taskeng.exe[3992] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text D:\Windows\system32\taskeng.exe[3992] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text D:\Windows\system32\taskeng.exe[3992] D:\Windows\system32\ole32.dll!CoCreateInstance 000007feff607490 11 bytes JMP 000007fffd5e0228
.text D:\Windows\system32\taskeng.exe[3992] D:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff61bf00 7 bytes JMP 000007fffd5e0260
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000767613e1 7 bytes JMP 00000001707412ad
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007677b1d3 5 bytes JMP 00000001707415be
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767f88b4 7 bytes JMP 0000000170741357
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767f8939 5 bytes JMP 00000001707416e0
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767f8c8f 5 bytes JMP 0000000170741028
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076701d1b 5 bytes JMP 00000001707411ef
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076701dc9 5 bytes JMP 0000000170741023
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076702aa4 5 bytes JMP 000000017074156e
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076702d0a 5 bytes JMP 0000000170741294
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000170741050
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001707410d2
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007625e9a2 5 bytes JMP 00000001707415d7
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007625ebdc 5 bytes JMP 00000001707411b8
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076e25ea5 5 bytes JMP 0000000170741609
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076e59d0b 5 bytes JMP 0000000170741249
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000767613e1 7 bytes JMP 00000001707412ad
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007677b1d3 5 bytes JMP 00000001707415be
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767f88b4 7 bytes JMP 0000000170741357
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767f8939 5 bytes JMP 00000001707416e0
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767f8c8f 5 bytes JMP 0000000170741028
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076701d1b 5 bytes JMP 00000001707411ef
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076701dc9 5 bytes JMP 0000000170741023
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076702aa4 5 bytes JMP 000000017074156e
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076702d0a 5 bytes JMP 0000000170741294
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000170741050
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001707410d2
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007625e9a2 5 bytes JMP 00000001707415d7
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007625ebdc 5 bytes JMP 00000001707411b8
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076e25ea5 5 bytes JMP 0000000170741609
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076e59d0b 5 bytes JMP 0000000170741249
.text D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000767613e1 7 bytes JMP 00000001707412ad
.text D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007677b1d3 5 bytes JMP 00000001707415be
.text D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767f88b4 7 bytes JMP 0000000170741357
.text D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767f8939 5 bytes JMP 00000001707416e0
.text D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767f8c8f 5 bytes JMP 0000000170741028
.text D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076701d1b 5 bytes JMP 00000001707411ef
.text D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076701dc9 5 bytes JMP 0000000170741023
.text D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076702aa4 5 bytes JMP 000000017074156e
.text D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076702d0a 5 bytes JMP 0000000170741294
.text D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000170741050
.text D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001707410d2
.text D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007625e9a2 5 bytes JMP 00000001707415d7
.text D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007625ebdc 5 bytes JMP 00000001707411b8
.text D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076e25ea5 5 bytes JMP 0000000170741609
.text D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076e59d0b 5 bytes JMP 0000000170741249
.text D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007735efe0 5 bytes JMP 000000016fff0148
.text D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773899b0 7 bytes JMP 000000016fff00d8
.text D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773994d0 5 bytes JMP 000000016fff0180
.text D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077399640 5 bytes JMP 000000016fff0110
.text D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773ba500 7 bytes JMP 000000016fff01b8
.text D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\ole32.dll!CoCreateInstance 000007feff607490 11 bytes JMP 000007fffd5e0228
.text D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff61bf00 7 bytes JMP 000007fffd5e0260
.text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007735efe0 5 bytes JMP 000000016fff0148
.text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773899b0 7 bytes JMP 000000016fff00d8
.text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773994d0 5 bytes JMP 000000016fff0180
.text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077399640 5 bytes JMP 000000016fff0110
.text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773ba500 7 bytes JMP 000000016fff01b8
.text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\ole32.dll!CoCreateInstance 000007feff607490 11 bytes JMP 000007fffd5e0228
.text D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff61bf00 7 bytes JMP 000007fffd5e0260
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000767613e1 7 bytes JMP 00000001707412ad
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007677b1d3 5 bytes JMP 00000001707415be
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767f88b4 7 bytes JMP 0000000170741357
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767f8939 5 bytes JMP 00000001707416e0
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767f8c8f 5 bytes JMP 0000000170741028
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076701d1b 5 bytes JMP 00000001707411ef
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076701dc9 5 bytes JMP 0000000170741023
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076702aa4 5 bytes JMP 000000017074156e
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076702d0a 5 bytes JMP 0000000170741294
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000170741050
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001707410d2
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007625e9a2 5 bytes JMP 00000001707415d7
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007625ebdc 5 bytes JMP 00000001707411b8
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076e25ea5 5 bytes JMP 0000000170741609
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076e59d0b 5 bytes JMP 0000000170741249
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f71465 2 bytes [F7, 76]
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f714bb 2 bytes [F7, 76]
.text ... * 2
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007735efe0 5 bytes JMP 000000016fff0148
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773899b0 7 bytes JMP 000000016fff00d8
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773994d0 5 bytes JMP 000000016fff0180
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077399640 5 bytes JMP 000000016fff0110
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773ba500 7 bytes JMP 000000016fff01b8
