| |
| |||||||
Log-Analyse und Auswertung: Win 7 laptop geht bei Virenscan ausWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.08.2014, 18:20
| #1 |
 |  Win 7 laptop geht bei Virenscan aus Hallo, mein laptop geht immer aus, wenn ich den Virenscanner laufen lasse (avira). Komplett ohne Vorwarnung. Hoffe, ihr könnt mir helfen Gruß Schritt 2 FRST: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2014 01
Ran by Silvija Sagolj at 2014-08-11 19:14:50
Running from C:\Users\Silvija Sagolj\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\{0099B484-C24C-4D5F-8167-B0F6DF196E72}) (Version: 12.0.3.133 - Adobe Systems, Inc)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4418 - CyberLink Corp.)
CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.4418 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{56A0DD94-47D9-4AC8-B5A1-8A8CA77C4B89}) (Version: 1.5.201.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{2299EEBD-0A83-4B26-AA4A-057AE9E5BAE8}) (Version: 2.0.0.50 - ArcSoft)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.50 - ArcSoft)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.17 - Creative Technology Ltd)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inpaint 5.5 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex)
Intel PROSet Wireless (Version: - ) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marketsplash Schnellzugriffe (HKLM-x32\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PowerISO (HKLM-x32\...\PowerISO) (Version: - )
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.22 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.13114.22 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.13114.22 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.7009) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7009 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Studie zur Verbesserung von HP Officejet Pro 8500 A910 Produkten (HKLM\...\{D7B11BA7-15D3-4E84-8974-20258D4A1701}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.22.0 - Synaptics Incorporated)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4120619775-2555974261-1378655148-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Silvija Sagolj\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4120619775-2555974261-1378655148-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Silvija Sagolj\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4120619775-2555974261-1378655148-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Silvija Sagolj\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4120619775-2555974261-1378655148-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Silvija Sagolj\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4120619775-2555974261-1378655148-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvija Sagolj\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4120619775-2555974261-1378655148-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvija Sagolj\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4120619775-2555974261-1378655148-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvija Sagolj\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4120619775-2555974261-1378655148-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvija Sagolj\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4120619775-2555974261-1378655148-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvija Sagolj\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4120619775-2555974261-1378655148-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvija Sagolj\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4120619775-2555974261-1378655148-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvija Sagolj\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4120619775-2555974261-1378655148-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Silvija Sagolj\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4120619775-2555974261-1378655148-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Silvija Sagolj\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
03-08-2014 17:00:24 Windows-Sicherung
05-08-2014 15:44:00 Windows Update
08-08-2014 17:26:25 avast! antivirus system restore point
10-08-2014 17:00:41 Windows-Sicherung
10-08-2014 17:34:21 Removed Skype™ 6.18
10-08-2014 22:09:48 avast! antivirus system restore point
11-08-2014 08:15:37 Windows-Sicherung
11-08-2014 08:39:13 avast! antivirus system restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2013-08-03 09:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {064520DC-6589-4358-B38D-50749F967D45} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {0902F0BC-5299-4C20-BE1F-7F6653E9B65E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3796880C-AE3A-41BA-B3E9-BBE849AC8154} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {390EF756-9F73-4EEF-9BC5-BB235AA3BB67} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {41C99EA1-9A46-48D7-AB79-D667B283571F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {77203526-2C54-4279-8BED-DA4F16CBA66F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-09] (Google Inc.)
Task: {7DBD8B30-15FB-44BF-A9A5-31A2003B4779} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4120619775-2555974261-1378655148-1001UA => C:\Users\Silvija Sagolj\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29] (Google Inc.)
Task: {8BFB85C9-FD48-491F-86DD-E1792489B074} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {BB7BC5A0-97BB-47BF-BD9E-324E70A828DF} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {C2B32172-BCC2-4604-B6EA-3FA4E5C361C8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4120619775-2555974261-1378655148-1001Core => C:\Users\Silvija Sagolj\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4120619775-2555974261-1378655148-1001Core.job => C:\Users\Silvija Sagolj\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4120619775-2555974261-1378655148-1001UA.job => C:\Users\Silvija Sagolj\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-09-16 01:46 - 2011-09-16 01:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-11-16 08:30 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-12-08 19:58 - 2011-07-20 00:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-08 18:56 - 2010-12-17 18:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2011-09-16 01:46 - 2011-09-16 01:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-11-29 23:04 - 2010-11-29 23:04 - 00403968 _____ () C:\Program Files\Intel\TurboBoost\de\SignalIslandUi.resources.dll
2011-08-08 19:26 - 2011-08-08 19:26 - 00475200 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2013-08-29 02:23 - 2013-08-29 02:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-08-08 19:26 - 2011-08-08 19:26 - 00891456 _____ () C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2013-08-29 02:25 - 2013-08-29 02:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-08-11 10:47 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\Silvija Sagolj\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2010-03-16 21:28 - 2010-03-16 21:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 16:52 - 2010-03-22 16:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-16 21:28 - 2010-03-16 21:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-16 21:28 - 2010-03-16 21:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-25 00:20 - 2011-06-25 00:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2007-04-13 10:39 - 2007-04-13 10:39 - 00252672 _____ () C:\Program Files (x86)\Dell\Stage Remote\kgl.dll
2011-07-17 11:35 - 2011-07-17 11:35 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-07-06 17:53 - 2011-07-06 17:53 - 00068160 _____ () C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\DMRUI.dll
2010-03-11 20:52 - 2010-03-11 20:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 16:07 - 2010-03-05 16:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 16:07 - 2010-03-05 16:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-11 20:52 - 2010-03-11 20:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2007-04-19 09:28 - 2007-04-19 09:28 - 00436992 _____ () C:\Program Files (x86)\Dell\Stage Remote\fpxlib.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-07-18 21:52 - 2014-07-15 11:24 - 00718664 _____ () C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-18 21:52 - 2014-07-15 11:24 - 00126280 _____ () C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-18 21:52 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 21:52 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 21:52 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/11/2014 07:00:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: StageRemote.exe, Version: 2.0.0.50, Zeitstempel: 0x4e3fb38b
Name des fehlerhaften Moduls: MP4Muxer.ax, Version: 1.0.0.87, Zeitstempel: 0x4e1bf1b1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002a95
ID des fehlerhaften Prozesses: 0x1660
