| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Beim und nach dem Aufnehmen Knacken im Ton und verlangsammter PCWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.10.2014, 13:56
| #1 |
 |  Beim und nach dem Aufnehmen Knacken im Ton und verlangsammter PC Hallo, ich habe seit 3 Tagen ein kleines Problem mit meinem Rechner, ob es tatsächlich ein Virus oder dergleichen ist weiß ich allerdings nicht wirklich. Folgendes Problem, ich nehme häufig dinge mittels Fraps oder MSI Afterburner auf, um sie zu veröffentlichen, das ging auch alles ohne Probleme, doch nun begleitet, sobald ich die Aufnahmetaste gedrückt habe, ein sehr lästiges und auch in der Aufnahme zu hörendes Knacken. Dieses hört auch nicht auf, sobald ich aufhöre aufzunehmen, ich müsste erst meinen Rechner runterfahren damit es wieder Normal läuft. Ein weiteres dann auftretendes Syntom ist, das der Rechner verdammt langsam wird und zum teil den Explorer einfrieren lässt, sodass nach kurzer Zeit fast garnichts mehr möglich ist. Malwarebytes Anti-Malware habe ich bereits einmal drüber laufen lassen, hat allerdings nichts genützt, auch Avast fand nichts von Bedeutung. Ich hab leider auch keine Wiederherstellungspunkte, sodass ich dies nicht ausprobieren konnte, auch die Systemüberprüfung via Windows CD hat nichts gefunden. Ich hoffe ihr könnt mir helfen, danke schon mal im Vorraus. defogger_disable.txt, FRST.txt, Additions.txt und Gmer.txt sind mit angehängt. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:23 on 19/10/2014 (Robin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01
Ran by Robin (administrator) on ROBIN-PC on 19-10-2014 14:24:41
Running from C:\Users\Robin\Desktop\Antivirus
Loaded Profile: Robin (Available profiles: Robin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() D:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ClanServers Hosting LLC) D:\Program Files (x86)\GameTracker\GSInGameService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() D:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
() D:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() D:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Robin\Desktop\Antivirus\FRST64(1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM-x32\...\Run: [QuickTime Task] => D:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-03] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TrayServer] => D:\Program Files (x86)\MAGIX\Video_deluxe_MX_Plus_Download-Version\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG)
HKU\S-1-5-21-3062181239-1702867323-3627005284-1000\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\S-1-5-21-3062181239-1702867323-3627005284-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3062181239-1702867323-3627005284-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3062181239-1702867323-3627005284-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22040168 2014-08-27] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA1AB3F2ADF98CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {D9EE0C5C-6202-4940-AAAA-A7765605E923} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {D9EE0C5C-6202-4940-AAAA-A7765605E923} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPED7DE157-3C63-4EA7-A387-6D443506842B&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {D9EE0C5C-6202-4940-AAAA-A7765605E923} URL = hxxp://www.sm.de/?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Java\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Java\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Zapp -> {14264a21-01fa-455f-a9c4-7c8b3d82b6f6} -> C:\Program Files (x86)\Zapp\IE\Zapp.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Zapp - {14264a21-01fa-455f-a9c4-7c8b3d82b6f6} - C:\Program Files (x86)\Zapp\IE\Zapp.dll No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\j0bmfkhy.default
FF SelectedSearchEngine: Google
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*'))%20%7B%20return%20'PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "backup.ftp", "77.50.220.92"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "77.50.220.92"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "77.50.220.92"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "198.52.217.44"
FF NetworkProxy: "ftp_port", 3127
FF NetworkProxy: "http", "199.200.120.36"
FF NetworkProxy: "http_port", 8089
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "198.52.217.44"
FF NetworkProxy: "socks_port", 3127
FF NetworkProxy: "ssl", "198.52.217.44"
FF NetworkProxy: "ssl_port", 3127
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> D:\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Robin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Robin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: YouTube Unblocker - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\j0bmfkhy.default\Extensions\youtubeunblocker@unblocker.yt [2014-08-26]
