| |
| |||||||
Log-Analyse und Auswertung: Win 7 Prof 64 - HTML/Crypted.Gen; bin ich infiziert?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.04.2014, 20:39
| #1 |
| |  Win 7 Prof 64 - HTML/Crypted.Gen; bin ich infiziert? Hallo, vor kurzem brachte mir der Echtzeit-Scanner von Avira einen Treffer. Nachdem ich mich mittels "Details" über die Art des Fundes informieren konnte, wollte ich den Fund löschen. Das Problem ist nun, dass ich die infizierte Datei nicht finden kann. Sie ist weder in der Avira Quarantäne, noch kann ich sie im File System finden. Zudem gibt Avira hierzu im Ereignisprotokoll, zwei widersprüchliche Aktionen an: Code:
ATTFilter 14.04.2014 / 21:45:20
In der Datei 'C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZJMLN78O\afr[1].htm'
wurde ein Virus oder unerwünschtes Programm 'HTML/Crypted.Gen' [virus] gefunden.
Ausgeführte Aktion: Zugriff erlauben
14.04.2014 / 21:45:20
In der Datei 'C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZJMLN78O\afr[1].htm'
wurde ein Virus oder unerwünschtes Programm 'HTML/Crypted.Gen' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Danach einmal per Avira Rescue System, wozu ich leider kein Logfile habe. Auch Malewarebytes habe ich das System scannen lassen: Keiner der Scanns hat hier irgend etwas ergeben. Aufgrund der widersprüchlichen Daten würde ich nun gerne wissen, ob ich nun infiziert bin oder nicht? Schon mal danke im voraus. VG |
|
18.04.2014, 09:18
| #2 |
| /// the machine /// TB-Ausbilder    | Win 7 Prof 64 - HTML/Crypted.Gen; bin ich infiziert? Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
18.04.2014, 10:00
| #3 |
| | Win 7 Prof 64 - HTML/Crypted.Gen; bin ich infiziert? Hi,
__________________erst einmal danke für die schnelle Antwort. Und wie angefordert, die Logfiles. erster Teil: Avira Scan: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 14. April 2014 22:16
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ALEX-NOTEBOOK
Versionsinformationen:
BUILD.DAT : 14.0.3.350 56624 Bytes 25.02.2014 11:41:00
AVSCAN.EXE : 14.0.3.332 1058384 Bytes 20.02.2014 19:02:51
AVSCANRC.DLL : 14.0.2.292 62008 Bytes 18.02.2014 20:43:46
LUKE.DLL : 14.0.3.336 65616 Bytes 20.02.2014 19:03:20
AVSCPLR.DLL : 14.0.3.336 124496 Bytes 20.02.2014 19:02:51
AVREG.DLL : 14.0.3.336 250448 Bytes 20.02.2014 19:02:46
avlode.dll : 14.0.3.336 544848 Bytes 20.02.2014 19:02:45
avlode.rdf : 14.0.3.38 58680 Bytes 13.03.2014 17:39:26
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 21:50:05
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 21:50:18
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 21:50:33
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 21:50:40
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 21:50:54
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 21:51:21
VBASE006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 18:29:34
VBASE007.VDF : 7.11.139.39 2048 Bytes 27.03.2014 18:29:34
VBASE008.VDF : 7.11.139.40 2048 Bytes 27.03.2014 18:29:35
VBASE009.VDF : 7.11.139.41 2048 Bytes 27.03.2014 18:29:35
VBASE010.VDF : 7.11.139.42 2048 Bytes 27.03.2014 18:29:35
VBASE011.VDF : 7.11.139.43 2048 Bytes 27.03.2014 18:29:35
VBASE012.VDF : 7.11.139.44 2048 Bytes 27.03.2014 18:29:35
VBASE013.VDF : 7.11.139.45 2048 Bytes 27.03.2014 18:29:35
VBASE014.VDF : 7.11.139.171 111104 Bytes 28.03.2014 14:45:35
VBASE015.VDF : 7.11.140.23 150016 Bytes 30.03.2014 11:20:55
VBASE016.VDF : 7.11.140.143 222720 Bytes 01.04.2014 18:12:38
VBASE017.VDF : 7.11.140.235 144384 Bytes 03.04.2014 16:11:11
VBASE018.VDF : 7.11.141.81 193536 Bytes 05.04.2014 15:13:12
VBASE019.VDF : 7.11.141.203 241152 Bytes 08.04.2014 16:42:44
VBASE020.VDF : 7.11.142.83 144896 Bytes 10.04.2014 16:36:32
VBASE021.VDF : 7.11.142.221 171008 Bytes 12.04.2014 14:07:43
VBASE022.VDF : 7.11.142.222 2048 Bytes 12.04.2014 14:07:43
VBASE023.VDF : 7.11.142.223 2048 Bytes 12.04.2014 14:07:43
VBASE024.VDF : 7.11.142.224 2048 Bytes 12.04.2014 14:07:43
VBASE025.VDF : 7.11.142.225 2048 Bytes 12.04.2014 14:07:43
VBASE026.VDF : 7.11.142.226 2048 Bytes 12.04.2014 14:07:43
VBASE027.VDF : 7.11.142.227 2048 Bytes 12.04.2014 14:07:43
VBASE028.VDF : 7.11.142.228 2048 Bytes 12.04.2014 14:07:43
VBASE029.VDF : 7.11.142.229 2048 Bytes 12.04.2014 14:07:44
VBASE030.VDF : 7.11.142.230 2048 Bytes 12.04.2014 14:07:44
VBASE031.VDF : 7.11.143.108 280064 Bytes 14.04.2014 18:23:54
Engineversion : 8.3.18.4
AEVDF.DLL : 8.3.0.4 118976 Bytes 20.03.2014 17:39:36
AESCRIPT.DLL : 8.1.4.200 528584 Bytes 10.04.2014 16:36:31
AESCN.DLL : 8.3.0.2 135360 Bytes 20.03.2014 17:39:35
AESBX.DLL : 8.2.20.6 1331575 Bytes 14.01.2014 19:25:32
AERDL.DLL : 8.2.0.138 704888 Bytes 02.12.2013 16:51:48
AEPACK.DLL : 8.4.0.16 778440 Bytes 02.04.2014 18:12:38
AEOFFICE.DLL : 8.3.0.2 201084 Bytes 13.03.2014 17:39:21
AEHEUR.DLL : 8.1.4.1014 6664392 Bytes 10.04.2014 16:36:30
AEHELP.DLL : 8.3.0.0 274808 Bytes 11.03.2014 17:49:57
AEGEN.DLL : 8.1.7.24 442743 Bytes 11.03.2014 17:49:57
AEEXP.DLL : 8.4.1.258 512376 Bytes 13.03.2014 17:39:25
AEEMU.DLL : 8.1.3.2 393587 Bytes 27.09.2013 21:51:47
AECORE.DLL : 8.3.0.6 241864 Bytes 19.03.2014 17:38:45
AEBB.DLL : 8.1.1.4 53619 Bytes 27.09.2013 21:51:44
AVWINLL.DLL : 14.0.3.252 23608 Bytes 20.02.2014 19:02:38
AVPREF.DLL : 14.0.3.252 48696 Bytes 20.02.2014 19:02:46
AVREP.DLL : 14.0.3.252 175672 Bytes 20.02.2014 19:02:46
AVARKT.DLL : 14.0.3.336 256080 Bytes 20.02.2014 19:02:39
AVEVTLOG.DLL : 14.0.3.336 165968 Bytes 20.02.2014 19:02:43
SQLITE3.DLL : 3.7.0.1 394824 Bytes 27.09.2013 21:54:17
AVSMTP.DLL : 14.0.3.252 60472 Bytes 20.02.2014 19:02:51
NETNT.DLL : 14.0.3.252 13368 Bytes 20.02.2014 19:03:20
RCIMAGE.DLL : 14.0.3.260 4979256 Bytes 20.02.2014 19:02:38
RCTEXT.DLL : 14.0.3.282 72760 Bytes 20.02.2014 19:02:38
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, G:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Montag, 14. April 2014 22:16
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD2(C:)'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'HDD1(E:)'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'HDD0(G:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '151' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedul2.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'AvrcpService.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTDevMgr.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSIService.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlservr.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvNetworkService.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvstreamsvc.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'BFNService.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkBleServ.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlwriter.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvstreamsvc.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvstreamsvc.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '155' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTServer.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrl.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'Radio Manager.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'SCM.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedhlp.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvBackend.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess '3DG4me.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrueImageMonitor.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'TimounterMonitor.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'iusb3mon.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrlHelper.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '128' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '5255' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'E:\' <Volume>
Beginne mit der Suche in 'G:\' <Volume>
Ende des Suchlaufs: Montag, 14. April 2014 23:29
Benötigte Zeit: 1:12:52 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