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\ole32.dll!CoCreateInstance 000007feff607490 11 bytes JMP 000007fffd5e0228
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff61bf00 7 bytes JMP 000007fffd5e0260
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007735efe0 5 bytes JMP 000000016fff0148
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773899b0 7 bytes JMP 000000016fff00d8
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773994d0 5 bytes JMP 000000016fff0180
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077399640 5 bytes JMP 000000016fff0110
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773ba500 7 bytes JMP 000000016fff01b8
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\ole32.dll!CoCreateInstance 000007feff607490 11 bytes JMP 000007fffd5e0228
.text D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff61bf00 7 bytes JMP 000007fffd5e0260
.text D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007735efe0 5 bytes JMP 000000016fff0148
.text D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773899b0 7 bytes JMP 000000016fff00d8
.text D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773994d0 5 bytes JMP 000000016fff0180
.text D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077399640 5 bytes JMP 000000016fff0110
.text D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773ba500 7 bytes JMP 000000016fff01b8
.text D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\ole32.dll!CoCreateInstance 000007feff607490 11 bytes JMP 000007fffd5e0228
.text D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff61bf00 7 bytes JMP 000007fffd5e0260
.text D:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4480] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f71465 2 bytes [F7, 76]
.text D:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4480] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f714bb 2 bytes [F7, 76]
.text ... * 2
.text D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000767613e1 7 bytes JMP 00000001707412ad
.text D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007677b1d3 5 bytes JMP 00000001707415be
.text D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767f88b4 7 bytes JMP 0000000170741357
.text D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767f8939 5 bytes JMP 00000001707416e0
.text D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767f8c8f 5 bytes JMP 0000000170741028
.text D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076701d1b 5 bytes JMP 00000001707411ef
.text D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076701dc9 5 bytes JMP 0000000170741023
.text D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076702aa4 5 bytes JMP 000000017074156e
.text D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076702d0a 5 bytes JMP 0000000170741294
.text D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007625e9a2 5 bytes JMP 00000001707415d7
.text D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007625ebdc 5 bytes JMP 00000001707411b8
.text D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000170741050
.text D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001707410d2
.text D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076e25ea5 5 bytes JMP 0000000170741609
.text D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076e59d0b 5 bytes JMP 0000000170741249
.text D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000767613e1 7 bytes JMP 00000001707412ad
.text D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007677b1d3 5 bytes JMP 00000001707415be
.text D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767f88b4 7 bytes JMP 0000000170741357
.text D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767f8939 5 bytes JMP 00000001707416e0
.text D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767f8c8f 5 bytes JMP 0000000170741028
.text D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076701d1b 5 bytes JMP 00000001707411ef
.text D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076701dc9 5 bytes JMP 0000000170741023
.text D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076702aa4 5 bytes JMP 000000017074156e
.text D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076702d0a 5 bytes JMP 0000000170741294
.text D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007625e9a2 5 bytes JMP 00000001707415d7
.text D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007625ebdc 5 bytes JMP 00000001707411b8
.text D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000170741050
.text D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001707410d2
.text D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076e25ea5 5 bytes JMP 0000000170741609
.text D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076e59d0b 5 bytes JMP 0000000170741249
.text D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007735efe0 5 bytes JMP 000000016fff0148
.text D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773899b0 7 bytes JMP 000000016fff00d8
.text D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773994d0 5 bytes JMP 000000016fff0180
.text D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077399640 5 bytes JMP 000000016fff0110
.text D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773ba500 7 bytes JMP 000000016fff01b8
.text D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000767613e1 7 bytes JMP 00000001707412ad
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007677b1d3 5 bytes JMP 00000001707415be
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767f88b4 7 bytes JMP 0000000170741357
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767f8939 5 bytes JMP 00000001707416e0
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767f8c8f 5 bytes JMP 0000000170741028
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076701d1b 5 bytes JMP 00000001707411ef
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076701dc9 5 bytes JMP 0000000170741023
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076702aa4 5 bytes JMP 000000017074156e
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076702d0a 5 bytes JMP 0000000170741294
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000170741050
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001707410d2
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007625e9a2 5 bytes JMP 00000001707415d7
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007625ebdc 5 bytes JMP 00000001707411b8
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076e25ea5 5 bytes JMP 0000000170741609
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076e59d0b 5 bytes JMP 0000000170741249
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000767613e1 7 bytes JMP 00000001707412ad
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007677b1d3 5 bytes JMP 00000001707415be
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767f88b4 7 bytes JMP 0000000170741357
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767f8939 5 bytes JMP 00000001707416e0
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767f8c8f 5 bytes JMP 0000000170741028
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076701d1b 5 bytes JMP 00000001707411ef
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076701dc9 5 bytes JMP 0000000170741023
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076702aa4 5 bytes JMP 000000017074156e
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076702d0a 5 bytes JMP 0000000170741294
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000170741050
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001707410d2
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007625e9a2 5 bytes JMP 00000001707415d7
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007625ebdc 5 bytes JMP 00000001707411b8
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076e25ea5 5 bytes JMP 0000000170741609
.text D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076e59d0b 5 bytes JMP 0000000170741249