Startzeit der fehlerhaften Anwendung: 0xStageRemote.exe0
Pfad der fehlerhaften Anwendung: StageRemote.exe1
Pfad des fehlerhaften Moduls: StageRemote.exe2
Berichtskennung: StageRemote.exe3
Error: (08/11/2014 06:58:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/11/2014 03:21:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/11/2014 03:21:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.18.30000, Zeitstempel: 0x53d0d694
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x638
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2
Berichtskennung: Avira.OE.Systray.exe3
Error: (08/11/2014 03:21:26 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.Systray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Net.Sockets.SocketException
Stack:
at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType, Boolean, Boolean)
at System.Net.NetworkInformation.NetworkChange+AddressChangeListener.StartHelper(System.Net.NetworkInformation.NetworkAddressChangedEventHandler, Boolean, System.Net.NetworkInformation.StartIPOptions)
at Avira.OE.WinCore.NetworkStatusListener..ctor()
at Avira.OE.WinCore.InternetConnectionMonitor..ctor()
at Avira.OE.Systray.SystrayIcon..ctor(Avira.OE.WinCore.Interface.IServiceStatusMonitor, Avira.OE.Communicator.Interface.ICommunicatorClientProxy, Avira.OE.MiniGui.IMiniGuiWindow)
at Avira.OE.Systray.SystrayIcon..ctor()
at Avira.OE.Systray.Program.Main(System.String[])
Error: (08/11/2014 03:21:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.18.30000, Zeitstempel: 0x53d0d694
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x574
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2
Berichtskennung: Avira.OE.Systray.exe3
Error: (08/11/2014 03:20:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.Systray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Net.Sockets.SocketException
Stack:
at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType, Boolean, Boolean)
at System.Net.NetworkInformation.NetworkChange+AddressChangeListener.StartHelper(System.Net.NetworkInformation.NetworkAddressChangedEventHandler, Boolean, System.Net.NetworkInformation.StartIPOptions)
at Avira.OE.WinCore.NetworkStatusListener..ctor()
at Avira.OE.WinCore.InternetConnectionMonitor..ctor()
at Avira.OE.Systray.SystrayIcon..ctor(Avira.OE.WinCore.Interface.IServiceStatusMonitor, Avira.OE.Communicator.Interface.ICommunicatorClientProxy, Avira.OE.MiniGui.IMiniGuiWindow)
at Avira.OE.Systray.SystrayIcon..ctor()
at Avira.OE.Systray.Program.Main(System.String[])
Error: (08/11/2014 03:17:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/11/2014 03:14:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: StageRemote.exe, Version: 2.0.0.50, Zeitstempel: 0x4e3fb38b
Name des fehlerhaften Moduls: MP4Muxer.ax, Version: 1.0.0.87, Zeitstempel: 0x4e1bf1b1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002a95
ID des fehlerhaften Prozesses: 0x1364
Startzeit der fehlerhaften Anwendung: 0xStageRemote.exe0
Pfad der fehlerhaften Anwendung: StageRemote.exe1
Pfad des fehlerhaften Moduls: StageRemote.exe2
Berichtskennung: StageRemote.exe3
Error: (08/11/2014 03:12:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (08/11/2014 06:59:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (08/11/2014 06:58:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (08/11/2014 06:57:50 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402.
Error: (08/11/2014 03:58:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/11/2014 03:21:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/11/2014 03:21:23 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084Bluetooth Device Monitor{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
Error: (08/11/2014 03:20:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/11/2014 03:20:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/11/2014 03:20:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (08/11/2014 03:20:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (08/11/2014 07:00:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: StageRemote.exe2.0.0.504e3fb38bMP4Muxer.ax1.0.0.874e1bf1b1c000000500002a95166001cfb585919b7be5C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exeC:\Program Files (x86)\Dell\Stage Remote\Codec\MP4Muxer.axf7b33dad-2178-11e4-bccd-4c8093304b10
Error: (08/11/2014 06:58:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/11/2014 03:21:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/11/2014 03:21:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Systray.exe1.1.18.3000053d0d694KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d63801cfb56726f4caadC:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\Windows\syswow64\KERNELBASE.dll6e00c0a2-215a-11e4-b046-e4668a48ad14
Error: (08/11/2014 03:21:26 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.Systray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Net.Sockets.SocketException
Stack:
at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType, Boolean, Boolean)
at System.Net.NetworkInformation.NetworkChange+AddressChangeListener.StartHelper(System.Net.NetworkInformation.NetworkAddressChangedEventHandler, Boolean, System.Net.NetworkInformation.StartIPOptions)
at Avira.OE.WinCore.NetworkStatusListener..ctor()
at Avira.OE.WinCore.InternetConnectionMonitor..ctor()
at Avira.OE.Systray.SystrayIcon..ctor(Avira.OE.WinCore.Interface.IServiceStatusMonitor, Avira.OE.Communicator.Interface.ICommunicatorClientProxy, Avira.OE.MiniGui.IMiniGuiWindow)
at Avira.OE.Systray.SystrayIcon..ctor()
at Avira.OE.Systray.Program.Main(System.String[])
Error: (08/11/2014 03:21:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Systray.exe1.1.18.3000053d0d694KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d57401cfb5670e17ab10C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\Windows\syswow64\KERNELBASE.dll5aa4cfa7-215a-11e4-b046-e4668a48ad14
Error: (08/11/2014 03:20:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.Systray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Net.Sockets.SocketException
Stack:
at System.Net.SafeCloseSocketAndEvent.CreateWSASocketWithEvent(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType, Boolean, Boolean)
at System.Net.NetworkInformation.NetworkChange+AddressChangeListener.StartHelper(System.Net.NetworkInformation.NetworkAddressChangedEventHandler, Boolean, System.Net.NetworkInformation.StartIPOptions)
at Avira.OE.WinCore.NetworkStatusListener..ctor()
at Avira.OE.WinCore.InternetConnectionMonitor..ctor()
at Avira.OE.Systray.SystrayIcon..ctor(Avira.OE.WinCore.Interface.IServiceStatusMonitor, Avira.OE.Communicator.Interface.ICommunicatorClientProxy, Avira.OE.MiniGui.IMiniGuiWindow)
at Avira.OE.Systray.SystrayIcon..ctor()
at Avira.OE.Systray.Program.Main(System.String[])
Error: (08/11/2014 03:17:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/11/2014 03:14:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: StageRemote.exe2.0.0.504e3fb38bMP4Muxer.ax1.0.0.874e1bf1b1c000000500002a95136401cfb565fcea4ac4C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exeC:\Program Files (x86)\Dell\Stage Remote\Codec\MP4Muxer.ax5dd38b58-2159-11e4-8907-4c8093304b10
Error: (08/11/2014 03:12:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2013-08-03 08:58:47.329
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-03 08:58:47.236
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-03 08:58:47.142
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-03 08:58:47.049
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-20 07:00:45.676
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\SILVIJ~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-20 07:00:45.610
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\SILVIJ~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-20 07:00:45.460
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-20 07:00:45.393
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-17 14:20:35.687
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-17 14:20:35.625
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 40%
Total physical RAM: 8086.17 MB
Available physical RAM: 4828.29 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 12584.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:679 GB) (Free:545.62 GB) NTFS
Drive d: () (Fixed) (Total:698.63 GB) (Free:127.05 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=679 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: D9F697E1)
Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter
LastRegBack: 2014-08-08 19:15
==================== End Of Log ============================
Schritt 3 Scan mit GMER: also die Logfiles sind zu groß, 7-zip funktioniert leider nicht wie angezeigt. wenn ich die logfiles markiere und dann rechts klick mache,steht da leider nicht 7 zip Geändert von eve2504 (11.08.2014 um 18:39 Uhr) |
|
11.08.2014, 18:34
| #2 |
| /// TB-Ausbilder   | Win 7 laptop geht bei Virenscan aus Hallo !