47121 Verzeichnisse wurden überprüft
1766215 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1766215 Dateien ohne Befall
25855 Archive wurden durchsucht
0 Warnungen
0 Hinweise
82 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 16.04.2014 Suchlauf-Zeit: 23:29:41 Logdatei: MWAMSCAN.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.16.09 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Alex Suchlauf-Art: Benutzerdefinierter Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 546494 Verstrichene Zeit: 2 Std, 33 Min, 26 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:59 on 17/04/2014 (Alex)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014
Ran by Alex (administrator) on ALEX-NOTEBOOK on 17-04-2014 20:00:40
Running from C:\Users\Alex\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) E:\Programme\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
() C:\Windows\system\3DG4me.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Acronis) E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [399528 2013-07-05] (MSI)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2013-07-05] (MSI)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [34432 2013-04-23] (Creative Technology Ltd.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2889072 2013-04-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [165144 2008-09-15] (Acronis)
HKLM\...\Run: [3DG4me] => C:\Windows\System\3DG4me.exe [151552 2013-05-28] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe [4353088 2008-09-15] (Acronis)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [GrooveMonitor] => E:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => E:\Programme\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe [962456 2008-09-15] (Acronis)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-28] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB65A232DD6BBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.t-online.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://logc204.xiti.com/go.click?xts=453013&s2=10&p=browser::IE11::toi-startseite&clic=S&type=click&url=hxxp://www.t-online.de
SearchScopes: HKCU - DefaultScope {89A075FC-E18A-4E2A-86DD-10BFF7A76646} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie10-toi
SearchScopes: HKCU - {104F1AB9-F191-4DCE-9D71-D494E46AAF0C} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
SearchScopes: HKCU - {1D0346CC-79CF-493C-B9AA-60D69C7FD88A} URL = hxxp://rover.ebay.com/rover/1/707-1403-27640-2/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
SearchScopes: HKCU - {2E573BFB-E7AE-4774-B313-C0EC738BEF45} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie10-toi
SearchScopes: HKCU - {89A075FC-E18A-4E2A-86DD-10BFF7A76646} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie10-toi
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - e:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\m1pquxqg.default
FF Homepage: hxxp://www.t-online.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - E:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - E:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\m1pquxqg.default\Extensions\ich@maltegoetz.de [2013-12-19]
FF Extension: gTranslator - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\m1pquxqg.default\Extensions\jyboy.yy@gmail.com [2013-09-28]
FF Extension: WOT - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\m1pquxqg.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-08]
FF Extension: Ghostery - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\m1pquxqg.default\Extensions\firefox@ghostery.com.xpi [2013-09-28]
FF Extension: SQLite Manager - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\m1pquxqg.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2013-09-28]
FF Extension: NoScript - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\m1pquxqg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-28]
FF Extension: Adblock Plus - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\m1pquxqg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-28]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-04-02] (Realtek Semiconductor Corporation)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [484592 2013-11-09] (BitRaider, LLC)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-25] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-07-05] (Micro-Star International Co., Ltd.)
S3 Microsoft Office Groove Audit Service; E:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [503296 2013-05-16] ()
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
R2 TeamViewer9; E:\Programme\TeamViewer\Version9\TeamViewer_Service.exe [5316448 2013-12-04] (TeamViewer GmbH)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [66928 2013-05-16] (Qualcomm Atheros, Inc.)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-11-09] (BitRaider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [165824 2013-05-16] (Qualcomm Atheros, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [535624 2013-03-28] (Realtek Semiconductor Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [407112 2013-04-28] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
R0 snapman378; C:\Windows\System32\DRIVERS\snman378.sys [237600 2013-09-28] (Acronis)
R0 tdrpman124; C:\Windows\System32\DRIVERS\tdrpm124.sys [1547808 2013-09-28] (Acronis)
S3 USBADVAU; C:\Windows\System32\drivers\cm11264.sys [1308160 2009-11-25] (C-Media Electronics Inc)
S3 VSPerfDrv100; E:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2011-01-18] (Microsoft Corporation)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-17 20:00 - 2014-04-17 20:00 - 00020223 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-04-17 20:00 - 2014-04-17 20:00 - 00000000 ____D () C:\FRST
2014-04-17 19:59 - 2014-04-17 19:59 - 00000470 _____ () C:\Users\Alex\Desktop\defogger_disable.log
2014-04-17 19:59 - 2014-04-17 19:59 - 00000000 _____ () C:\Users\Alex\defogger_reenable
2014-04-17 18:28 - 2014-04-17 18:28 - 00025614 _____ () C:\Users\Alex\Desktop\AVSCAN-20140414-221646-05D6ED6D.LOG
2014-04-17 18:20 - 2014-04-17 18:21 - 00000524 _____ () C:\Users\Alex\Desktop\AVMIST.txt
2014-04-17 18:18 - 2014-04-17 18:18 - 00001168 _____ () C:\Users\Alex\Desktop\MWAMSCAN.txt
2014-04-17 18:15 - 2014-04-17 18:15 - 00019772 _____ () C:\Users\Alex\Desktop\AVSCAN-20140416-192343-0911BAA8.LOG
2014-04-17 18:13 - 2014-04-17 18:13 - 00380416 _____ () C:\Users\Alex\Desktop\Gmer-19357.exe
2014-04-17 18:12 - 2014-04-17 18:13 - 02158592 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-04-17 18:11 - 2014-04-17 18:11 - 00050477 _____ () C:\Users\Alex\Desktop\Defogger.exe
2014-04-16 20:49 - 2014-04-17 18:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 20:48 - 2014-04-16 20:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 20:48 - 2014-04-16 20:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-16 20:48 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-16 20:48 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-16 20:48 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-10 21:57 - 2014-04-10 21:57 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieUserList
2014-04-10 21:57 - 2014-04-10 21:57 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieSiteList
2014-04-09 22:57 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 22:57 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 22:57 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-09 22:57 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 22:57 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-09 22:57 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-09 22:57 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-09 22:57 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 22:57 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 22:57 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-09 22:57 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 22:57 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 22:57 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-09 22:57 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-09 22:57 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-09 22:57 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-09 22:57 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 22:57 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-09 22:57 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-09 22:57 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-09 22:57 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-09 22:57 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-09 22:57 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-09 22:57 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-09 22:57 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-09 22:57 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-09 22:57 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-09 22:57 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-09 22:57 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-09 22:57 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-09 22:57 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-09 22:57 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-09 22:57 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-09 22:57 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 22:57 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-09 22:57 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-09 22:57 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-09 22:57 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-09 22:57 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 22:57 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-09 22:57 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-09 22:57 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-09 22:57 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 22:57 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 22:57 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-09 22:57 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-09 22:57 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-09 22:57 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 20:03 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 20:03 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 20:03 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 20:03 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 20:03 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 20:03 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 20:03 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 20:03 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 20:03 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 20:03 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 20:03 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 20:03 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 20:03 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 20:03 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 20:03 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 20:03 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 20:03 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 21:04 - 2014-03-21 21:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-04-07 21:04 - 2014-03-21 21:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-03-28 23:45 - 2014-03-28 23:45 - 00000000 ___HD () C:\Program Files (x86)\Zero G Registry
2014-03-28 23:45 - 2014-03-28 23:45 - 00000000 ____D () C:\Windows\jre
2014-03-28 23:42 - 2014-03-28 23:42 - 00000000 ___HD () C:\Users\Alex\InstallAnywhere
2014-03-23 15:40 - 2014-03-23 15:40 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-03-23 15:40 - 2014-03-23 15:40 - 00000000 ____D () C:\Windows\system32\NV
2014-03-23 15:38 - 2014-03-04 16:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-23 15:38 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-23 15:38 - 2014-03-04 16:35 - 00033736 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-03-21 23:00 - 2014-03-21 23:16 - 00000000 ____D () C:\Users\Alex\AppData\Local\Overwolf
2014-03-21 22:31 - 2014-03-21 22:31 - 00000241 _____ () C:\Windows\Cm112.ini.imi
2014-03-21 22:31 - 2014-03-21 22:31 - 00000185 _____ () C:\Windows\Cm112.ini.cfl
2014-03-21 22:31 - 2014-03-21 22:31 - 00000137 _____ () C:\Windows\system\Dlap.pfx
2014-03-21 22:31 - 2013-05-28 18:56 - 00151552 ____R () C:\Windows\system\3DG4me.exe
2014-03-21 22:31 - 2012-06-06 11:56 - 00143360 ____R () C:\Windows\system\3DG4me.dll
2014-03-21 22:31 - 2012-01-31 11:26 - 00122096 ____R (HID Dll) C:\Windows\system\CM_HID3.dll
2014-03-21 22:31 - 2010-03-23 15:33 - 00001198 ____R () C:\Windows\Cm112.ini.cfg
2014-03-21 22:31 - 2009-11-25 18:52 - 01308160 _____ (C-Media Electronics Inc) C:\Windows\system32\Drivers\cm11264.sys
2014-03-21 22:31 - 2009-07-07 14:02 - 00779776 ____R () C:\Windows\system32\Cmeau112.exe
2014-03-21 22:31 - 2009-04-08 16:22 - 00354304 ____R () C:\Windows\system32\CmiInstallResAll64.dll
2014-03-21 22:31 - 2007-10-22 16:18 - 00004608 ____R () C:\Windows\Thumbs.db
2014-03-21 22:31 - 2006-10-06 07:45 - 00524768 ____R (Microsoft Corporation) C:\Windows\difxapi.dll
2014-03-21 22:31 - 2004-04-14 13:28 - 00315392 _____ (C-Media Electronics Inc.) C:\Windows\system\fltr112.dll
==================== One Month Modified Files and Folders =======
2014-04-17 20:00 - 2014-04-17 20:00 - 00020223 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-04-17 20:00 - 2014-04-17 20:00 - 00000000 ____D () C:\FRST
2014-04-17 19:59 - 2014-04-17 19:59 - 00000470 _____ () C:\Users\Alex\Desktop\defogger_disable.log
2014-04-17 19:59 - 2014-04-17 19:59 - 00000000 _____ () C:\Users\Alex\defogger_reenable
2014-04-17 19:59 - 2013-09-27 21:54 - 00000000 ____D () C:\Users\Alex
2014-04-17 19:58 - 2013-09-27 22:42 - 00082645 _____ () C:\Users\Alex\AppData\Local\BTServer.log
2014-04-17 18:28 - 2014-04-17 18:28 - 00025614 _____ () C:\Users\Alex\Desktop\AVSCAN-20140414-221646-05D6ED6D.LOG
2014-04-17 18:21 - 2014-04-17 18:20 - 00000524 _____ () C:\Users\Alex\Desktop\AVMIST.txt
2014-04-17 18:18 - 2014-04-17 18:18 - 00001168 _____ () C:\Users\Alex\Desktop\MWAMSCAN.txt
2014-04-17 18:18 - 2014-04-16 20:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 18:15 - 2014-04-17 18:15 - 00019772 _____ () C:\Users\Alex\Desktop\AVSCAN-20140416-192343-0911BAA8.LOG
2014-04-17 18:13 - 2014-04-17 18:13 - 00380416 _____ () C:\Users\Alex\Desktop\Gmer-19357.exe
2014-04-17 18:13 - 2014-04-17 18:12 - 02158592 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-04-17 18:11 - 2014-04-17 18:11 - 00050477 _____ () C:\Users\Alex\Desktop\Defogger.exe
2014-04-17 18:08 - 2009-07-14 19:58 - 00766876 _____ () C:\Windows\system32\perfh007.dat
2014-04-17 18:08 - 2009-07-14 19:58 - 00175572 _____ () C:\Windows\system32\perfc007.dat
2014-04-17 18:08 - 2009-07-14 07:13 - 01810760 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-17 18:08 - 2009-07-14 06:45 - 00017760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-17 18:08 - 2009-07-14 06:45 - 00017760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-17 18:04 - 2013-09-27 21:54 - 01291779 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 18:00 - 2013-09-27 22:30 - 00000000 ____D () C:\ProgramData\Realtek
2014-04-17 18:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 18:00 - 2009-07-14 06:51 - 00104771 _____ () C:\Windows\setupact.log
2014-04-16 20:48 - 2014-04-16 20:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-16 20:48 - 2014-04-16 20:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-14 07:04 - 2014-01-10 18:00 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Awesomium
2014-04-12 10:09 - 2014-02-13 21:05 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-10 21:57 - 2014-04-10 21:57 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieUserList
2014-04-10 21:57 - 2014-04-10 21:57 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieSiteList
2014-04-10 18:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-09 23:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-09 22:58 - 2013-09-28 16:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 22:57 - 2013-09-28 20:38 - 00000039 _____ () C:\Windows\vbaddin.ini
2014-04-09 22:57 - 2013-09-28 00:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 22:56 - 2013-09-28 00:43 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 21:04 - 2013-11-18 21:24 - 00000000 ____D () C:\Users\Alex\AppData\Local\NVIDIA Corporation
2014-04-07 21:04 - 2013-09-27 23:42 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-07 21:04 - 2013-09-27 23:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-04 20:16 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-03 09:51 - 2014-04-16 20:48 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-16 20:48 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-16 20:48 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 15:27 - 2013-10-28 18:22 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-04-02 15:27 - 2013-10-28 18:22 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-03-29 10:08 - 2013-09-28 00:57 - 00440862 _____ () C:\Windows\PFRO.log
2014-03-28 23:46 - 2013-09-28 09:56 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eigene Spiele
2014-03-28 23:45 - 2014-03-28 23:45 - 00000000 ___HD () C:\Program Files (x86)\Zero G Registry
2014-03-28 23:45 - 2014-03-28 23:45 - 00000000 ____D () C:\Windows\jre
2014-03-28 23:42 - 2014-03-28 23:42 - 00000000 ___HD () C:\Users\Alex\InstallAnywhere
2014-03-27 22:17 - 2013-09-28 11:27 - 00000000 ____D () C:\Users\Alex\Documents\Gaming und Multimedia
2014-03-23 15:40 - 2014-03-23 15:40 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-03-23 15:40 - 2014-03-23 15:40 - 00000000 ____D () C:\Windows\system32\NV
2014-03-23 15:40 - 2013-09-27 23:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-22 17:17 - 2013-09-28 15:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-22 17:17 - 2013-09-28 15:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-21 23:39 - 2013-09-28 16:32 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\TS3Client
2014-03-21 23:16 - 2014-03-21 23:00 - 00000000 ____D () C:\Users\Alex\AppData\Local\Overwolf
2014-03-21 22:31 - 2014-03-21 22:31 - 00000241 _____ () C:\Windows\Cm112.ini.imi
2014-03-21 22:31 - 2014-03-21 22:31 - 00000185 _____ () C:\Windows\Cm112.ini.cfl
2014-03-21 22:31 - 2014-03-21 22:31 - 00000137 _____ () C:\Windows\system\Dlap.pfx
2014-03-21 22:31 - 2013-09-27 22:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-21 22:31 - 2009-09-18 19:33 - 00000190 _____ () C:\Windows\system\Cm112.ini
2014-03-21 22:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-03-21 21:43 - 2014-04-07 21:04 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-03-21 21:43 - 2014-04-07 21:04 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-03-21 21:43 - 2013-09-27 23:56 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-03-20 22:40 - 2013-10-09 22:01 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\vlc
Some content of TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\avgnt.exe
C:\Users\Alex\AppData\Local\Temp\ose00000.exe
C:\Users\Alex\AppData\Local\Temp\ose00001.exe
C:\Users\Alex\AppData\Local\Temp\_isFAC.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-10 18:49
==================== End Of Log ============================
--- --- --- --- --- --- |
|
18.04.2014, 10:01
| #4 |
| | Win 7 Prof 64 - HTML/Crypted.Gen; bin ich infiziert? Und hier der zweite Teil: FRST Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014
Ran by Alex at 2014-04-17 20:00:59
Running from C:\Users\Alex\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.5 - Futuremark Corporation)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image Home (HKLM-x32\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9551 - Acronis)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.4 - BitRaider, LLC)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version: - Relic Entertainment)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dotfuscator Software Services - Community Edition - DEU (HKLM-x32\...\{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}) (Version: 5.0.2300.0 - PreEmptive Solutions)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ETDWare PS/2-X64 11.13.3.3_WHQL (HKLM\...\Elantech) (Version: 11.13.3.3 - ELAN Microelectronic Corp.)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio)
Free YouTube to MP3 Converter version 3.12.16.1030 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1030 - DVDVideoSoft Ltd.)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.17.0 - Futuremark Corporation)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hegemony Rome: The Rise of Caesar (HKLM-x32\...\Steam App 227060) (Version: - Longbow Games)
Hotfix für Microsoft Team Foundation Server 2010-Objektmodell - DEU (KB2890573) (HKLM-x32\...\{A1F50E06-E514-393D-AAEB-2F989F0B7C68}.KB2890573) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB2529927) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2529927) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB2548139) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2548139) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB2549864) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2549864) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB2635973) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2635973) (Version: 1 - Microsoft Corporation)
Hotfix für Microsoft Visual Studio 2010 Ultimate - DEU (KB2890573) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2890573) (Version: 1 - Microsoft Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3215 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
kikin Plugin (NO23 Edition) 1.11 (HKLM-x32\...\kikin Plugin (NO23 Edition)) (Version: 1.11 - kikin)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access 2010 (HKLM-x32\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 - DEU (HKLM-x32\...\{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}) (Version: 2.0.50331.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (HKLM-x32\...\{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}) (Version: 2.0.50331.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM-x32\...\{B006B9E9-41DD-4479-9177-3743A53B7735}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (HKLM-x32\...\Blend_4.0.20621.0) (Version: 4.0.20621.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (x32 Version: 4.0.20621.0 - Microsoft Corporation) Hidden
Microsoft Expression Blend SDK for .NET 4 (HKLM-x32\...\{0536BCDF-7EF6-48F6-8765-A3C065A065A5}) (Version: 2.0.20621.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM-x32\...\{B0682940-6FFB-4850-80BA-B2FEF0D64BA8}) (Version: 2.0.20621.0 - Microsoft Corporation)
Microsoft Expression Design 4 (HKLM-x32\...\Design_7.0.20516.0) (Version: 7.0.20516.0 - Microsoft Corporation)
Microsoft Expression Design 4 (x32 Version: 7.0.20516.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 Pro (HKLM-x32\...\Encoder_4.0.1651.0) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Pro (x32 Version: 4.0.1651.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F21D2032-60FE-4729-9C87-46F1615FB965}) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Studio 4 (HKLM-x32\...\ExpressionStudio_4.0.20705.0) (Version: 4.0.20705.0 - Microsoft Corporation)
Microsoft Expression Studio 4 (x32 Version: 4.0.20705.0 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation)