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\j0bmfkhy.default\Extensions\admin@proxy-listen.de.xpi [2014-08-26]
FF Extension: MEGA - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\j0bmfkhy.default\Extensions\firefox@mega.co.nz.xpi [2014-04-21]
FF Extension: Twitter_Autorefresh - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\j0bmfkhy.default\Extensions\jid1-3P6ZUb9u2yIOjg@jetpack.xpi [2014-10-04]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\j0bmfkhy.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-02-26]
FF Extension: Youtube Downloader - Media Downloader - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\j0bmfkhy.default\Extensions\paulsaintuzb@gmail.com.xpi [2014-05-04]
FF Extension: Turn Off the Lights - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\j0bmfkhy.default\Extensions\stefanvandamme@stefanvd.net.xpi [2014-03-27]
FF Extension: Adblock Plus - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\j0bmfkhy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - D:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-27]
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] ()
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-03] (AVAST Software)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 GS In-Game Service; D:\Program Files (x86)\GameTracker\GSInGameService.exe [1677080 2013-12-19] (ClanServers Hosting LLC)
R2 Hamachi2Svc; D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2525008 2014-09-04] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30969208 2010-03-25] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-10] ()
R2 TeamViewer8; D:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [4308320 2013-08-07] (TeamViewer GmbH)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-03] ()
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-12-01] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-08-06] (DT Soft Ltd)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2012-01-05] ()
R3 RTCore64; D:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2014-05-19] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DRHARD; \??\C:\Windows\system32\DRIVERS\DRHARD.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-19 14:24 - 2014-10-19 14:24 - 00000000 ____D () C:\FRST
2014-10-19 14:23 - 2014-10-19 14:23 - 00000168 _____ () C:\Users\Robin\defogger_reenable
2014-10-19 14:22 - 2014-10-19 14:24 - 00000000 ____D () C:\Users\Robin\Desktop\Antivirus
2014-10-17 19:07 - 2014-10-17 19:08 - 00000000 ____D () C:\Users\Robin\Desktop\Weitere Games
2014-10-17 13:06 - 2014-10-17 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-17 13:06 - 2014-10-17 13:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-17 13:06 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-17 13:06 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-17 13:06 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-17 12:49 - 2014-10-17 12:49 - 00000721 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-10-13 20:26 - 2014-10-13 20:26 - 00000222 _____ () C:\Users\Robin\Desktop\Heroes & Generals.url
2014-10-12 20:35 - 2014-10-12 20:35 - 00016055 _____ () C:\Users\Robin\AppData\Local\recently-used.xbel
2014-10-09 15:33 - 2014-10-09 15:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-09 15:33 - 2014-10-09 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-06 18:20 - 2014-10-06 18:20 - 00000222 _____ () C:\Users\Robin\Desktop\Democracy 3.url
2014-10-04 14:50 - 2014-10-04 14:50 - 00000000 ____D () C:\Windows\pss
2014-09-30 15:33 - 2014-09-30 15:33 - 00000219 _____ () C:\Users\Robin\Desktop\Portal 2.url
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-19 14:25 - 2014-01-19 21:20 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3062181239-1702867323-3627005284-1000UA.job
2014-10-19 14:23 - 2013-08-04 23:37 - 00000000 ____D () C:\Users\Robin
2014-10-19 14:07 - 2014-06-05 22:07 - 00000000 ____D () C:\Users\Robin\Documents\Outlook-Dateien
2014-10-19 14:07 - 2009-07-14 06:45 - 00015760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-19 14:07 - 2009-07-14 06:45 - 00015760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-19 14:06 - 2009-07-14 19:58 - 00699394 _____ () C:\Windows\system32\perfh007.dat
2014-10-19 14:06 - 2009-07-14 19:58 - 00149534 _____ () C:\Windows\system32\perfc007.dat
2014-10-19 14:06 - 2009-07-14 07:13 - 01620346 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-19 14:03 - 2014-05-12 18:14 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Skype
2014-10-19 14:03 - 2013-08-04 23:39 - 01649585 _____ () C:\Windows\WindowsUpdate.log
2014-10-19 14:00 - 2014-04-10 10:05 - 00053011 _____ () C:\Windows\setupact.log