__________________Das Hauptlog von FRST fehlt.
__________________ |
|
11.08.2014, 18:43
| #3 |
| | Win 7 laptop geht bei Virenscan aus Verzeihung, hier ist es:
__________________Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by Silvija Sagolj (administrator) on SILVIJASAGOLJ on 11-08-2014 19:13:10
Running from C:\Users\Silvija Sagolj\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7284328 2011-08-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-17] (Realtek Semiconductor)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-16] (Intel(R) Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2034752 2011-08-08] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818856 2011-08-26] (Synaptics Incorporated)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-30] ()
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl9] => c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-02] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-12] (cyberlink)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-30] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [200704 2007-08-07] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577536 2012-05-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-23] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-4120619775-2555974261-1378655148-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
HKU\S-1-5-21-4120619775-2555974261-1378655148-1001\...\Run: [Google Update] => C:\Users\Silvija Sagolj\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-29] (Google Inc.)
HKU\S-1-5-21-4120619775-2555974261-1378655148-1001\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-4120619775-2555974261-1378655148-1001\...\Policies\Explorer: [DisallowRun] 1
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-10-23] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-23] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Silvija Sagolj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvija Sagolj\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvija Sagolj\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvija Sagolj\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvija Sagolj\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvija Sagolj\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvija Sagolj\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvija Sagolj\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {88E0DB61-FF3C-47A3-9080-6EDB2F61D75B} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
DPF: HKLM {682C59F5-478C-4421-9070-AD170D143B77} hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd64.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @phonostar.de/phonostar -> C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Silvija Sagolj\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Silvija Sagolj\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Silvija Sagolj\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Silvija Sagolj\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-09]
CHR Extension: (YouTube) - C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-02]
CHR Extension: (Google-Suche) - C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-02]
CHR Extension: (Google Kalender) - C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-06-16]
CHR Extension: (AdBlock) - C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-17]
CHR Extension: (avast! Online Security) - C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-06-23]
CHR Extension: (Chrome to Mobile) - C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd [2013-06-14]
CHR Extension: (Google Wallet) - C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-02]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\SILVIJ~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-09]
CHR HKLM-x32\...\Chrome\Extension: [ibfnlmghaedjneaalifaieadkiahfjgj] - C:\ProgramData\SaveByclick\ibfnlmghaedjneaalifaieadkiahfjgj.crx [2013-06-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pgcfilbicagkadfmlakoomnidchmgmpe] - C:\ProgramData\Coolyou\pgcfilbicagkadfmlakoomnidchmgmpe.crx [2012-08-07]
CHR StartMenuInternet: Google Chrome - C:\Users\Silvija Sagolj\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-12] (CyberLink)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-16] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-07-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-10-23] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [122472 2011-06-13] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-04-18] (Secunia)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-11 19:13 - 2014-08-11 19:14 - 00000000 ____D () C:\Users\Silvija Sagolj\Desktop\alles
2014-08-11 19:13 - 2014-08-11 19:13 - 00000000 ____D () C:\FRST
2014-08-11 19:10 - 2014-08-11 19:10 - 02099712 _____ (Farbar) C:\Users\Silvija Sagolj\Desktop\FRST64.exe
2014-08-11 19:08 - 2014-08-11 19:08 - 00000000 _____ () C:\Users\Silvija Sagolj\defogger_reenable
2014-08-11 10:48 - 2014-08-11 10:48 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Roaming\Avira
2014-08-11 10:46 - 2014-07-23 13:29 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-11 10:46 - 2014-07-23 13:29 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-11 10:46 - 2014-07-23 13:29 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-11 10:44 - 2014-08-11 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-11 10:44 - 2014-08-11 10:46 - 00000000 ____D () C:\ProgramData\Avira
2014-08-11 10:44 - 2014-08-11 10:46 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-11 10:44 - 2014-08-11 10:44 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-11 10:43 - 2014-08-11 10:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-11 10:07 - 2014-08-11 10:07 - 00003352 ____N () C:\bootsqm.dat
2014-08-10 23:54 - 2014-08-11 16:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-10 23:54 - 2014-08-10 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-10 23:54 - 2014-08-10 23:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-10 23:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-10 23:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-10 19:39 - 2014-08-10 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-10 19:33 - 2014-08-10 19:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-10 19:33 - 2014-08-10 19:33 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Local\Skype
2014-08-10 12:03 - 2014-08-10 12:03 - 00005315 _____ () C:\Users\Silvija Sagolj\AppData\Local\recently-used.xbel
2014-08-10 09:16 - 2014-08-10 09:16 - 00000000 ____D () C:\Users\Silvija Sagolj\Downloads\Portrait-Professional-
2014-08-10 09:15 - 2014-08-10 09:15 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Local\Tempa4d0e4fceba7d0a4172e09ec1d3fd22a
2014-08-10 09:13 - 2014-08-10 12:03 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Local\gtk-2.0
2014-08-10 09:13 - 2014-08-10 09:13 - 00000000 ____D () C:\Users\Silvija Sagolj\.thumbnails
2014-08-10 08:56 - 2014-08-10 12:04 - 00000000 ____D () C:\Users\Silvija Sagolj\.gimp-2.8
2014-08-10 08:56 - 2014-08-10 08:56 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Local\gegl-0.2
2014-08-09 20:41 - 2014-08-09 20:41 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Local\{44B5C1C0-5A3C-4F44-B1CD-B773EF3C800A}
2014-08-01 17:46 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 17:46 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 17:46 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 17:46 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 17:46 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 17:46 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 17:46 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 17:46 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 17:46 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 17:46 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 17:45 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 17:45 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 17:45 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 17:45 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-16 16:48 - 2014-07-16 16:48 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-16 16:48 - 2014-07-16 16:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-16 16:48 - 2014-07-16 16:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-16 16:48 - 2014-07-16 16:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-16 16:47 - 2014-07-16 16:47 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-16 16:47 - 2014-07-16 16:47 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-16 16:47 - 2014-07-16 16:47 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-16 16:47 - 2014-07-16 16:47 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-11 19:14 - 2014-08-11 19:13 - 00000000 ____D () C:\Users\Silvija Sagolj\Desktop\alles
2014-08-11 19:13 - 2014-08-11 19:13 - 00000000 ____D () C:\FRST
2014-08-11 19:13 - 2013-06-09 14:20 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-11 19:10 - 2014-08-11 19:10 - 02099712 _____ (Farbar) C:\Users\Silvija Sagolj\Desktop\FRST64.exe
2014-08-11 19:08 - 2014-08-11 19:08 - 00000000 _____ () C:\Users\Silvija Sagolj\defogger_reenable
2014-08-11 19:08 - 2012-05-02 19:47 - 00000000 ____D () C:\Users\Silvija Sagolj
2014-08-11 19:06 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-11 19:06 - 2009-07-14 06:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-11 19:03 - 2010-11-21 08:50 - 00702608 _____ () C:\Windows\system32\perfh007.dat
2014-08-11 19:03 - 2010-11-21 08:50 - 00150656 _____ () C:\Windows\system32\perfc007.dat
2014-08-11 19:03 - 2009-07-14 07:13 - 01628664 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-11 19:00 - 2013-06-28 08:08 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Local\CrashDumps