Microsoft Expression Web 4 (x32 Version: 4.0.1303.0 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 Service Pack 2 (HKLM-x32\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version: - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK - Deutsch (HKLM-x32\...\{803910CC-3A39-45E3-A594-0D5512A60A86}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{12FE6AA6-65D2-40EE-B925-62193128A0E6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{5ADA62BD-2FC0-4ECE-93AA-C933E69B2AB5}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst (HKLM-x32\...\{BB1E119E-CF4B-4183-910E-A8C2B379F2C6}) (Version: 10.50.1752.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (HKLM-x32\...\{919E5477-D20B-4F64-AE8B-8199469F7817}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt (HKLM-x32\...\{103A5E44-DD5B-46D5-AD1E-9DF2260CA023}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C668416A-9213-4058-B7F2-01A42D85559D}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{0D432429-C79C-462D-ABD8-4D82B83A954B}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (HKLM\...\{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 de (HKLM-x32\...\{08DA8E46-ED67-451A-9246-50E0FF6959C9}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) de (HKLM\...\{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (HKLM\...\{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - DEU (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Team Foundation Server 2010-Objektmodell - DEU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2010 Standard - enu - x64 (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{95A2AD24-BD44-3E39-A31F-CE928276577E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{681F4E9F-34E0-36BD-BF2C-100554E403A5}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Performance Collection Tools SP1 - DEU (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31010 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.31007 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Ultimate - DEU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - DEU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.31007 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools - DEU Language Pack (HKLM-x32\...\Microsoft Visual Studio Macro Tools - DEU Language Pack) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools - DEU Language Pack (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.7 - Black Tree Gaming)
nLite 1.4.9.3 (HKLM-x32\...\nLite_is1) (Version: 1.4.9.3 - Dino Nuhagic (nuhi))
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PDF24 Creator 5.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.596 - Qualcomm Atheros)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.596 - Qualcomm Atheros) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.728.728.042813 - )
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.21228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6914 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0212 - )
Republic at War 1.1.5 (HKLM-x32\...\{1F3630F5-C636-49FF-9BF0-F9E2A221E60B}) (Version: 1.1.5 - Republic at War Modding Team)
Republic at War 1.1.5 Deutsch (HKLM-x32\...\Republic at War 1.1.5 Deutsch 1.1.5) (Version: 1.1.5 - Republic at War Modding Team)
Republic at War 1.1.5 Deutsch (x32 Version: 1.1.5 - Republic at War Modding Team) Hidden
SCM (HKLM\...\{CA85D7A7-6B45-4011-9BCC-C01F31EDE157}) (Version: 14.013.07054 - )
Sennheiser 3D G4ME1 (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB6}) (Version: 1.00.0001 - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Service Pack 3 für SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Sicherheitsupdate für Microsoft Visual Studio 2010 Ultimate - DEU (KB2645410) (HKLM-x32\...\{4135C790-0387-36D7-9C2A-1B09A5900460}.KB2645410) (Version: 1 - Microsoft Corporation)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version: - Ironclad Games)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.02 - Creative Technology Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.22 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24482 - TeamViewer)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tomb Raider: Legend 1.2 (HKLM-x32\...\Tomb Raider: Legend) (Version: - )
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly)
Trackplanner 1.1.12 (HKLM-x32\...\Trackplanner_is1) (Version: - Georg Wächter)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.5 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.5.1.0 - Intel)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM\...\{D8125A39-ADEE-4187-B04D-DB6CF489AF61}) (Version: 10.3.5500.0 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.AccessR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.AccessR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.AccessR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{43C22E89-E170-4764-8E7E-7386E34F94E0}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
War Thunder Launcher 1.0.1.302 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2013 Gaijin Entertainment Corporation)
Wargame: Red Dragon (HKLM-x32\...\Steam App 251060) (Version: - Eugen Systems)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version: - Relic Entertainment)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
World of Tanks v.0.8.0 (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1) (Version: - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1) (Version: - Wargaming.net)
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
==================== Restore Points =========================
28-03-2014 21:45:23 DirectX wurde installiert
01-04-2014 16:50:50 Windows Update
07-04-2014 19:04:43 DirectX wurde installiert
09-04-2014 17:59:15 Windows Update
09-04-2014 20:55:16 Windows Update
12-04-2014 08:09:43 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
12-04-2014 08:09:48 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
16-04-2014 04:53:09 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {D30BD168-0836-418E-8AE1-F934CBBAD977} - System32\Tasks\elbyExecuteWithUAC => E:\Programme\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2013-03-22] ()
==================== Loaded Modules (whitelisted) =============
2013-09-28 00:55 - 2014-03-04 16:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-09-27 23:42 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-27 22:30 - 2013-04-25 16:32 - 00047104 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2013-05-16 17:30 - 2013-05-16 17:30 - 00503296 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
2011-05-09 20:46 - 2011-05-09 20:46 - 02760192 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll
2011-05-09 20:56 - 2011-05-09 20:56 - 09856000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtGui4.dll
2011-05-09 20:47 - 2011-05-09 20:47 - 00416256 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtXml4.dll
2013-05-16 17:30 - 2013-05-16 17:30 - 00217600 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFCommon.dll
2011-05-10 12:32 - 2011-05-10 12:32 - 00731648 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\qwt5.dll
2011-05-09 20:48 - 2011-05-09 20:48 - 00990720 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtNetwork4.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () E:\Programme\Notepad++\NppShell_05.dll
2013-09-28 11:22 - 2012-11-01 11:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-03-21 22:31 - 2013-05-28 18:56 - 00151552 ____R () C:\Windows\system\3DG4me.exe
2013-09-27 23:55 - 2013-09-27 23:54 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-10-21 22:13 - 2014-03-04 16:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-03-21 22:31 - 2012-06-06 11:56 - 00143360 ____R () C:\Windows\system\3DG4me.dll
2013-09-27 22:43 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Qualcomm Atheros Killer Network Manager.lnk => C:\Windows\pss\Qualcomm Atheros Killer Network Manager.lnk.CommonStartup
MSCONFIG\startupreg: Eraser => "E:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: PDFPrint => E:\Programme\PDF24\pdf24.exe
MSCONFIG\startupreg: VirtualCloneDrive => "E:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
==================== Faulty Device Manager Devices =============
Name: Realtek Bluetooth 4.0 + High Speed Chip
Description: Realtek Bluetooth 4.0 + High Speed Chip
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Realtek Semiconductor Corp.