2014-10-19 14:00 - 2014-01-06 17:45 - 00000000 ____D () C:\Users\Robin\AppData\Local\LogMeIn Hamachi
2014-10-19 14:00 - 2013-12-05 15:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-19 14:00 - 2013-08-04 23:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-19 14:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 13:57 - 2014-05-06 18:14 - 00003022 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2014-10-19 13:51 - 2013-08-05 00:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-19 13:29 - 2013-12-05 15:50 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-19 13:26 - 2013-08-27 18:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-18 17:11 - 2014-04-27 22:10 - 00000000 ____D () C:\Users\Robin\Documents\Euro Truck Simulator 2
2014-10-18 12:44 - 2013-08-24 12:43 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2014-10-18 09:42 - 2013-08-05 10:37 - 00493586 _____ () C:\Windows\PFRO.log
2014-10-17 22:24 - 2013-12-05 15:50 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 22:24 - 2013-12-05 15:50 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 20:25 - 2014-01-19 21:20 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3062181239-1702867323-3627005284-1000Core.job
2014-10-17 19:12 - 2014-09-06 11:34 - 00000000 ____D () C:\Users\Robin\Desktop\NTA
2014-10-17 17:24 - 2013-11-17 00:23 - 00000000 ____D () C:\ProgramData\Origin
2014-10-17 13:07 - 2014-04-24 21:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-17 12:56 - 2014-03-01 23:49 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Audacity
2014-10-17 12:44 - 2013-08-24 12:43 - 00003518 _____ () C:\Windows\System32\Tasks\FileAdvisorCheck
2014-10-17 12:44 - 2013-08-24 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
2014-10-14 20:16 - 2013-08-04 23:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-14 20:16 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-13 20:53 - 2014-08-07 14:15 - 00000000 ____D () C:\Users\Robin\Documents\SuperJect
2014-10-12 20:37 - 2014-04-27 22:13 - 00000000 ____D () C:\Users\Robin\.gimp-2.8
2014-10-12 20:33 - 2013-08-06 00:05 - 00000000 ____D () C:\Users\Robin\AppData\Local\gtk-2.0
2014-10-09 15:33 - 2013-08-05 18:20 - 00000000 ____D () C:\ProgramData\Skype
2014-10-09 15:32 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-06 18:21 - 2014-04-27 22:08 - 00000000 ____D () C:\Users\Robin\Documents\My Games
2014-10-04 21:29 - 2014-06-21 18:59 - 00000000 ____D () C:\Users\Robin\AppData\Local\Game Dev Tycoon - Steam
2014-10-04 13:14 - 2014-08-12 14:59 - 00000000 ____D () C:\Users\Robin\Documents\ManiaPlanet
2014-10-04 13:13 - 2014-08-12 14:59 - 00000000 ____D () C:\ProgramData\ManiaPlanet
2014-10-03 23:16 - 2014-03-23 01:17 - 00000000 ____D () C:\Users\Robin\AppData\Local\Arma 3
2014-10-01 21:41 - 2014-03-16 17:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-30 15:36 - 2014-01-28 22:01 - 00000000 ___RD () C:\Users\Robin\Desktop\Aufnehmzeug
2014-09-30 15:35 - 2014-08-09 20:07 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopWare
2014-09-29 16:51 - 2013-08-05 00:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-29 16:51 - 2013-08-05 00:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-29 16:51 - 2013-08-05 00:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 19:12
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01
Ran by Robin at 2014-10-19 14:25:07
Running from C:\Users\Robin\Desktop\Antivirus
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.0.30660 - BitTorrent Inc.)
4Videosoft MKV Video Converter 5.0.8 (HKLM-x32\...\{D78503CE-97C0-4751-9DCC-F73222EB571E}_is1) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version: - Ensemble Studios)
AMD Catalyst Install Manager (HKLM\...\{A00CC809-7137-B31B-D13D-401DA7BD962F}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM-x32\...\{34D5220A-58D0-473C-90E4-15136C3FB0E3}) (Version: 4.3.1.0690 - Advanced Micro Devices, Inc.)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AppPublisherURL=hxxp://www.rtl-primetime.de/
AppVersion=1.0)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
AVR Jungo USB (HKLM-x32\...\{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}) (Version: 10.2 - Atmel)
AVR Studio 4.19 (HKLM-x32\...\{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}) (Version: 4.19.730 - Atmel)
AVR Studio 4.19 (x32 Version: 4.19.730 - Atmel) Hidden
Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC)
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions)
BeamNG-Techdemo-0.3 (remove only) (HKCU\...\BeamNG-Techdemo-0.3) (Version: - )
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production)
Cities XL (HKLM-x32\...\Cities XL) (Version: 1.0.0 - Monte Cristo Games)
Cities XL Platinum (HKLM-x32\...\Steam App 231140) (Version: - Focus Home Interactive)
CL-Eye Driver (HKLM-x32\...\CL-Eye Driver) (Version: 5.3.0.0341 - Code Laboratories, Inc.)