.text D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000767613e1 7 bytes JMP 00000001707412ad
.text D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007677b1d3 5 bytes JMP 00000001707415be
.text D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767f88b4 7 bytes JMP 0000000170741357
.text D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767f8939 5 bytes JMP 00000001707416e0
.text D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767f8c8f 5 bytes JMP 0000000170741028
.text D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076701d1b 5 bytes JMP 00000001707411ef
.text D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076701dc9 5 bytes JMP 0000000170741023
.text D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076702aa4 5 bytes JMP 000000017074156e
.text D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076702d0a 5 bytes JMP 0000000170741294
.text D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000170741050
.text D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001707410d2
.text D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007625e9a2 5 bytes JMP 00000001707415d7
.text D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007625ebdc 5 bytes JMP 00000001707411b8
.text D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076e25ea5 5 bytes JMP 0000000170741609
.text D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076e59d0b 5 bytes JMP 0000000170741249
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007735efe0 5 bytes JMP 000000016fff0148
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773899b0 7 bytes JMP 000000016fff00d8
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773994d0 5 bytes JMP 000000016fff0180
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077399640 5 bytes JMP 000000016fff0110
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\kernel32.dll!RegSetValueExA 00000000773ba500 7 bytes JMP 000000016fff01b8
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007773fcb0 5 bytes JMP 00000001002a091c
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007773fe14 5 bytes JMP 00000001002a0048
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007773fea8 5 bytes JMP 00000001002a02ee
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077740004 5 bytes JMP 00000001002a04b2
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077740038 5 bytes JMP 00000001002a09fe
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077740068 5 bytes JMP 00000001002a0ae0
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077740084 5 bytes JMP 0000000100020050
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007774079c 5 bytes JMP 00000001002a012a
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007774088c 5 bytes JMP 00000001002a0758
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777408a4 5 bytes JMP 00000001002a0676
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077740df4 5 bytes JMP 00000001002a03d0
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077741920 5 bytes JMP 00000001002a0594
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077741be4 5 bytes JMP 00000001002a083a
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077741d70 5 bytes JMP 00000001002a020c
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000767613e1 7 bytes JMP 00000001707412ad
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007677b1d3 5 bytes JMP 00000001707415be
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767f88b4 7 bytes JMP 0000000170741357
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767f8939 5 bytes JMP 00000001707416e0
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767f8c8f 5 bytes JMP 0000000170741028
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076701d1b 5 bytes JMP 00000001707411ef
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076701dc9 5 bytes JMP 0000000170741023
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076702aa4 5 bytes JMP 000000017074156e
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076702d0a 5 bytes JMP 0000000170741294
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076b0524f 7 bytes JMP 00000001002a0f52
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076b053d0 7 bytes JMP 00000001002b0210
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076b05677 1 byte JMP 00000001002b0048
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076b05679 5 bytes {JMP 0xffffffff897aa9d1}
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076b0589a 7 bytes JMP 00000001002a0ca6
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076b05a1d 7 bytes JMP 00000001002b03d8
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076b05c9b 7 bytes JMP 00000001002b012c
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076b05d87 7 bytes JMP 00000001002b02f4
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076b07240 7 bytes JMP 00000001002a0e6e
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007625e9a2 5 bytes JMP 00000001707415d7
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007625ebdc 5 bytes JMP 00000001707411b8
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000170741050
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001707410d2
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075ff1492 7 bytes JMP 00000001002b04bc
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076e25ea5 5 bytes JMP 0000000170741609
.text D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076e59d0b 5 bytes JMP 0000000170741249
---- Threads - GMER 2.1 ----
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2376] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2392] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2396] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2400] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2404] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2408] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2412] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2420] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2424] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2428] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2452] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2456] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2460] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2552] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2556] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2608] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2612] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2616] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2620] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2624] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2628] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2632] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:3244] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:3260] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:3284] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:3732] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:3756] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:3776] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:3780] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:3796] 00000000719f3810
Thread D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:5448] 00000000719f3810
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c485083c725f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c485083c725f@8c771281e1e3 0x86 0x07 0x84 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c485083c725f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c485083c725f@8c771281e1e3 0x86 0x07 0x84 0xB5 ...
---- EOF - GMER 2.1 ----
|
|
12.09.2013, 21:23
| #3 |
| | Windows 7: PC ist sehr langsam und hängt unregelmäßig einige Sekunden Darüber hinaus ein OTL-Bericht:
__________________Code:
ATTFilter OTL logfile created on: 12.09.2013 21:41:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Hindersmann\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16686) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 9,89 Gb Total Physical Memory | 7,87 Gb Available Physical Memory | 79,59% Memory free 19,77 Gb Paging File | 17,40 Gb Available in Paging File | 87,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 191,97 Gb Free Space | 20,61% Space Free | Partition Type: NTFS Drive D: | 119,24 Gb Total Space | 19,24 Gb Free Space | 16,13% Space Free | Partition Type: NTFS Drive X: | 22,36 Gb Total Space | 7,30 Gb Free Space | 32,63% Space Free | Partition Type: NTFS Computer Name: HINDERSMANN-PC | User Name: Hindersmann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.09.12 21:38:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Hindersmann\Desktop\OTL.exe PRC - [2013.09.05 16:04:16 | 003,478,392 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe PRC - [2013.09.02 22:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- D:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013.07.15 20:41:27 | 000,217,992 | ---- | M] (Google Inc.) -- D:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe PRC - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) -- D:\Program Files (x86)\PDF Architect\HelperService.exe PRC - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) -- D:\Program Files (x86)\PDF Architect\ConversionService.exe PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.09.11 09:43:14 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe PRC - [2012.07.17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.06.27 12:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.06.25 17:19:24 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2012.06.25 15:54:28 | 000,322,208 | ---- | M] (ASUSTek Computer Inc.) -- D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2012.06.25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.06.19 13:59:04 | 000,174,752 | ---- | M] (ASUSTek Computer Inc.) -- D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2012.06.01 15:40:06 | 001,104,240 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012.06.01 15:40:04 | 001,304,944 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2012.06.01 15:40:00 | 001,014,128 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012.06.01 15:39:58 | 000,936,304 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2012.05.21 00:26:26 | 000,291,648 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.05.03 15:13:10 | 000,309,888 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe PRC - [2012.04.13 10:14:00 | 000,277,120 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe PRC - [2012.02.20 11:31:06 | 000,019,968 | ---- | M] () -- D:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe PRC - [2012.02.20 11:31:06 | 000,018,944 | ---- | M] () -- D:\Windows\SysWOW64\DptfParticipantProcessorService.exe PRC - [2011.11.21 14:22:08 | 000,080,512 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2011.11.21 14:19:50 | 000,096,896 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe ========== Modules (No Company Name) ========== MOD - [2013.09.02 22:35:56 | 000,410,576 | ---- | M] () -- D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll MOD - [2013.09.02 22:35:54 | 004,053,456 | ---- | M] () -- D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll MOD - [2013.09.02 22:35:04 | 000,709,584 | ---- | M] () -- D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll MOD - [2013.09.02 22:35:03 | 000,099,792 | ---- | M] () -- D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll MOD - [2013.09.02 22:35:01 | 001,604,560 | ---- | M] () -- D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll MOD - [2012.09.23 20:43:58 | 000,010,240 | ---- | M] () -- D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu MOD - [2012.06.24 07:58:00 | 000,004,096 | ---- | M] () -- D:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\wincfi39.dll MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- D:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- D:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ========== Services (SafeList) ========== SRV - [2013.08.28 23:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.08.21 17:03:15 | 000,117,656 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.13 22:50:29 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) [Auto | Running] -- D:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) [Auto | Running] -- D:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.06.27 12:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.06.25 16:06:30 | 003,325,232 | ---- | M] (Intel® Corporation) [Auto | Running] -- D:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2012.06.25 16:06:08 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- D:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2012.06.25 16:05:54 | 000,628,016 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- D:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2012.06.25 16:05:28 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- D:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2012.06.25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.06.13 19:34:30 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- D:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.06.01 15:40:06 | 001,104,240 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012.06.01 15:40:04 | 001,304,944 | ---- | M] (Intel Corporation) [On_Demand | Running] -- D:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2012.06.01 15:40:00 | 001,014,128 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012.04.23 17:23:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- D:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2012.04.20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- D:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.04.13 10:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn) SRV - [2012.03.15 07:09:20 | 000,659,976 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2012.02.20 11:31:06 | 000,019,968 | ---- | M] () [Auto | Running] -- D:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService) SRV - [2012.02.20 11:31:06 | 000,018,944 | ---- | M] () [Auto | Running] -- D:\Windows\SysWOW64\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService) SRV - [2011.11.21 14:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2011.11.21 14:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.05.28 04:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- D:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.07.21 02:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.30 04:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV - [2009.03.30 04:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SRV - [2008.07.10 05:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.08.30 10:54:49 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013.06.28 12:40:28 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013.05.23 07:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA) DRV:64bit: - [2013.05.21 07:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS) DRV:64bit: - [2013.05.16 07:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013.04.25 02:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS) DRV:64bit: - [2013.04.16 04:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360) DRV:64bit: - [2013.03.15 07:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2013.03.05 03:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON) DRV:64bit: - [2013.03.05 03:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012.12.06 13:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012.09.13 15:49:36 | 000,633,552 | ---- | M] (Paragon) [Kernel | System | Stopped] -- D:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM) DRV:64bit: - [2012.09.13 