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/17/2014 06:04:04 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/17/2014 02:26:56 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/17/2014 02:25:45 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: aces.exe, Version: 1.37.45.82, Zeitstempel: 0x53220ee6
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003ea47
ID des fehlerhaften Prozesses: 0x1954
Startzeit der fehlerhaften Anwendung: 0xaces.exe0
Pfad der fehlerhaften Anwendung: aces.exe1
Pfad des fehlerhaften Moduls: aces.exe2
Berichtskennung: aces.exe3
Error: (04/17/2014 02:25:24 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: aces.exe, Version: 1.37.45.82, Zeitstempel: 0x53220ee6
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003ea47
ID des fehlerhaften Prozesses: 0x1b4c
Startzeit der fehlerhaften Anwendung: 0xaces.exe0
Pfad der fehlerhaften Anwendung: aces.exe1
Pfad des fehlerhaften Moduls: aces.exe2
Berichtskennung: aces.exe3
Error: (04/14/2014 08:19:36 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/13/2014 10:22:59 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/13/2014 08:26:44 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/12/2014 08:18:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SBCinema.exe, Version: 1.0.5.0, Zeitstempel: 0x50b6c7b1
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xc0020001
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x187c
Startzeit der fehlerhaften Anwendung: 0xSBCinema.exe0
Pfad der fehlerhaften Anwendung: SBCinema.exe1
Pfad des fehlerhaften Moduls: SBCinema.exe2
Berichtskennung: SBCinema.exe3
Error: (04/12/2014 10:26:42 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/12/2014 00:59:19 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
System errors:
=============
Error: (04/16/2014 07:22:16 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (04/16/2014 07:22:16 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (04/16/2014 07:22:10 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (04/16/2014 07:22:10 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (04/16/2014 07:21:54 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (04/16/2014 07:21:54 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (04/11/2014 04:05:36 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/09/2014 10:57:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/09/2014 10:57:26 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (04/08/2014 08:38:39 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 25%
Total physical RAM: 8112.66 MB
Available physical RAM: 6031.28 MB
Total Pagefile: 16223.49 MB
Available Pagefile: 13811.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.02 GB) (Free:30.14 GB) NTFS
Drive e: (Volume) (Fixed) (Total:465.76 GB) (Free:180.19 GB) NTFS
Drive g: (Volume) (Fixed) (Total:119.12 GB) (Free:72.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 30DEF402)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 119 GB) (Disk ID: 7EDF841D)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-17 20:10:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\0000007f ATA_____ rev.N102 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\Alex\AppData\Local\Temp\pxtoapoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800025ba000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800025ba02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[964] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076dca400 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[964] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076dd3f20 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[964] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076deffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[964] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076dff2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[964] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e29a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[964] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e394c0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[964] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e587e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[964] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffd030180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[964] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffd0300d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[964] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffd030148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[964] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffd030110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[964] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefecd89e0 8 bytes JMP 000007fffd0301f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[964] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefecdbe40 8 bytes JMP 000007fffd0301b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[964] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe737490 11 bytes JMP 000007fffd030228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[964] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe74bf00 7 bytes JMP 000007fffd030260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3804] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076dca400 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3804] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076dd3f20 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3804] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076deffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3804] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076dff2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3804] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e29a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3804] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e394c0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3804] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e587e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3804] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffd030180
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3804] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffd0300d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3804] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffd030148
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3804] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffd030110
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3804] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe737490 11 bytes JMP 000007fffd030228
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3804] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe74bf00 7 bytes JMP 000007fffd030260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3804] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefecd89e0 8 bytes JMP 000007fffd0301f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3804] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefecdbe40 8 bytes JMP 000007fffd0301b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3804] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef81c2460 5 bytes JMP 000007fefd0302d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3804] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef81f96b0 6 bytes JMP 000007fefd030298
.text C:\Windows\system32\Dwm.exe[3928] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffd030180
.text C:\Windows\system32\Dwm.exe[3928] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffd0300d8
.text C:\Windows\system32\Dwm.exe[3928] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffd030148
.text C:\Windows\system32\Dwm.exe[3928] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffd030110
.text C:\Windows\system32\Dwm.exe[3928] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefecd89e0 8 bytes JMP 000007fffd0301f0
.text C:\Windows\system32\Dwm.exe[3928] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefecdbe40 8 bytes JMP 000007fffd0301b8
.text C:\Windows\system32\Dwm.exe[3928] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef675dc88 5 bytes JMP 000007fff65500d8
.text C:\Windows\system32\Dwm.exe[3928] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef675de10 5 bytes JMP 000007fff6550110
.text C:\Program Files (x86)\SCM\SCM.exe[4108] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 0000000076dca400 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\SCM\SCM.exe[4108] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000076dd3f20 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\SCM\SCM.exe[4108] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 0000000076deffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\SCM\SCM.exe[4108] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 0000000076dff2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\SCM\SCM.exe[4108] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000076e29a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\SCM\SCM.exe[4108] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000076e394c0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\SCM\SCM.exe[4108] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 0000000076e587e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\SCM\SCM.exe[4108] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffd030180
.text C:\Program Files (x86)\SCM\SCM.exe[4108] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffd0300d8
.text C:\Program Files (x86)\SCM\SCM.exe[4108] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffd030148
.text C:\Program Files (x86)\SCM\SCM.exe[4108] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffd030110
.text C:\Program Files (x86)\SCM\SCM.exe[4108] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefecd89e0 8 bytes JMP 000007fffd0301f0
.text C:\Program Files (x86)\SCM\SCM.exe[4108] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefecdbe40 8 bytes JMP 000007fffd0301b8
.text C:\Program Files (x86)\SCM\SCM.exe[4108] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe737490 11 bytes JMP 000007fffd030228
.text C:\Program Files (x86)\SCM\SCM.exe[4108] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe74bf00 7 bytes JMP 000007fffd030260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4116] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076dca400 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4116] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076dd3f20 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4116] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076deffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4116] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076dff2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4116] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e29a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4116] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e394c0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4116] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e587e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4116] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffd030180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4116] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffd0300d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4116] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffd030148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4116] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffd030110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4116] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefecd89e0 8 bytes JMP 000007fffd0301f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4116] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefecdbe40 8 bytes JMP 000007fffd0301b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4116] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe737490 11 bytes JMP 000007fffd030228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4116] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe74bf00 7 bytes JMP 000007fffd030260