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Crazy Taxi (HKLM-x32\...\{F68A7F48-9F26-4FB1-A7C2-DF3C0F2D849C}) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Democracy 3 (HKLM-x32\...\Steam App 245470) (Version: - Positech Games)
Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.02.1221 - Ubisoft)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
DiRT 3 (HKLM-x32\...\Steam App 44320) (Version: - Codemasters Racing Studio)
Easy MP3 Cutter 3.0 (HKLM-x32\...\Easy MP3 Cutter_is1) (Version: - ManiacTools.com)
EPSON SX430 Series Printer Uninstall (HKLM\...\EPSON SX430 Series) (Version: - SEIKO EPSON Corporation)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software)
Euro Truck Simulator 2 Multiplayer 0.1.0.8.4 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.0.8.4 Alpha - ETS2MP Team)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - )
File Type Advisor 1.0 (HKLM-x32\...\File Type Advisor_is1) (Version: - filetypeadvisor.com)
FileEdit (HKCU\...\0b985e951b463b27) (Version: 1.0.0.7 - FileEdit)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Free System Utilities (HKLM-x32\...\{7408e56e-31d8-4e0b-9a21-1dcd6306cdf2}) (Version: 1.1.0.0 - Covus Freemium GmbH)
Free SystemUtilities (x32 Version: 1.1.0.0 - Covus Freemium GmbH) Hidden
Free YouTube Download version 3.2.11.812 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.11.812 - DVDVideoSoft Ltd.)
FSDreamTeam GSX 1.7.9.8 (HKLM-x32\...\FSDreamTeam GSX_is1) (Version: - )
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
GameTracker Lite (HKLM-x32\...\GameTracker Lite) (Version: - ClanServers Hosting LLC.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.37.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.37.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Half-Life Dedicated Server Update Tool (HKLM-x32\...\Half-Life Dedicated Server Update Tool) (Version: - )
Hear (HKLM\...\{4E341B88-61A8-4C28-A3F0-9021898AD3C2}_is1) (Version: - Prosoft)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
HomepageFIX 2013 (HKLM-x32\...\HomepageFIX 2013_is1) (Version: Aktuelle Version - IN MEDIA KG)
IndustrieGigant 2 (HKLM-x32\...\{8D914DD2-F3CE-44E4-9498-E7EED093281C}_is1) (Version: - UIG GmbH)
InterActual Player (HKLM-x32\...\InterActual Player) (Version: - )
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Just Flight - Traffic X (HKLM-x32\...\{D186EE99-F905-4F87-B188-01D60D8FF1B3}) (Version: 1.00.000 - Just Flight)
Landwirtschafts Simulator 2013 (HKLM-x32\...\FarmingSimulator2013DE_is1) (Version: 1.0 - GIANTS Software)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.1.0 - Lightworks)
Loadout (HKLM-x32\...\Steam App 208090) (Version: - Edge of Reality)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
M.U.D. TV (HKLM-x32\...\Steam App 43500) (Version: - Realmforge Studios)
MAGIX Screenshare (HKLM-x32\...\{1C32F829-A1BD-4B4C-848D-B34A4CCDA70F}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\{345A6A80-C745-457E-B8E8-81FC568E2B35}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Video deluxe MX Plus Download-Version (HKLM-x32\...\MAGIX_MSI_Videodeluxe18_plus) (Version: 11.0.0.38 - MAGIX AG)
MAGIX Video deluxe MX Plus Download-Version (x32 Version: 11.0.0.38 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (x32 Version: 10.0.61355.0 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X Service Pack 1 (x32 Version: 10.0.61355.0 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X Service Pack 2 (HKLM-x32\...\{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{6F29F195-B11C-3EAD-B883-997BB29DFA17}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Firefox 32.0.3 (x86 de) (HKCU\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSI Afterburner 3.0.0 (HKLM-x32\...\Afterburner) (Version: 3.0.0 - MSI Co., LTD)
MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version: - Ndemic Creations)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Prime Time (HKLM-x32\...\PRIMETIME_is1) (Version: - RTL Playtainment
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
RCT3 Soaked (HKLM-x32\...\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}) (Version: 1.00.000 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
ReelSmart Motion Blur 4, After Effects-compatible plugin set (HKLM-x32\...\ReelSmart Motion Blur 4, After Effects-compatible plugin set) (Version: - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