15:49:36 | 000,390,224 | ---- | M] (Paragon) [Kernel | System | Stopped] -- D:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM) DRV:64bit: - [2012.09.13 15:49:36 | 000,090,960 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- D:\Windows\SysNative\drivers\uimx64.sys -- (UimBus) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.13 19:34:20 | 014,759,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.06.04 17:23:04 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.05.21 00:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.05.21 00:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.05.21 00:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.03.21 11:13:14 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2012.03.19 17:43:42 | 000,314,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR) DRV:64bit: - [2012.03.15 06:02:46 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012.03.15 06:02:46 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- D:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.20 11:31:06 | 000,357,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\DptfManager.sys -- (DptfManager) DRV:64bit: - [2012.02.20 11:31:06 | 000,220,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\DptfDevProc.sys -- (DptfDevProc) DRV:64bit: - [2012.02.20 11:31:06 | 000,107,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\DptfDevDram.sys -- (DptfDevDram) DRV:64bit: - [2012.02.20 11:31:06 | 000,096,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\DptfDevPch.sys -- (DptfDevPch) DRV:64bit: - [2012.02.20 11:31:06 | 000,064,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\DptfDevGen.sys -- (DptfDevGen) DRV:64bit: - [2012.02.20 11:31:06 | 000,042,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\DptfDevFan.sys -- (DptfDevFan) DRV:64bit: - [2012.02.13 09:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2012.02.13 08:53:54 | 000,095,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.12.12 02:37:50 | 000,015,656 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ETDKbdf.sys -- (ETDKbdf) DRV:64bit: - [2011.12.12 02:37:28 | 000,205,608 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.14 02:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\acpials.sys -- (acpials) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2013.09.04 00:26:27 | 001,525,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130903.002\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.08.30 03:14:10 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130912.001\ex64.sys -- (NAVEX15) DRV - [2013.08.30 03:14:10 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013.08.30 03:14:10 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.08.30 03:14:10 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130912.001\eng64.sys -- (NAVENG) DRV - [2013.08.29 17:04:30 | 000,520,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130911.001\IDSviA64.sys -- (IDSVia64) DRV - [2011.09.07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- D:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2010.01.05 17:01:02 | 000,013,440 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\ASUS\WinFlash\bsitf64.sys -- (bsitf) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- D:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 BB F1 DA 55 2D CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B44DC485083C725C&affID=119779&tt=250613_gr3&tsp=4924 IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=o0&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: D:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: D:\Program Files (x86)\Adobe\Photoshop\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: D:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: D:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: D:\Program Files (x86)\Adobe\Photoshop\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: D:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.05.28 17:44:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.06.18 22:31:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2013.09.12 21:22:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013.08.29 23:27:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.30 22:11:40 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\Extensions [2013.08.07 22:47:30 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\Firefox\Profiles\6ozsalbr.default\extensions [2012.11.11 16:49:17 | 000,000,000 | ---D | M] (EPUBReader) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\Firefox\Profiles\6ozsalbr.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013.08.07 22:47:30 | 001,400,372 | ---- | M] () (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\extensions\fpw@informatik.tu-darmstadt.de.xpi [2013.07.27 14:35:04 | 000,050,777 | ---- | M] () (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\extensions\groovesharkUnlocker@overlord1337.xpi [2013.04.17 15:50:46 | 000,201,930 | ---- | M] () (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\extensions\hdvc@hdvc.com.xpi [2013.08.02 15:02:50 | 000,224,035 | ---- | M] () (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013.08.02 15:02:52 | 000,824,302 | ---- | M] () (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.01 01:40:28 | 000,434,392 | ---- | M] () (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013.06.25 17:59:16 | 000,006,545 | ---- | M] () -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\searchplugins\babylon.xml [2013.06.25 17:59:30 | 000,001,294 | ---- | M] () -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\searchplugins\delta.xml [2012.10.03 14:34:33 | 000,003,915 | ---- | M] () -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\searchplugins\sweetim.xml [2013.06.25 17:59:39 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\mozilla firefox\Extensions [2013.05.29 20:38:34 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\mozilla firefox\browser\extensions [2013.08.21 17:03:15 | 000,000,000 | ---D | M] (Default) -- D:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B44DC485083C725C&affID=119779&tt=250613_gr3&tsp=4924 CHR - plugin: Shockwave Flash (Enabled) = D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = D:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Intel Identity Protection Technology (Enabled) = D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel Identity Protection Technology (Enabled) = D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = D:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = D:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - Extension: YouTube = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Grooveshark Germany unlocker = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\ CHR - Extension: Grooveshark Germany unlocker = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\.orig CHR - Extension: Adobe Acrobat PDF-Datei erstellen = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0\ CHR - Extension: Click to activate/deactivate ProxTube = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclefogcenncfmmekelnpgpehiglcjln\1.2.4_0\ CHR - Extension: ZenMate for Google Chrome\u2122 = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme\2.9_0\ CHR - Extension: AdBlock = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0\ CHR - Extension: IP-Adresse = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjndloejlcbpkholmagjbddfkjmmploh\1.10_0\ CHR - Extension: Porsche = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3_0\ CHR - Extension: IP-Adresse = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml\7.1_0\ CHR - Extension: Downloaders = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\ CHR - Extension: Norton Identity Protection = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\ CHR - Extension: Chrome In-App Payments service = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\ CHR - Extension: YouTube Unblocker = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.4.4_0\ CHR - Extension: Type Fu = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\okboeogmnhjpgbeaokfogelclpblaemo\2.0.0_0\ CHR - Extension: Google Mail = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.11.22 17:56:51 | 000,003,308 | ---- | M]) - D:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 3dns.adobe.com O1 - Hosts: 127.0.0.1 3dns-1.