2014-08-11 18:58 - 2013-06-17 19:33 - 00082441 _____ () C:\Windows\setupact.log
2014-08-11 18:58 - 2011-12-08 19:12 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-08-11 18:57 - 2011-12-08 11:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-11 18:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-11 16:01 - 2014-08-10 23:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 15:16 - 2011-12-08 11:30 - 01175983 _____ () C:\Windows\WindowsUpdate.log
2014-08-11 15:11 - 2011-12-08 19:16 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-08-11 15:11 - 2011-12-08 19:16 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-08-11 15:10 - 2013-06-23 10:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-11 15:10 - 2013-06-17 19:33 - 01521612 _____ () C:\Windows\PFRO.log
2014-08-11 15:01 - 2012-05-20 16:40 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Roaming\Skype
2014-08-11 14:50 - 2012-11-29 21:18 - 00001156 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4120619775-2555974261-1378655148-1001UA.job
2014-08-11 14:04 - 2013-05-24 15:21 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-08-11 13:45 - 2012-10-29 20:16 - 00000000 ____D () C:\Users\Silvija Sagolj\Documents\Privat
2014-08-11 10:48 - 2014-08-11 10:48 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Roaming\Avira
2014-08-11 10:47 - 2014-08-11 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-11 10:46 - 2014-08-11 10:44 - 00000000 ____D () C:\ProgramData\Avira
2014-08-11 10:46 - 2014-08-11 10:44 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-11 10:44 - 2014-08-11 10:44 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-11 10:43 - 2014-08-11 10:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-11 10:07 - 2014-08-11 10:07 - 00003352 ____N () C:\bootsqm.dat
2014-08-11 09:10 - 2013-07-10 09:23 - 00000000 ____D () C:\Users\Silvija Sagolj\Documents\Important
2014-08-10 23:54 - 2014-08-10 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-10 23:54 - 2014-08-10 23:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-10 23:54 - 2012-09-24 21:34 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-10 23:54 - 2012-09-24 21:34 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Roaming\Malwarebytes
2014-08-10 23:54 - 2012-09-24 21:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-10 20:50 - 2012-11-29 21:18 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4120619775-2555974261-1378655148-1001Core.job
2014-08-10 20:01 - 2013-06-09 14:20 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-10 19:39 - 2014-08-10 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-10 19:39 - 2014-08-10 19:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-10 19:39 - 2011-12-08 19:14 - 00000000 ____D () C:\ProgramData\Skype
2014-08-10 19:33 - 2014-08-10 19:33 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Local\Skype
2014-08-10 12:04 - 2014-08-10 08:56 - 00000000 ____D () C:\Users\Silvija Sagolj\.gimp-2.8
2014-08-10 12:03 - 2014-08-10 12:03 - 00005315 _____ () C:\Users\Silvija Sagolj\AppData\Local\recently-used.xbel
2014-08-10 12:03 - 2014-08-10 09:13 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Local\gtk-2.0
2014-08-10 09:16 - 2014-08-10 09:16 - 00000000 ____D () C:\Users\Silvija Sagolj\Downloads\Portrait-Professional-
2014-08-10 09:15 - 2014-08-10 09:15 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Local\Tempa4d0e4fceba7d0a4172e09ec1d3fd22a
2014-08-10 09:13 - 2014-08-10 09:13 - 00000000 ____D () C:\Users\Silvija Sagolj\.thumbnails
2014-08-10 08:56 - 2014-08-10 08:56 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Local\gegl-0.2
2014-08-10 08:01 - 2012-06-06 21:29 - 00000000 ___RD () C:\Users\Silvija Sagolj\Dropbox
2014-08-10 08:01 - 2012-06-06 21:27 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Roaming\Dropbox
2014-08-10 01:08 - 2012-05-22 15:29 - 00000000 ____D () C:\Users\Silvija Sagolj\Documents\Meine empfangenen Dateien
2014-08-10 00:49 - 2012-06-06 21:27 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-10 00:36 - 2012-05-19 10:32 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Roaming\vlc
2014-08-09 20:41 - 2014-08-09 20:41 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Local\{44B5C1C0-5A3C-4F44-B1CD-B773EF3C800A}
2014-08-08 23:40 - 2013-12-23 11:14 - 00407552 ___SH () C:\Users\Silvija Sagolj\Downloads\Thumbs.db
2014-08-05 19:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-30 19:42 - 2014-06-11 18:05 - 00010236 _____ () C:\Windows\SecuniaPackage.log
2014-07-25 22:20 - 2012-05-18 09:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 22:20 - 2011-12-08 19:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 22:19 - 2012-05-18 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 13:29 - 2014-08-11 10:46 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-07-23 13:29 - 2014-08-11 10:46 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-23 13:29 - 2014-08-11 10:46 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-07-18 21:52 - 2012-05-02 22:35 - 00002414 _____ () C:\Users\Silvija Sagolj\Desktop\Google Chrome.lnk
2014-07-16 21:18 - 2013-09-25 07:42 - 00087040 ___SH () C:\Users\Silvija Sagolj\Desktop\Thumbs.db
2014-07-16 19:50 - 2012-05-10 12:00 - 00000000 ____D () C:\Users\Silvija Sagolj\AppData\Roaming\PCDr
2014-07-16 16:48 - 2014-07-16 16:48 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-16 16:48 - 2014-07-16 16:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-16 16:48 - 2014-07-16 16:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-16 16:48 - 2014-07-16 16:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-16 16:48 - 2012-05-02 21:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-16 16:47 - 2014-07-16 16:47 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-16 16:47 - 2014-07-16 16:47 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-16 16:47 - 2014-07-16 16:47 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-16 16:47 - 2014-07-16 16:47 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-12 14:00 - 2009-07-14 06:45 - 00421480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 13:59 - 2014-05-06 08:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-12 13:59 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 13:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-12 13:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-12 08:53 - 2012-06-06 20:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
Some content of TEMP:
====================
C:\Users\Silvija Sagolj\AppData\Local\Temp\amazonicon_v8.exe
C:\Users\Silvija Sagolj\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Silvija Sagolj\AppData\Local\Temp\avgnt.exe
C:\Users\Silvija Sagolj\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpailquv.dll
C:\Users\Silvija Sagolj\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg13s5f.dll
C:\Users\Silvija Sagolj\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Silvija Sagolj\AppData\Local\Temp\sdapskill.exe
C:\Users\Silvija Sagolj\AppData\Local\Temp\sdaspwn.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-11 19:30:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST975042 rev.0002 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\SILVIJ~1\AppData\Local\Temp\agldrkog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e71465 2 bytes [E7, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e714bb 2 bytes [E7, 76]
.text ... * 2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e71465 2 bytes [E7, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e714bb 2 bytes [E7, 76]
.text ... * 2
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e71465 2 bytes [E7, 76]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e714bb 2 bytes [E7, 76]
.text ... * 2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076b31f0e 7 bytes JMP 000000016bdb168b
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076b35bad 7 bytes JMP 000000016bdb11a4
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076b41409 7 bytes JMP 000000016bdb1280
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000076b4ea45 7 bytes JMP 000000016bdb123a
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000076b5b21b 5 bytes JMP 000000016bdb15a0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076bd8e24 7 bytes JMP 000000016bdb132f
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076bd8ea9 5 bytes JMP 000000016bdb16cc
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076bd91ff 1 byte JMP 000000016bdb1703
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW + 2 0000000076bd9201 3 bytes {JMP 0xfffffffff51d8504}
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077351d29 5 bytes JMP 000000016bdb11bd
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077351dd7 5 bytes JMP 000000016bdb1014
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077352ab1 5 bytes JMP 000000016bdb154b
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077352d17 5 bytes JMP 000000016bdb1267
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae96b 5 bytes JMP 000000016bdb15b9
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aaeba5 5 bytes JMP 000000016bdb1181
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c48a29 5 bytes JMP 000000016bdb171c
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c54572 5 bytes JMP 000000016bdb10a0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c6e567 5 bytes JMP 000000016bdb140b
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ca7a5c 5 bytes JMP 000000016bdb15c8
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000777b5ea5 5 bytes JMP 000000016bdb15f0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000777e9d0b 5 bytes JMP 000000016bdb1217