RivaTuner Statistics Server 6.1.1 (HKLM-x32\...\RTSS) (Version: 6.1.1 - Unwinder)
RollerCoaster Tycoon 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samplitude Pro X Silver (HKLM-x32\...\MAGIX_{86460AB2-75D3-400D-B9A8-232EC729192E}) (Version: 12.0.2.115 - MAGIX AG)
Samplitude Pro X Silver (Version: 12.0.2.115 - MAGIX AG) Hidden
Samplitude Pro X Silver 64-Bit Addon for Samplitude Pro X Silver (HKLM-x32\...\{DA120551-51CE-3195-8F9E-93D822F61597}) (Version: 1.3.0.0 - MAGIX AG)
Samplitude Pro X Silver Independence Free for Samplitude Pro X Silver (HKLM-x32\...\{E80D368A-7860-33B0-AD3C-4C94D8023141}) (Version: 1.3.0.0 - MAGIX AG)
Samplitude Pro X Silver Objekt-Synthesizer for Samplitude Pro X Silver (HKLM-x32\...\{D1B56A67-E132-39BB-8250-BE265061B712}) (Version: 1.0.0.0 - MAGIX AG)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Shopop (HKLM-x32\...\{3DF474D5-1D41-43B5-BEA7-7E320542FD61}) (Version: 10.203.68.14274 - My Pop Shop Ltd.) <==== ATTENTION
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20202 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
TG-MOD (HKLM-x32\...\{235493EC-B417-48E1-8445-49060A654EAE}) (Version: 0.32 - -)
The Bridge (HKLM-x32\...\Steam App 204240) (Version: - Ty Taylor and Mario Castañeda)
The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
TrackMania² Canyon (HKLM-x32\...\Steam App 228760) (Version: - Nadeo)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version: - Nadeo)
TrackMania² Valley (HKLM-x32\...\Steam App 243360) (Version: - Nadeo)
Train Fever (HKLM-x32\...\Steam App 304730) (Version: - Urban Games)
Train Simulator 2014 (HKLM-x32\...\Steam App 24010) (Version: - RailSimulator.com)
TransportGigant (HKLM-x32\...\{BAC3B914-9A96-4097-A5C7-7BF0CAD679D3}) (Version: 1.3.0 - JoWooD Productions Software AG)
TransportGigant: Down Under (HKLM-x32\...\{2DAF4D9B-1DCB-4160-845B-B78721C3BEC6}) (Version: 2.10 - JoWooD Productions Software AG)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version: - Haemimont Games)
Tropico 5 (HKLM-x32\...\Steam App 245620) (Version: - Haemimont Games)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
Vegas Pro 12.0 (64-bit) (HKLM\...\{EEB9EFDE-ED91-11E2-91A8-F04DA23A5C58}) (Version: 12.0.670 - Sony)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Vocup 1.4.3 (HKLM-x32\...\Vocup_is1) (Version: 1.4.3 - Florian Amstutz)
Waterfox 26.0 (x64 en-US) (HKLM\...\Waterfox 26.0 (x64 en-US)) (Version: 26.0 - Mozilla)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Systems Manager (HKLM-x32\...\Wireless Systems Manager4.0.85) (Version: 4.0.85 - Sennheiser electronic)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1) (Version: - Wargaming.net)
World Series Of Poker (HKLM-x32\...\World_Series_Of_Poker_1.0) (Version: - )
WorldPainter 1.5.0 (HKLM\...\4144-4862-0472-7103) (Version: 1.5.0 - pepsoft.org)
XLNation User Interface Mod (HKLM-x32\...\{94BE8E03-7E88-4747-868D-E3BB7ABF1D05}) (Version: 1.79.9 - Altiris)
Zapp 5.7 (HKLM-x32\...\{c4b22070-e532-4443-b84b-930325e6dcc2}_is1) (Version: 5.7 - Zapp)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3062181239-1702867323-3627005284-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> D:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-02-20 17:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {03873767-33A9-471F-B34A-5449C8182409} - System32\Tasks\{97B51F7E-61B9-4818-B97D-DA0C55020521} => D:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {05524248-BAAE-45F2-B7E8-1FDC7B75D8E1} - System32\Tasks\{5576FB1A-EA81-4DB0-9370-2EB35F3519C8} => C:\Users\Robin\Desktop\ig2_addon_patch21_de(1).exe
Task: {227C430F-E696-498D-B219-8A42D828ABAE} - System32\Tasks\{4DFC705A-3CA5-4287-BE1E-395DAEF79BD6} => C:\Users\Robin\Desktop\ig2_addon_patch21_de(1).exe
Task: {229E415C-E81E-4FC4-8F5C-3AA21EF0E243} - System32\Tasks\{56D1DA53-B247-4305-994B-D9BF5130DE61} => D:\Program Files (x86)\TransportGigant\transportgiant.exe [2004-10-28] (JoWooD Productions Software AG)
Task: {24842094-8928-485B-9AF9-F6A11550677E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-29] (Adobe Systems Incorporated)
Task: {248D936E-C7FE-4368-B2C0-68030AC26A38} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3062181239-1702867323-3627005284-1000UA => C:\Users\Robin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-19] (Facebook Inc.)