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com O1 - Hosts: 127.0.0.1 hh-software.com O1 - Hosts: 127.0.0.1 www.hh-software.com O1 - Hosts: 57 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (ASUS Browser Extension x64) - {78234974-0C4B-4111-BDEB-D9A104418772} - D:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.) O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - D:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ASUS Browser Extension x86) - {78234974-0C4B-4111-BDEB-D9A104418771} - D:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.) O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - D:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH) O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [ASUSQuickGesture(x64)] D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) O4:64bit: - HKLM..\Run: [ASUSQuickGesture(x86)] D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.) O4:64bit: - HKLM..\Run: [ASUSTPLoader(x64)] D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (AsusTek) O4:64bit: - HKLM..\Run: [BTMTrayAgent] D:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [ETDCtrl] D:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] D:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] D:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] D:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [ATKMEDIA] D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ATKOSD2] D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HControlUser] D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [USB3MON] D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [GoogleChromeAutoLaunch_928877A4C7DF6A5F4EDCBFA23A443A70] D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - Startup: D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = D:\Users\Hindersmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{592C9F95-DECF-4FD6-A9A3-A11C6947E061}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - D:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (D:\Windows\system32\nvinitx.dll) - D:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (d:\windows\syswow64\nvinit.dll) - d:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) - D:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - D:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - D:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4ec2eb6d-1938-11e2-82ef-c485083c725f}\Shell - "" = AutoRun O33 - MountPoints2\{4ec2eb6d-1938-11e2-82ef-c485083c725f}\Shell\AutoRun\command - "" = F:\Password.exe O33 - MountPoints2\{f82d4048-a2d6-11e2-bbb4-c485083c725f}\Shell - "" = AutoRun O33 - MountPoints2\{f82d4048-a2d6-11e2-bbb4-c485083c725f}\Shell\AutoRun\command - "" = F:\auvisio.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.09.12 21:38:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\Hindersmann\Desktop\OTL.exe [2013.09.12 16:45:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\SysNative\drivers\mbam.sys [2013.09.12 16:45:21 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.09.12 16:45:21 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.09.12 16:40:56 | 000,000,000 | ---D | C] -- D:\ProgramData\Spybot - Search & Destroy [2013.09.11 17:28:25 | 000,391,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll [2013.09.11 17:28:24 | 000,526,336 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\ieui.dll [2013.09.11 17:28:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesetup.dll [2013.09.11 17:28:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\iesetup.dll [2013.09.11 17:28:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\iernonce.dll [2013.09.11 17:28:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iernonce.dll [2013.09.11 17:28:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.09.11 17:28:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesysprep.dll [2013.09.11 17:28:08 | 000,051,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\ie4uinit.exe [2013.09.11 17:28:05 | 000,136,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\iesysprep.dll [2013.09.11 17:28:05 | 000,089,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\RegisterIEPKEYs.exe [2013.09.11 17:27:54 | 000,603,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\msfeeds.dll [2013.09.11 17:27:53 | 003,959,296 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\jscript9.dll [2013.09.11 17:27:53 | 000,855,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\jscript.dll [2013.09.11 17:27:53 | 000,690,688 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll [2013.09.11 16:55:13 | 000,155,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\drivers\ataport.sys [2013.09.11 16:55:12 | 003,968,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntkrnlpa.exe [2013.09.11 16:55:12 | 003,913,664 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntoskrnl.exe [2013.09.11 16:55:11 | 005,550,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\ntoskrnl.exe [2013.09.11 16:55:11 | 001,732,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\ntdll.dll [2013.09.11 16:55:11 | 001,161,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\kernel32.dll [2013.09.11 16:55:11 | 000,424,448 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\KernelBase.dll [2013.09.11 16:55:11 | 000,362,496 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\wow64win.dll [2013.09.11 16:55:11 | 000,338,432 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\conhost.exe [2013.09.11 16:55:11 | 000,243,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\wow64.dll [2013.09.11 16:55:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\winsrv.dll [2013.09.11 16:55:11 | 000,112,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\smss.exe [2013.09.11 16:55:11 | 000,043,520 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\csrsrv.dll [2013.09.11 16:55:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\setup16.exe [2013.09.11 16:55:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\ntvdm64.dll [2013.09.11 16:55:11 | 000,014,336 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntvdm64.dll [2013.09.11 16:55:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\wow64cpu.dll [2013.09.11 16:55:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\instnm.exe [2013.09.11 16:55:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\apisetschema.dll [2013.09.11 16:55:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\apisetschema.dll [2013.09.11 16:55:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.09.11 16:55:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.09.11 16:55:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.09.11 16:55:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.09.11 16:55:11 | 000,005,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\wow32.dll [2013.09.11 16:55:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.09.11 16:55:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.09.11 16:55:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.09.11 16:55:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.09.11 16:55:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\user.exe [2013.09.11 16:54:09 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\shdocvw.dll [2013.09.08 12:44:10 | 000,000,000 | ---D | C] -- D:\Users\Hindersmann\Desktop\5-076 Übungsdateien [2013.09.05 22:11:07 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\SequoiaView [2013.09.05 20:43:58 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.09.05 