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e71465 2 bytes [E7, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e714bb 2 bytes [E7, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076b31f0e 7 bytes JMP 000000016bdb168b
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076b35bad 7 bytes JMP 000000016bdb11a4
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b41409 7 bytes JMP 000000016bdb1280
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076b4ea45 7 bytes JMP 000000016bdb123a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b5b21b 5 bytes JMP 000000016bdb15a0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bd8e24 7 bytes JMP 000000016bdb132f
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bd8ea9 5 bytes JMP 000000016bdb16cc
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bd91ff 1 byte JMP 000000016bdb1703
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076bd9201 3 bytes {JMP 0xfffffffff51d8504}
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077351d29 5 bytes JMP 000000016bdb11bd
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077351dd7 5 bytes JMP 000000016bdb1014
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077352ab1 5 bytes JMP 000000016bdb154b
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077352d17 5 bytes JMP 000000016bdb1267
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c48a29 5 bytes JMP 000000016bdb171c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c54572 5 bytes JMP 000000016bdb10a0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c6e567 5 bytes JMP 000000016bdb140b
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ca7a5c 5 bytes JMP 000000016bdb15c8
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae96b 5 bytes JMP 000000016bdb15b9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aaeba5 5 bytes JMP 000000016bdb1181
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000777b5ea5 5 bytes JMP 000000016bdb15f0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000777e9d0b 5 bytes JMP 000000016bdb1217
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e71465 2 bytes [E7, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e714bb 2 bytes [E7, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e71465 2 bytes [E7, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e714bb 2 bytes [E7, 76]
.text ... * 2
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076b31f0e 7 bytes JMP 000000016bdb168b
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076b35bad 7 bytes JMP 000000016bdb11a4
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b41409 7 bytes JMP 000000016bdb1280
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076b4ea45 7 bytes JMP 000000016bdb123a
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b5b21b 5 bytes JMP 000000016bdb15a0
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bd8e24 7 bytes JMP 000000016bdb132f
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bd8ea9 5 bytes JMP 000000016bdb16cc
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bd91ff 1 byte JMP 000000016bdb1703
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076bd9201 3 bytes {JMP 0xfffffffff51d8504}
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077351d29 5 bytes JMP 000000016bdb11bd
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077351dd7 5 bytes JMP 000000016bdb1014
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077352ab1 5 bytes JMP 000000016bdb154b
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077352d17 5 bytes JMP 000000016bdb1267
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c48a29 5 bytes JMP 000000016bdb171c
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c54572 5 bytes JMP 000000016bdb10a0
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c6e567 5 bytes JMP 000000016bdb140b
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ca7a5c 5 bytes JMP 000000016bdb15c8
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae96b 5 bytes JMP 000000016bdb15b9
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aaeba5 5 bytes JMP 000000016bdb1181
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000777b5ea5 5 bytes JMP 000000016bdb15f0
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[5204] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000777e9d0b 5 bytes JMP 000000016bdb1217
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076b31f0e 7 bytes JMP 000000016bdb168b
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076b35bad 7 bytes JMP 000000016bdb11a4
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b41409 7 bytes JMP 000000016bdb1280
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076b4ea45 7 bytes JMP 000000016bdb123a
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b5b21b 5 bytes JMP 000000016bdb15a0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bd8e24 7 bytes JMP 000000016bdb132f
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bd8ea9 5 bytes JMP 000000016bdb16cc
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bd91ff 1 byte JMP 000000016bdb1703
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076bd9201 3 bytes {JMP 0xfffffffff51d8504}
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077351d29 5 bytes JMP 000000016bdb11bd
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077351dd7 5 bytes JMP 000000016bdb1014
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077352ab1 5 bytes JMP 000000016bdb154b
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077352d17 5 bytes JMP 000000016bdb1267
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae96b 5 bytes JMP 000000016bdb15b9
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aaeba5 5 bytes JMP 000000016bdb1181
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c48a29 5 bytes JMP 000000016bdb171c
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c54572 5 bytes JMP 000000016bdb10a0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c6e567 5 bytes JMP 000000016bdb140b
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ca7a5c 5 bytes JMP 000000016bdb15c8
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000777b5ea5 5 bytes JMP 000000016bdb15f0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5500] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000777e9d0b 5 bytes JMP 000000016bdb1217
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076b31f0e 7 bytes JMP 000000016bdb168b
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076b35bad 7 bytes JMP 000000016bdb11a4
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b41409 7 bytes JMP 000000016bdb1280
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076b4ea45 7 bytes JMP 000000016bdb123a
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b5b21b 5 bytes JMP 000000016bdb15a0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bd8e24 7 bytes JMP 000000016bdb132f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bd8ea9 5 bytes JMP 000000016bdb16cc
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bd91ff 1 byte JMP 000000016bdb1703
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076bd9201 3 bytes {JMP 0xfffffffff51d8504}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077351d29 5 bytes JMP 000000016bdb11bd
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077351dd7 5 bytes JMP 000000016bdb1014
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077352ab1 5 bytes JMP 000000016bdb154b
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077352d17 5 bytes JMP 000000016bdb1267
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae96b 5 bytes JMP 000000016bdb15b9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aaeba5 5 bytes JMP 000000016bdb1181
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c48a29 5 bytes JMP 000000016bdb171c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c54572 5 bytes JMP 000000016bdb10a0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c6e567 5 bytes JMP 000000016bdb140b
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ca7a5c 5 bytes JMP 000000016bdb15c8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000777b5ea5 5 bytes JMP 000000016bdb15f0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000777e9d0b 5 bytes JMP 000000016bdb1217
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e71465 2 bytes [E7, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[6344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e714bb 2 bytes [E7, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076b31f0e 7 bytes JMP 000000016bdb168b
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076b35bad 7 bytes JMP 000000016bdb11a4
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b41409 7 bytes JMP 000000016bdb1280
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076b4ea45 7 bytes JMP 000000016bdb123a
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b5b21b 5 bytes JMP 000000016bdb15a0
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bd8e24 7 bytes JMP 000000016bdb132f
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bd8ea9 5 bytes JMP 000000016bdb16cc
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bd91ff 1 byte JMP 000000016bdb1703
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076bd9201 3 bytes {JMP 0xfffffffff51d8504}
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077351d29 5 bytes JMP 000000016bdb11bd
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077351dd7 5 bytes JMP 000000016bdb1014
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077352ab1 5 bytes JMP 000000016bdb154b
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077352d17 5 bytes JMP 000000016bdb1267
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c48a29 5 bytes JMP 000000016bdb171c
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c54572 5 bytes JMP 000000016bdb10a0
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c6e567 5 bytes JMP 000000016bdb140b