.text C:\Program Files (x86)\SCM\Radio Manager.exe[4128] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076dca400 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\SCM\Radio Manager.exe[4128] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076dd3f20 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\SCM\Radio Manager.exe[4128] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076deffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\SCM\Radio Manager.exe[4128] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076dff2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\SCM\Radio Manager.exe[4128] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e29a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\SCM\Radio Manager.exe[4128] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e394c0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\SCM\Radio Manager.exe[4128] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e587e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\SCM\Radio Manager.exe[4128] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffd030180
.text C:\Program Files (x86)\SCM\Radio Manager.exe[4128] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffd0300d8
.text C:\Program Files (x86)\SCM\Radio Manager.exe[4128] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffd030148
.text C:\Program Files (x86)\SCM\Radio Manager.exe[4128] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffd030110
.text C:\Program Files (x86)\SCM\Radio Manager.exe[4128] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefecd89e0 8 bytes JMP 000007fffd0301f0
.text C:\Program Files (x86)\SCM\Radio Manager.exe[4128] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefecdbe40 8 bytes JMP 000007fffd0301b8
.text C:\Program Files (x86)\SCM\Radio Manager.exe[4128] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe737490 11 bytes JMP 000007fffd030228
.text C:\Program Files (x86)\SCM\Radio Manager.exe[4128] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe74bf00 7 bytes JMP 000007fffd030260
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffd030180
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffd0300d8
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffd030148
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffd030110
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefecd89e0 8 bytes JMP 000007fffd0301f0
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefecdbe40 8 bytes JMP 000007fffd0301b8
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe737490 11 bytes JMP 000007fffd030228
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe74bf00 7 bytes JMP 000007fffd030260
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a81f0e 7 bytes JMP 000000016da03550
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a85bad 7 bytes JMP 000000016da037f0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a91409 7 bytes JMP 000000016da03650
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a9ea45 7 bytes JMP 000000016da03540
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b28e24 7 bytes JMP 000000016da03310
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b28ea9 5 bytes JMP 000000016da033c0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b291ff 5 bytes JMP 000000016da03320
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000757f1d1b 5 bytes JMP 000000016da032b0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000757f1dc9 5 bytes JMP 000000016da03270
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000757f2aa4 5 bytes JMP 000000016da033d0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000757f2d0a 5 bytes JMP 000000016da030b0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a58a29 5 bytes JMP 000000016da02c60
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a64572 5 bytes JMP 000000016da03030
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a7e567 5 bytes JMP 000000016da030a0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ab7a5c 5 bytes JMP 000000016da03020
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074eee96b 5 bytes JMP 000000016da02cd0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074eeeba5 5 bytes JMP 000000016da02ce0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074b65ea5 5 bytes JMP 000000016da02c20
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4168] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074b99d0b 5 bytes JMP 000000016da02bb0
.text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[4340] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076dca400 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[4340] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076dd3f20 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[4340] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076deffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[4340] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076dff2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[4340] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e29a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[4340] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e394c0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[4340] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e587e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[4340] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffd030180
.text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[4340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffd0300d8
.text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[4340] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffd030148
.text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[4340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffd030110
.text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[4340] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefecd89e0 8 bytes JMP 000007fffd0301f0
.text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[4340] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefecdbe40 8 bytes JMP 000007fffd0301b8
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a81f0e 7 bytes JMP 000000016da03550
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a85bad 7 bytes JMP 000000016da037f0
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a91409 7 bytes JMP 000000016da03650
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a9ea45 7 bytes JMP 000000016da03540
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b28e24 7 bytes JMP 000000016da03310
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b28ea9 5 bytes JMP 000000016da033c0
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b291ff 5 bytes JMP 000000016da03320
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000757f1d1b 5 bytes JMP 000000016da032b0
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000757f1dc9 5 bytes JMP 000000016da03270
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000757f2aa4 5 bytes JMP 000000016da033d0
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000757f2d0a 5 bytes JMP 000000016da030b0
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a58a29 5 bytes JMP 000000016da02c60
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a64572 5 bytes JMP 000000016da03030
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a7e567 5 bytes JMP 000000016da030a0
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ab7a5c 5 bytes JMP 000000016da03020
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074eee96b 5 bytes JMP 000000016da02cd0
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074eeeba5 5 bytes JMP 000000016da02ce0
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074b65ea5 5 bytes JMP 000000016da02c20
.text C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe[4388] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074b99d0b 5 bytes JMP 000000016da02bb0
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a81f0e 7 bytes JMP 000000016da03550
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a85bad 7 bytes JMP 000000016da037f0
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a91409 7 bytes JMP 000000016da03650
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a9ea45 7 bytes JMP 000000016da03540
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b28e24 7 bytes JMP 000000016da03310
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b28ea9 5 bytes JMP 000000016da033c0
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b291ff 5 bytes JMP 000000016da03320
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000757f1d1b 5 bytes JMP 000000016da032b0
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000757f1dc9 5 bytes JMP 000000016da03270
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000757f2aa4 5 bytes JMP 000000016da033d0
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000757f2d0a 5 bytes JMP 000000016da030b0
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074eee96b 5 bytes JMP 000000016da02cd0
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074eeeba5 5 bytes JMP 000000016da02ce0
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a58a29 5 bytes JMP 000000016da02c60
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a64572 5 bytes JMP 000000016da03030
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a7e567 5 bytes JMP 000000016da030a0
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ab7a5c 5 bytes JMP 000000016da03020
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074b65ea5 5 bytes JMP 000000016da02c20
.text C:\Windows\system\3DG4me.exe[4412] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074b99d0b 5 bytes JMP 000000016da02bb0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4440] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffcfd0180
.text C:\Program Files\Windows Sidebar\sidebar.exe[4440] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffcfd00d8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4440] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffcfd0148
.text C:\Program Files\Windows Sidebar\sidebar.exe[4440] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffcfd0110
.text C:\Program Files\Windows Sidebar\sidebar.exe[4440] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefecd89e0 8 bytes JMP 000007fffcfd01f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4440] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefecdbe40 8 bytes JMP 000007fffcfd01b8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4440] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe737490 11 bytes JMP 000007fffcfd0228
.text C:\Program Files\Windows Sidebar\sidebar.exe[4440] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe74bf00 7 bytes JMP 000007fffcfd0260
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a81f0e 7 bytes JMP 000000016da03550
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a85bad 7 bytes JMP 000000016da037f0
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a91409 7 bytes JMP 000000016da03650
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a9ea45 7 bytes JMP 000000016da03540
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b28e24 7 bytes JMP 000000016da03310
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b28ea9 5 bytes JMP 000000016da033c0
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b291ff 5 bytes JMP 000000016da03320
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000757f1d1b 5 bytes JMP 000000016da032b0
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000757f1dc9 5 bytes JMP 000000016da03270
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000757f2aa4 5 bytes JMP 000000016da033d0
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000757f2d0a 5 bytes JMP 000000016da030b0
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a58a29 5 bytes JMP 000000016da02c60
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a64572 5 bytes JMP 000000016da03030
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a7e567 5 bytes JMP 000000016da030a0
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ab7a5c 5 bytes JMP 000000016da03020
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074eee96b 5 bytes JMP 000000016da02cd0
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074eeeba5 5 bytes JMP 000000016da02ce0
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074b65ea5 5 bytes JMP 000000016da02c20
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[1968] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074b99d0b 5 bytes JMP 000000016da02bb0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a81f0e 7 bytes JMP 000000016da03550