20:43:51 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft Silverlight [2013.09.03 18:41:04 | 000,000,000 | ---D | C] -- D:\Users\Hindersmann\DigSig [2013.08.30 10:52:49 | 000,433,752 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys [2013.08.30 10:52:48 | 001,139,800 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys [2013.08.30 10:52:48 | 000,796,760 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys [2013.08.30 10:52:48 | 000,493,656 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys [2013.08.30 10:52:48 | 000,224,416 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys [2013.08.30 10:52:48 | 000,169,048 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys [2013.08.30 10:52:48 | 000,036,952 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys [2013.08.30 10:52:48 | 000,023,448 | R--- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symelam.sys [2013.08.30 10:50:00 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\drivers\N360x64\1404000.028 [2013.08.29 23:30:11 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Symantec Shared [2013.08.29 23:26:59 | 000,177,312 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.08.29 23:26:59 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Symantec Shared [2013.08.29 23:26:59 | 000,000,000 | ---D | C] -- D:\Program Files\Symantec [2013.08.29 23:23:22 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\drivers\N360x64 [2013.08.29 23:23:20 | 000,000,000 | R--D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 [2013.08.29 23:23:20 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Norton 360 [2013.08.29 23:23:20 | 000,000,000 | ---D | C] -- D:\ProgramData\Norton [2013.08.29 23:18:57 | 000,000,000 | ---D | C] -- D:\ProgramData\NortonInstaller [2013.08.29 23:18:57 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\NortonInstaller [2013.08.16 08:31:52 | 000,000,000 | ---D | C] -- D:\Users\Hindersmann\Desktop\Elektrotechnik [2013.08.15 22:06:30 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\MRT [2013.08.14 15:49:07 | 001,472,512 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\crypt32.dll [2013.08.14 15:49:07 | 000,224,256 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\wintrust.dll [2013.08.14 15:49:07 | 000,139,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\cryptnet.dll [2013.08.14 15:48:49 | 001,888,768 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\WMVDECOD.DLL [2013.08.14 15:48:48 | 001,620,992 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\WMVDECOD.DLL [2013.08.14 15:48:26 | 001,217,024 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\rpcrt4.dll ========== Files - Modified Within 30 Days ========== [2013.09.12 21:38:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Hindersmann\Desktop\OTL.exe [2013.09.12 21:26:37 | 001,806,990 | ---- | M] () -- D:\Windows\SysNative\PerfStringBackup.INI [2013.09.12 21:26:37 | 000,773,946 | ---- | M] () -- D:\Windows\SysNative\perfh007.dat [2013.09.12 21:26:37 | 000,728,618 | ---- | M] () -- D:\Windows\SysNative\perfh009.dat [2013.09.12 21:26:37 | 000,177,318 | ---- | M] () -- D:\Windows\SysNative\perfc007.dat [2013.09.12 21:26:37 | 000,150,098 | ---- | M] () -- D:\Windows\SysNative\perfc009.dat [2013.09.12 21:26:34 | 000,015,600 | -H-- | M] () -- D:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.09.12 21:26:34 | 000,015,600 | -H-- | M] () -- D:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.09.12 21:19:40 | 000,001,116 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.09.12 21:19:39 | 000,000,530 | ---- | M] () -- D:\Windows\tasks\MATLAB R2013a Startup Accelerator.job [2013.09.12 21:19:29 | 000,000,828 | ---- | M] () -- D:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.09.12 21:19:24 | 000,000,212 | ---- | M] () -- D:\Windows\tasks\AutoKMS.job [2013.09.12 21:19:22 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat [2013.09.12 20:54:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job [2013.09.12 20:46:01 | 000,001,120 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.09.12 16:44:28 | 000,000,085 | ---- | M] () -- D:\Windows\wininit.ini [2013.09.11 17:35:25 | 005,052,760 | ---- | M] () -- D:\Windows\SysNative\FNTCACHE.DAT [2013.09.11 17:31:37 | 002,230,099 | ---- | M] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB [2013.09.08 13:23:00 | 000,000,830 | ---- | M] () -- D:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.09.08 12:53:00 | 000,000,202 | ---- | M] () -- D:\Windows\tasks\AutoKMSDaily.job [2013.08.30 10:54:49 | 000,177,312 | ---- | M] (Symantec Corporation) -- D:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.08.30 10:54:49 | 000,007,631 | ---- | M] () -- D:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.08.30 10:54:49 | 000,000,854 | ---- | M] () -- D:\Windows\SysNative\drivers\SYMEVENT64x86.INF ========== Files Created - No Company Name ========== [2013.09.12 16:44:25 | 000,000,085 | ---- | C] () -- D:\Windows\wininit.ini [2013.09.01 17:37:10 | 002,230,099 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB [2013.08.30 10:56:51 | 000,014,818 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\VT20130115.021 [2013.08.30 10:52:49 | 000,008,067 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symnet64.cat [2013.08.30 10:52:48 | 000,009,670 | R--- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symelam64.cat [2013.08.30 10:52:48 | 000,007,667 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.cat [2013.08.30 10:52:48 | 000,007,593 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\iron.cat [2013.08.30 10:52:48 | 000,007,589 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.cat [2013.08.30 10:52:48 | 000,007,587 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.cat [2013.08.30 10:52:48 | 000,003,434 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symefa.inf [2013.08.30 10:52:48 | 000,002,852 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symds.inf [2013.08.30 10:52:48 | 000,001,440 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symnet.inf [2013.08.30 10:52:48 | 000,001,437 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.inf [2013.08.30 10:52:48 | 000,001,420 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.inf [2013.08.30 10:52:48 | 000,000,996 | R--- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symelam.inf [2013.08.30 10:52:48 | 000,000,853 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.inf [2013.08.30 10:52:48 | 000,000,767 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\iron.inf [2013.08.30 10:50:00 | 000,008,067 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.cat [2013.08.30 10:50:00 | 000,008,063 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.cat [2013.08.30 10:50:00 | 000,000,172 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\isolate.ini [2013.08.29 23:26:59 | 000,007,631 | ---- | C] () -- D:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.08.29 23:26:59 | 000,000,854 | ---- | C] () -- D:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013.07.15 22:39:22 | 000,000,600 | ---- | C] () -- D:\Users\Hindersmann\AppData\Local\PUTTY.RND [2013.04.05 07:31:10 | 000,000,184 | ---- | C] () -- D:\Windows\AutoKMS.ini [2013.03.12 19:56:24 | 000,000,132 | ---- | C] () -- D:\Users\Hindersmann\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.02.27 21:09:23 | 000,087,704 | ---- | C] () -- D:\Windows\cadkasdeinst01.exe [2013.02.25 21:48:30 | 000,000,151 | ---- | C] () -- D:\Windows\wiso.ini [2012.11.23 02:41:21 | 000,000,057 | ---- | C] () -- D:\ProgramData\Ament.ini [2012.11.20 21:49:22 | 000,002,850 | ---- | C] () -- D:\Windows\hpwmdl22.dat.temp [2012.11.20 21:26:39 | 000,222,950 | ---- | C] () -- D:\Windows\hpwins22.dat [2012.11.20 21:26:39 | 000,002,850 | ---- | C] () -- D:\Windows\hpwmdl22.dat [2012.11.11 22:02:25 | 000,007,606 | ---- | C] () -- D:\Users\Hindersmann\AppData\Local\Resmon.ResmonCfg [2012.10.21 14:46:25 | 000,001,456 | ---- | C] () -- D:\Users\Hindersmann\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2012.10.13 16:17:12 | 000,035,237 | ---- | C] () -- D:\Users\Hindersmann\AppData\Local\recently-used.xbel [2012.10.11 23:35:52 | 000,003,072 | ---- | C] () -- D:\Users\Hindersmann\AppData\Local\file__0.localstorage [2012.10.01 15:58:39 | 001,807,160 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI [2012.09.30 22:06:31 | 000,176,128 | ---- | C] () -- D:\Windows\SysWow64\lffax60n.dll [2012.09.30 22:06:31 | 000,141,824 | ---- | C] () -- D:\Windows\SysWow64\lfcmp60n.dll [2012.09.30 22:06:31 | 000,110,080 | ---- | C] () -- D:\Windows\SysWow64\lfpng60n.dll [2012.09.30 22:06:31 | 000,046,080 | ---- | C] () -- D:\Windows\SysWow64\lftif60n.dll [2012.09.30 22:06:31 | 000,043,008 | ---- | C] () -- D:\Windows\SysWow64\ltfil60n.dll [2012.09.30 22:06:31 | 000,023,552 | ---- | C] () -- D:\Windows\SysWow64\lfpcx60n.dll [2012.09.30 22:06:31 | 000,022,528 | ---- | C] () -- D:\Windows\SysWow64\lfpct60n.dll [2012.09.30 22:06:31 | 000,022,528 | ---- | C] () -- D:\Windows\SysWow64\lfeps60n.dll [2012.09.30 22:06:31 | 000,022,016 | ---- | C] () -- D:\Windows\SysWow64\lfbmp60n.dll [2012.09.30 22:06:31 | 000,020,480 | ---- | C] () -- D:\Windows\SysWow64\lfpsd60n.dll [2012.09.30 22:06:31 | 000,019,968 | ---- | C] () -- D:\Windows\SysWow64\lftga60n.dll [2012.09.30 22:06:31 | 000,019,456 | ---- | C] () -- D:\Windows\SysWow64\lfwpg60n.dll [2012.09.30 22:06:31 | 000,019,456 | ---- | C] () -- D:\Windows\SysWow64\lfwmf60n.dll [2012.09.30 22:06:31 | 000,018,432 | ---- | C] () -- D:\Windows\SysWow64\lfmsp60n.dll [2012.09.30 22:06:31 | 000,017,920 | ---- | C] () -- D:\Windows\SysWow64\lfmac60n.dll [2012.09.30 22:06:31 | 000,017,920 | ---- | C] () -- D:\Windows\SysWow64\implode.dll [2012.09.30 22:06:31 | 000,005,378 | ---- | C] () -- D:\Windows\PSPICEEV.INI [2012.06.13 19:34:28 | 000,755,572 | ---- | C] () -- D:\Windows\SysWow64\igkrng700.bin [2012.06.13 19:34:22 | 000,559,972 | ---- | C] () -- D:\Windows\SysWow64\igfcg700m.bin [2012.06.13 19:34:18 | 000,058,880 | ---- | C] () -- D:\Windows\SysWow64\igdde32.dll [2012.06.13 19:34:14 | 013,026,816 | ---- | C] () -- D:\Windows\SysWow64\ig7icd32.dll [2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- D:\Windows\SysWow64\IusEventLog.dll [2012.02.20 11:31:06 | 000,019,968 | ---- | C] () -- D:\Windows\SysWow64\DptfPolicyConfigTDPService.exe [2012.02.20 11:31:06 | 000,018,944 | ---- | C] () -- D:\Windows\SysWow64\DptfParticipantProcessorService.exe [2012.02.20 11:31:06 | 000,012,288 | ---- | C] () -- D:\Windows\SysWow64\DptfPolicyConfigTDPDll.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- D:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = D:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = D:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = D:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 1072 bytes -> D:\Users\Hindersmann\AppData\Local\epDmpGdpihRZQ:uPYHcBRiwDMRwNxgN1AwTc < End of report > Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.12.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 Hindersmann :: HINDERSMANN-PC [Administrator] 12.09.2013 16:45:58 mbam-log-2013-09-12 (16-45-58).txt Art des Suchlaufs: Vollständiger Suchlauf (D:\|X:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 800242 Laufzeit: 2 Stunde(n), 1 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 8 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt. HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Keine Aktion durchgeführt. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 3 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0RtGtCtH1H1L2Y0B0EtF0CtG1O -> Keine Aktion durchgeführt. HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {ABD64470-0D56-11E2-866F-C485083C725F} -> Keine Aktion durchgeführt. HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {ABD64470-0D56-11E2-866F-C485083C725F} -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B44DC485083C725C&affID=119779&tt=250613_gr3&tsp=4924) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 6 D:\Users\Hindersmann\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt. D:\Program Files (x86)\hdvidcodec.com (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt. D:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt. D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt. D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 15 D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt. D:\Users\Hindersmann\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\HDVidCodec.lnk (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt. D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\Uninstall.lnk (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt. D:\Program Files (x86)\hdvidcodec.com\HDvidCodec10.crx (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt. D:\Program Files (x86)\hdvidcodec.com\b.bmp (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt. D:\Program Files (x86)\hdvidcodec.com\finish.bmp (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt. D:\Program Files (x86)\hdvidcodec.com\FinishHDVID.exe (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt. D:\Program Files (x86)\hdvidcodec.com\HDVidCodec.exe (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt. D:\Program Files (x86)\hdvidcodec.com\hdvidextsetup.exe (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt. D:\Program Files (x86)\hdvidcodec.com\hdvid_temp.bmp (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt. D:\Program Files (x86)\hdvidcodec.com\uninst.exe (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt. D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt. D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt. D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt. (Ende) 2. Malware Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.12.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 Hindersmann :: HINDERSMANN-PC [Administrator] 12.09.2013 19:21:47 mbam-log-2013-09-12 (19-21-47).txt Art des Suchlaufs: Vollständiger Suchlauf (D:\|X:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 823531 Laufzeit: 55 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 7 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 3 HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0RtGtCtH1H1L2Y0B0EtF0CtG1O -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {ABD64470-0D56-11E2-866F-C485083C725F} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {ABD64470-0D56-11E2-866F-C485083C725F} -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B44DC485083C725C&affID=119779&tt=250613_gr3&tsp=4924) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 5 D:\Users\Hindersmann\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 7 D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Users\Hindersmann\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\HDVidCodec.lnk (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\Uninstall.lnk (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 3. Malware Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.12.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 Hindersmann :: HINDERSMANN-PC [Administrator] 12.09.2013 21:33:03 mbam-log-2013-09-12 (21-33-03).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 245946 Laufzeit: 1 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
| Themen zu Windows 7: PC ist sehr langsam und hängt unregelmäßig einige Sekunden |
| 4d36e972-e325-11ce-bfc1-08002be10318, adblock, antivirus, computer, cpu-z, farbar, farbar recovery scan tool, flash player, hängt, iexplore.exe, langsam, minidump, officejet, plug-in, pup.optional.1clickdownload.a, pup.optional.babylon.a, pup.optional.datamngr.a, pup.optional.delta.a, pup.optional.hdvidcodec.a, pup.optional.installcore.a, pup.optional.startpage, pup.optional.sweetim.a, pup.optional.tarma.a, registry, sekunden, svchost.exe, symantec, win64, windows |
Linear-Darstellung