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ca7a5c 5 bytes JMP 000000016bdb15c8
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae96b 5 bytes JMP 000000016bdb15b9
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aaeba5 5 bytes JMP 000000016bdb1181
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e71465 2 bytes [E7, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e714bb 2 bytes [E7, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000777b5ea5 5 bytes JMP 000000016bdb15f0
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[6456] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000777e9d0b 5 bytes JMP 000000016bdb1217
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076b31f0e 7 bytes JMP 000000016bdb168b
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076b35bad 7 bytes JMP 000000016bdb11a4
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b41409 7 bytes JMP 000000016bdb1280
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076b4ea45 7 bytes JMP 000000016bdb123a
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b5b21b 5 bytes JMP 000000016bdb15a0
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bd8e24 7 bytes JMP 000000016bdb132f
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bd8ea9 5 bytes JMP 000000016bdb16cc
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bd91ff 1 byte JMP 000000016bdb1703
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076bd9201 3 bytes {JMP 0xfffffffff51d8504}
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077351d29 5 bytes JMP 000000016bdb11bd
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077351dd7 5 bytes JMP 000000016bdb1014
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077352ab1 5 bytes JMP 000000016bdb154b
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077352d17 5 bytes JMP 000000016bdb1267
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c48a29 5 bytes JMP 000000016bdb171c
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c54572 5 bytes JMP 000000016bdb10a0
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c6e567 5 bytes JMP 000000016bdb140b
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ca7a5c 5 bytes JMP 000000016bdb15c8
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae96b 5 bytes JMP 000000016bdb15b9
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aaeba5 5 bytes JMP 000000016bdb1181
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000777b5ea5 5 bytes JMP 000000016bdb15f0
.text C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe[6760] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000777e9d0b 5 bytes JMP 000000016bdb1217
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076b31f0e 7 bytes JMP 000000016bdb168b
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076b35bad 7 bytes JMP 000000016bdb11a4
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b41409 7 bytes JMP 000000016bdb1280
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076b4ea45 7 bytes JMP 000000016bdb123a
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b5b21b 5 bytes JMP 000000016bdb15a0
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bd8e24 7 bytes JMP 000000016bdb132f
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bd8ea9 5 bytes JMP 000000016bdb16cc
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bd91ff 1 byte JMP 000000016bdb1703
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076bd9201 3 bytes {JMP 0xfffffffff51d8504}
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077351d29 5 bytes JMP 000000016bdb11bd
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077351dd7 5 bytes JMP 000000016bdb1014
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077352ab1 5 bytes JMP 000000016bdb154b
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077352d17 5 bytes JMP 000000016bdb1267
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c48a29 5 bytes JMP 000000016bdb171c
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c54572 5 bytes JMP 000000016bdb10a0
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c6e567 5 bytes JMP 000000016bdb140b
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ca7a5c 5 bytes JMP 000000016bdb15c8
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae96b 5 bytes JMP 000000016bdb15b9
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aaeba5 5 bytes JMP 000000016bdb1181
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000777b5ea5 5 bytes JMP 000000016bdb15f0
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[7152] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000777e9d0b 5 bytes JMP 000000016bdb1217
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076b31f0e 7 bytes JMP 000000016bdb168b
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076b35bad 7 bytes JMP 000000016bdb11a4
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b41409 7 bytes JMP 000000016bdb1280
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076b4ea45 7 bytes JMP 000000016bdb123a
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b5b21b 5 bytes JMP 000000016bdb15a0
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bd8e24 7 bytes JMP 000000016bdb132f
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bd8ea9 5 bytes JMP 000000016bdb16cc
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bd91ff 1 byte JMP 000000016bdb1703
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076bd9201 3 bytes {JMP 0xfffffffff51d8504}
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077351d29 5 bytes JMP 000000016bdb11bd
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077351dd7 5 bytes JMP 000000016bdb1014
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077352ab1 5 bytes JMP 000000016bdb154b
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077352d17 5 bytes JMP 000000016bdb1267
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c48a29 5 bytes JMP 000000016bdb171c
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c54572 5 bytes JMP 000000016bdb10a0
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c6e567 5 bytes JMP 000000016bdb140b
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ca7a5c 5 bytes JMP 000000016bdb15c8
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae96b 5 bytes JMP 000000016bdb15b9
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aaeba5 5 bytes JMP 000000016bdb1181
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000777b5ea5 5 bytes JMP 000000016bdb15f0
.text C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[6220] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000777e9d0b 5 bytes JMP 000000016bdb1217
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076b31f0e 7 bytes JMP 000000016bdb168b
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076b35bad 7 bytes JMP 000000016bdb11a4
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b41409 7 bytes JMP 000000016bdb1280
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076b4ea45 7 bytes JMP 000000016bdb123a
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b5b21b 5 bytes JMP 000000016bdb15a0
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bd8e24 7 bytes JMP 000000016bdb132f
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bd8ea9 5 bytes JMP 000000016bdb16cc
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bd91ff 1 byte JMP 000000016bdb1703
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076bd9201 3 bytes {JMP 0xfffffffff51d8504}
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077351d29 5 bytes JMP 000000016bdb11bd
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077351dd7 5 bytes JMP 000000016bdb1014
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077352ab1 5 bytes JMP 000000016bdb154b
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077352d17 5 bytes JMP 000000016bdb1267
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae96b 5 bytes JMP 000000016bdb15b9
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aaeba5 5 bytes JMP 000000016bdb1181
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c48a29 5 bytes JMP 000000016bdb171c
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c54572 5 bytes JMP 000000016bdb10a0
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c6e567 5 bytes JMP 000000016bdb140b
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ca7a5c 5 bytes JMP 000000016bdb15c8
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e71465 2 bytes [E7, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[6564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e714bb 2 bytes [E7, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [6564] entry point in ".rdata" section 000000005cf071e6
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076b31f0e 7 bytes JMP 000000016bdb168b
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076b35bad 7 bytes JMP 000000016bdb11a4
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b41409 7 bytes JMP 000000016bdb1280
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076b4ea45 7 bytes JMP 000000016bdb123a
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b5b21b 5 bytes JMP 000000016bdb15a0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bd8e24 7 bytes JMP 000000016bdb132f
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bd8ea9 5 bytes JMP 000000016bdb16cc
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bd91ff 1 byte JMP 000000016bdb1703
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076bd9201 3 bytes {JMP 0xfffffffff51d8504}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077351d29 5 bytes JMP 000000016bdb11bd
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077351dd7 5 bytes JMP 000000016bdb1014
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077352ab1 5 bytes JMP 000000016bdb154b
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077352d17 5 bytes JMP 000000016bdb1267