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a85bad 7 bytes JMP 000000016da037f0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a91409 7 bytes JMP 000000016da03650
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a9ea45 7 bytes JMP 000000016da03540
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b28e24 7 bytes JMP 000000016da03310
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b28ea9 5 bytes JMP 000000016da033c0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b291ff 5 bytes JMP 000000016da03320
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000757f1d1b 5 bytes JMP 000000016da032b0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000757f1dc9 5 bytes JMP 000000016da03270
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000757f2aa4 5 bytes JMP 000000016da033d0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000757f2d0a 5 bytes JMP 000000016da030b0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074eee96b 5 bytes JMP 000000016da02cd0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074eeeba5 5 bytes JMP 000000016da02ce0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a58a29 5 bytes JMP 000000016da02c60
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a64572 5 bytes JMP 000000016da03030
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a7e567 5 bytes JMP 000000016da030a0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ab7a5c 5 bytes JMP 000000016da03020
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074b65ea5 5 bytes JMP 000000016da02c20
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1928] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074b99d0b 5 bytes JMP 000000016da02bb0
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a81f0e 7 bytes JMP 000000016da03550
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a85bad 7 bytes JMP 000000016da037f0
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a91409 7 bytes JMP 000000016da03650
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a9ea45 7 bytes JMP 000000016da03540
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b28e24 7 bytes JMP 000000016da03310
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b28ea9 5 bytes JMP 000000016da033c0
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b291ff 5 bytes JMP 000000016da03320
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000757f1d1b 5 bytes JMP 000000016da032b0
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000757f1dc9 5 bytes JMP 000000016da03270
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000757f2aa4 5 bytes JMP 000000016da033d0
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000757f2d0a 5 bytes JMP 000000016da030b0
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a58a29 5 bytes JMP 000000016da02c60
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a64572 5 bytes JMP 000000016da03030
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a7e567 5 bytes JMP 000000016da030a0
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ab7a5c 5 bytes JMP 000000016da03020
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074eee96b 5 bytes JMP 000000016da02cd0
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074eeeba5 5 bytes JMP 000000016da02ce0
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074b65ea5 5 bytes JMP 000000016da02c20
.text E:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe[4576] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074b99d0b 5 bytes JMP 000000016da02bb0
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a81f0e 7 bytes JMP 000000016da03550
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a85bad 7 bytes JMP 000000016da037f0
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a91409 7 bytes JMP 000000016da03650
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a9ea45 7 bytes JMP 000000016da03540
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b28e24 7 bytes JMP 000000016da03310
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b28ea9 5 bytes JMP 000000016da033c0
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b291ff 5 bytes JMP 000000016da03320
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000757f1d1b 5 bytes JMP 000000016da032b0
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000757f1dc9 5 bytes JMP 000000016da03270
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000757f2aa4 5 bytes JMP 000000016da033d0
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000757f2d0a 5 bytes JMP 000000016da030b0
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a58a29 5 bytes JMP 000000016da02c60
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a64572 5 bytes JMP 000000016da03030
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a7e567 5 bytes JMP 000000016da030a0
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ab7a5c 5 bytes JMP 000000016da03020
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074eee96b 5 bytes JMP 000000016da02cd0
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074eeeba5 5 bytes JMP 000000016da02ce0
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074b65ea5 5 bytes JMP 000000016da02c20
.text E:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe[4560] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074b99d0b 5 bytes JMP 000000016da02bb0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5152] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076dca400 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5152] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076dd3f20 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5152] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076deffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5152] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076dff2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5152] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076e29a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5152] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076e394c0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5152] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076e587e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5152] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd042db0 5 bytes JMP 000007fffd030180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5152] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0437d0 7 bytes JMP 000007fffd0300d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5152] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd048ef0 6 bytes JMP 000007fffd030148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5152] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd05af60 5 bytes JMP 000007fffd030110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5152] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefecd89e0 8 bytes JMP 000007fffd0301f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5152] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefecdbe40 8 bytes JMP 000007fffd0301b8
.text C:\Users\Alex\Desktop\Gmer-19357.exe[6632] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a81f0e 7 bytes JMP 000000016da03550
.text C:\Users\Alex\Desktop\Gmer-19357.exe[6632] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a85bad 7 bytes JMP 000000016da037f0
.text C:\Users\Alex\Desktop\Gmer-19357.exe[6632] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a91409 7 bytes JMP 000000016da03650
.text C:\Users\Alex\Desktop\Gmer-19357.exe[6632] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a9ea45 7 bytes JMP 000000016da03540
.text C:\Users\Alex\Desktop\Gmer-19357.exe[6632] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b28e24 7 bytes JMP 000000016da03310
.text C:\Users\Alex\Desktop\Gmer-19357.exe[6632] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b28ea9 5 bytes JMP 000000016da033c0
.text C:\Users\Alex\Desktop\Gmer-19357.exe[6632] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b291ff 5 bytes JMP 000000016da03320
.text C:\Users\Alex\Desktop\Gmer-19357.exe[6632] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000757f1d1b 5 bytes JMP 000000016da032b0
.text C:\Users\Alex\Desktop\Gmer-19357.exe[6632] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000757f1dc9 5 bytes JMP 000000016da03270
.text C:\Users\Alex\Desktop\Gmer-19357.exe[6632] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000757f2aa4 5 bytes JMP 000000016da033d0
.text C:\Users\Alex\Desktop\Gmer-19357.exe[6632] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000757f2d0a 5 bytes JMP 000000016da030b0
.text C:\Users\Alex\Desktop\Gmer-19357.exe[6632] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074eee96b 5 bytes JMP 000000016da02cd0
.text C:\Users\Alex\Desktop\Gmer-19357.exe[6632] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074eeeba5 5 bytes JMP 000000016da02ce0
.text C:\Users\Alex\Desktop\Gmer-19357.exe[6632] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076a58a29 5 bytes JMP 000000016da02c60
.text C:\Users\Alex\Desktop\Gmer-19357.exe[6632] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076a64572 5 bytes JMP 000000016da03030
.text C:\Users\Alex\Desktop\Gmer-19357.exe[6632] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076a7e567 5 bytes JMP 000000016da030a0
.text C:\Users\Alex\Desktop\Gmer-19357.exe[6632] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ab7a5c 5 bytes JMP 000000016da03020
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [2156:2160] 00000000010dd1f6
Thread C:\Windows\SysWOW64\ntdll.dll [2156:2340] 0000000070f18c90
Thread C:\Windows\SysWOW64\ntdll.dll [2156:5612] 00000000724d8960
Thread C:\Windows\SysWOW64\ntdll.dll [2156:5616] 00000000724d8960
Thread C:\Windows\SysWOW64\ntdll.dll [2156:5620] 00000000724d8960
Thread C:\Windows\SysWOW64\ntdll.dll [2156:5624] 00000000724d4090
Thread C:\Windows\SysWOW64\ntdll.dll [2156:9372] 000000007417e2cb
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk2\DR2 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
19.04.2014, 05:05
| #5 |
| /// the machine /// TB-Ausbilder | Win 7 Prof 64 - HTML/Crypted.Gen; bin ich infiziert? hi, Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.04.2014, 09:12
| #6 |
| | Win 7 Prof 64 - HTML/Crypted.Gen; bin ich infiziert? Hi schrauber, hier die gewünschten Informationen. MBRMastr File: Code:
ATTFilter Detected Windows version: 6.1 Build 7601 Service Pack 1
Installing direct disk access driver ...
Driver connection handle: 0x00000134
3 valid drive(s) found.
Details for Disk 0 - ATA TOSHIBA THNSNH12 Rev N102:
Device name : \\.\PhysicalDrive0
Geometry (C/H/S) : 15566/255/63
Boot loader reputation : Known Good (Windows 7)
Cross view comparison : Passed
Partition table integrity: Passed
Boot loader hashes
SHA-1 : 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
MD5 : A36C5E4F47E84449FF07ED3517B43A31
Details for Disk 1 - ATA WDC WD5000LPVX-2 Rev 1A01:
Device name : \\.\PhysicalDrive1
Geometry (C/H/S) : 60801/255/63
Boot loader reputation : Known Good (Windows XP)
Cross view comparison : Passed
Partition table integrity: Passed
Boot loader hashes
SHA-1 : DA38B874B7713D1B51CBC449F4EF809B0DEC644A
MD5 : 8F558EB6672622401DA993E1E865C861
Details for Disk 2 - ATA TOSHIBA THNSNH12 Rev N102:
Device name : \\.\PhysicalDrive2
Geometry (C/H/S) : 15566/255/63
Boot loader reputation : Unknown
Cross view comparison : Passed
Partition table integrity: Passed
Boot loader hashes
SHA-1 : 639AC5CDF8A5CF3245975932C6A4215450A7B98F
MD5 : 5FB38429D5D77768867C76DCBDB35194
|
|
19.04.2014, 19:36
| #7 |
| /// the machine /// TB-Ausbilder | Win 7 Prof 64 - HTML/Crypted.Gen; bin ich infiziert? alles sauber 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.04.2014, 19:59
| #8 |
| | Win 7 Prof 64 - HTML/Crypted.Gen; bin ich infiziert? puhh, da bin ich aber froh  Danke dir für deine Hilfe und schöne Ostern. VG |
|
20.04.2014, 18:02
| #9 |
| /// the machine /// TB-Ausbilder | Win 7 Prof 64 - HTML/Crypted.Gen; bin ich infiziert? Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win 7 Prof 64 - HTML/Crypted.Gen; bin ich infiziert? |
| appdata, avira, bin ich infiziert, code, datei, daten, file, files, html/crypted.gen, infiziert, infizierte, internet, logfile, microsoft, problem, programm, quarantäne, rescue, scannen, system, temporary, unerwünschtes programm, virus, win, windows, zugriff |
Linear-Darstellung