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c48a29 5 bytes JMP 000000016bdb171c
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c54572 5 bytes JMP 000000016bdb10a0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c6e567 5 bytes JMP 000000016bdb140b
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ca7a5c 5 bytes JMP 000000016bdb15c8
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae96b 5 bytes JMP 000000016bdb15b9
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aaeba5 5 bytes JMP 000000016bdb1181
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000777b5ea5 5 bytes JMP 000000016bdb15f0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[6748] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000777e9d0b 5 bytes JMP 000000016bdb1217
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076b31f0e 7 bytes JMP 000000016bdb168b
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076b35bad 7 bytes JMP 000000016bdb11a4
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b41409 7 bytes JMP 000000016bdb1280
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076b4ea45 7 bytes JMP 000000016bdb123a
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b5b21b 5 bytes JMP 000000016bdb15a0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bd8e24 7 bytes JMP 000000016bdb132f
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bd8ea9 5 bytes JMP 000000016bdb16cc
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bd91ff 1 byte JMP 000000016bdb1703
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076bd9201 3 bytes {JMP 0xfffffffff51d8504}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077351d29 5 bytes JMP 000000016bdb11bd
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077351dd7 5 bytes JMP 000000016bdb1014
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077352ab1 5 bytes JMP 000000016bdb154b
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077352d17 5 bytes JMP 000000016bdb1267
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae96b 5 bytes JMP 000000016bdb15b9
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aaeba5 5 bytes JMP 000000016bdb1181
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c48a29 5 bytes JMP 000000016bdb171c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c54572 5 bytes JMP 000000016bdb10a0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c6e567 5 bytes JMP 000000016bdb140b
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ca7a5c 5 bytes JMP 000000016bdb15c8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000777b5ea5 5 bytes JMP 000000016bdb15f0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6888] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000777e9d0b 5 bytes JMP 000000016bdb1217
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076b31f0e 7 bytes JMP 000000016bdb168b
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076b35bad 7 bytes JMP 000000016bdb11a4
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076b41409 7 bytes JMP 000000016bdb1280
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000076b4ea45 7 bytes JMP 000000016bdb123a
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000076b5b21b 5 bytes JMP 000000016bdb15a0
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076bd8e24 7 bytes JMP 000000016bdb132f
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076bd8ea9 5 bytes JMP 000000016bdb16cc
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076bd91ff 1 byte JMP 000000016bdb1703
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW + 2 0000000076bd9201 3 bytes {JMP 0xfffffffff51d8504}
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077351d29 5 bytes JMP 000000016bdb11bd
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077351dd7 5 bytes JMP 000000016bdb1014
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077352ab1 5 bytes JMP 000000016bdb154b
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077352d17 5 bytes JMP 000000016bdb1267
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae96b 5 bytes JMP 000000016bdb15b9
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aaeba5 5 bytes JMP 000000016bdb1181
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c48a29 5 bytes JMP 000000016bdb171c
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c54572 5 bytes JMP 000000016bdb10a0
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c6e567 5 bytes JMP 000000016bdb140b
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ca7a5c 5 bytes JMP 000000016bdb15c8
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000777b5ea5 5 bytes JMP 000000016bdb15f0
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000777e9d0b 5 bytes JMP 000000016bdb1217
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076e71465 2 bytes [E7, 76]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[6708] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076e714bb 2 bytes [E7, 76]
.text ... * 2
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076b31f0e 7 bytes JMP 000000016bdb168b
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076b35bad 7 bytes JMP 000000016bdb11a4
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b41409 7 bytes JMP 000000016bdb1280
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076b4ea45 7 bytes JMP 000000016bdb123a
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b5b21b 5 bytes JMP 000000016bdb15a0
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bd8e24 7 bytes JMP 000000016bdb132f
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bd8ea9 5 bytes JMP 000000016bdb16cc
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bd91ff 1 byte JMP 000000016bdb1703
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076bd9201 3 bytes {JMP 0xfffffffff51d8504}
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077351d29 5 bytes JMP 000000016bdb11bd
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077351dd7 5 bytes JMP 000000016bdb1014
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077352ab1 5 bytes JMP 000000016bdb154b
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077352d17 5 bytes JMP 000000016bdb1267
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c48a29 5 bytes JMP 000000016bdb171c
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c54572 5 bytes JMP 000000016bdb10a0
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c6e567 5 bytes JMP 000000016bdb140b
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ca7a5c 5 bytes JMP 000000016bdb15c8
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae96b 5 bytes JMP 000000016bdb15b9
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aaeba5 5 bytes JMP 000000016bdb1181
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000777b5ea5 5 bytes JMP 000000016bdb15f0
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000777e9d0b 5 bytes JMP 000000016bdb1217
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e71465 2 bytes [E7, 76]
.text C:\Program Files (x86)\Dell\Stage Remote\DMR.exe[6492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e714bb 2 bytes [E7, 76]
.text ... * 2
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076b31f0e 7 bytes JMP 000000016bdb168b
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076b35bad 7 bytes JMP 000000016bdb11a4
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076b41409 7 bytes JMP 000000016bdb1280
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076b4ea45 7 bytes JMP 000000016bdb123a
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076b5b21b 5 bytes JMP 000000016bdb15a0
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076bd8e24 7 bytes JMP 000000016bdb132f
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076bd8ea9 5 bytes JMP 000000016bdb16cc
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076bd91ff 1 byte JMP 000000016bdb1703
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076bd9201 3 bytes {JMP 0xfffffffff51d8504}
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077351d29 5 bytes JMP 000000016bdb11bd
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077351dd7 5 bytes JMP 000000016bdb1014
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077352ab1 5 bytes JMP 000000016bdb154b
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077352d17 5 bytes JMP 000000016bdb1267
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076aae96b 5 bytes JMP 000000016bdb15b9
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076aaeba5 5 bytes JMP 000000016bdb1181
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c48a29 5 bytes JMP 000000016bdb171c
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076c54572 5 bytes JMP 000000016bdb10a0
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076c6e567 5 bytes JMP 000000016bdb140b
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076ca7a5c 5 bytes JMP 000000016bdb15c8
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000777b5ea5 5 bytes JMP 000000016bdb15f0
.text C:\Users\Silvija Sagolj\Desktop\Gmer-19357.exe[7888] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000777e9d0b 5 bytes JMP 000000016bdb1217
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c8093304b10
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c8093304b10@fcc734631135 0x31 0x2A 0xE8 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c8093304b10@781fdbaef48d 0xDF 0xBB 0xD7 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c8093304b10@d890e80c5a30 0xB2 0x1B 0x6E 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c8093304b10 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c8093304b10@fcc734631135 0x31 0x2A 0xE8 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c8093304b10@781fdbaef48d 0xDF 0xBB 0xD7 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c8093304b10@d890e80c5a30 0xB2 0x1B 0x6E 0xB2 ...
---- EOF - GMER 2.1 ----
|
|
11.08.2014, 18:52
| #4 |
| /// TB-Ausbilder | Win 7 laptop geht bei Virenscan aus Der Rechner geht schlagartig aus ? Oder fährt sauber runter ? Hast du Avira mal komplett deinstalliert und neu installiert ?
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
11.08.2014, 18:56
| #5 |
| | Win 7 laptop geht bei Virenscan aus Er geht einfach aus. Da kommt ein bluescreen aber so kurz, dass er nicht lesbar ist. Habe ich gemacht. Zumindest lässt der Echtzeitscanner sich wieder aktivieren. |
|
11.08.2014, 19:03
| #6 |
| /// TB-Ausbilder | Win 7 laptop geht bei Virenscan aus Aber Bluescreen bleibt ?
__________________ --> Win 7 laptop geht bei Virenscan aus |
|
11.08.2014, 19:04
| #7 |
| | Win 7 laptop geht bei Virenscan aus Nein, geht sofort weg und der PC ist einfach aus. Kein richtiges runterfahren, einfach aus. |
|
11.08.2014, 19:10
| #8 |
| /// TB-Ausbilder | Win 7 laptop geht bei Virenscan aus Der Rechner hat in der Registry für einen User eine Einschränkung: Code:
ATTFilter HKU\S-1-5-21-4120619775-2555974261-1378655148-1001\...\Policies\Explorer: [DisallowRun] 1
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
11.08.2014, 19:11
| #9 |
| | Win 7 laptop geht bei Virenscan aus Heißt das, einen anderen Nutzer? Nein, habe ich nie eigestellt Geändert von eve2504 (11.08.2014 um 19:20 Uhr) |
|
11.08.2014, 19:58
| #10 |
| /// TB-Ausbilder | Win 7 laptop geht bei Virenscan aus Hm ok, lass uns grad mal testen wer das ist: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter cmd: wmic useraccount | findstr "S-1-5-21-4120619775-2555974261-1378655148-1001"
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
11.08.2014, 20:05
| #11 |
| | Win 7 laptop geht bei Virenscan ausCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-08-2014 01
Ran by Silvija Sagolj at 2014-08-11 21:05:34 Run:1
Running from C:\Users\Silvija Sagolj\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
cmd: wmic useraccount | findstr "S-1-5-21-4120619775-2555974261-1378655148-1001"
*****************
========= wmic useraccount | findstr "S-1-5-21-4120619775-2555974261-1378655148-1001" =========
512 SilvijaSagolj\Silvija Sagolj FALSE SilvijaSagolj TRUE FALSE Silvija Sagolj TRUE FALSE FALSE S-1-5-21-4120619775-2555974261-1378655148-1001 1 OK
========= End of CMD: =========
==== End of Fixlog ====
|
|
12.08.2014, 07:54
| #12 |
| /// TB-Ausbilder | Win 7 laptop geht bei Virenscan aus OK. Bitte die 2 Schritte hier ausführen, die Logs posten und dann bitte testen, ob Avira normal läuft. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-4120619775-2555974261-1378655148-1001\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-4120619775-2555974261-1378655148-1001\...\Policies\Explorer: [DisallowRun] 1
HKLM\...\Policies\Explorer: [RestrictRun] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
12.08.2014, 08:02
| #13 |
| | Win 7 laptop geht bei Virenscan aus schritt 1 Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-08-2014 01
Ran by Silvija Sagolj at 2014-08-12 08:59:53 Run:2
Running from C:\Users\Silvija Sagolj\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-4120619775-2555974261-1378655148-1001\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-4120619775-2555974261-1378655148-1001\...\Policies\Explorer: [DisallowRun] 1
HKLM\...\Policies\Explorer: [RestrictRun] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************
HKU\S-1-5-21-4120619775-2555974261-1378655148-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\RestrictRun => value deleted successfully.
HKU\S-1-5-21-4120619775-2555974261-1378655148-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\RestrictRun => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
==== End of Fixlog ====
Code:
ATTFilter Farbar Service Scanner Version: 21-07-2014
Ran by Silvija Sagolj (administrator) on 12-08-2014 at 09:02:00
Running from "C:\Users\Silvija Sagolj\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
|
|
12.08.2014, 10:06
| #14 |
| /// TB-Ausbilder | Win 7 laptop geht bei Virenscan aus Avira läuft immer noch nicht ?
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
12.08.2014, 12:42
| #15 |
| | Win 7 laptop geht bei Virenscan aus Läuft noch, aber ich meine, dass es vorher nicht so lange lief. Außerdem sind Echtzeitscanner und Firewall wieder aktivierbar. Ich editiere hier, sobald es durch ist. Kann den obigen Beitrag leider nicht editieren. Laptop ist wieder ausgegangen. Hatte Chrome gerade genutzt, dann fror alles ein und er ging ohne bluescreen aus |
|
| Themen zu Win 7 laptop geht bei Virenscan aus |
| .dll, adware, antivirus, autokms, avast, avg, avira, combofix, defender, device driver, error, excel, file, helper, home, nvidia, officejet, opera, proxy, rundll, scan, security, server, software, temp, usb, vista, windows |
Linear-Darstellung