Task: {249DE304-F23B-42B4-9D30-D20BF2AF2653} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-05] (Google Inc.)
Task: {2E09AC7E-AB29-4BA1-812F-CDAE097A8066} - \Browser Updater\Zapp Browser Updater No Task File <==== ATTENTION
Task: {393A9A7A-118B-4E59-9B98-E9629F2D7843} - System32\Tasks\{7B17E059-F7D4-4361-A07B-E745123DC8D5} => D:\Program Files (x86)\TransportGigant\transportgiant.exe [2004-10-28] (JoWooD Productions Software AG)
Task: {41D8866D-4549-4E0B-A1BF-051417C5C926} - \SomotoUpdateCheckerAutoStart No Task File <==== ATTENTION
Task: {45796FBD-9DFB-46DD-85E3-4DDA063A2583} - System32\Tasks\{5CA08AF2-EF16-43B0-8C86-5B94EECB4BBF} => D:\Program Files (x86)\Activision Value\World Series Of Poker\wsop.exe [2005-12-20] (Toy Box Games)
Task: {7751A419-5056-4E28-8E19-377598DEA907} - \Software Updater No Task File <==== ATTENTION
Task: {77C23E79-380E-4E29-BCB6-370909E92EC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-05] (Google Inc.)
Task: {787437D7-B900-44B4-9EDF-EA1B10001115} - System32\Tasks\{B79F3902-4091-4930-A573-E4A090A0A7E1} => C:\Users\Robin\Desktop\ig2_addon_patch21_de(1).exe
Task: {7CD884B1-F48C-4C5E-AF4B-35B543E76346} - System32\Tasks\{A5A1D7B4-1739-4954-815E-E58981842E7D} => D:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {81FA4FB1-64A2-4B5B-85DD-CFEBE1D21B5E} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-07-12] (filetypeadvisor.com )
Task: {87E2AF4D-A960-414F-A871-8FBD259E947E} - System32\Tasks\{B39D9B38-9D41-410C-B032-985E9205FFA9} => C:\Users\Robin\Desktop\ig2_addon_patch21_de(1).exe
Task: {8C9786BD-E15A-4422-BC50-C4A717186593} - System32\Tasks\{DEA2DC23-3805-47F4-A4CF-509889A050F7} => D:\Program Files (x86)\TransportGigant\transportgiant.exe [2004-10-28] (JoWooD Productions Software AG)
Task: {94ACFFF0-2504-433F-A8B9-510C39FFE683} - System32\Tasks\{0B0793EA-DF9D-4F35-9ABB-ECA9F8E6E909} => C:\Users\Robin\Desktop\ig2_addon_patch21_de(1).exe
Task: {9BEAD541-DD5D-4E2F-962A-62872BCBC274} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3062181239-1702867323-3627005284-1000Core => C:\Users\Robin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-19] (Facebook Inc.)
Task: {AF5F6EFE-7E50-4979-BC7D-3AE1597D9B73} - System32\Tasks\{3FAB98F2-BDEC-47EE-A57D-51285D12C184} => D:\Program Files (x86)\TransportGigant\transportgiant.exe [2004-10-28] (JoWooD Productions Software AG)
Task: {B0338402-4979-4D02-988C-04D25ABA9BB9} - System32\Tasks\{741CDDD5-0EFC-4FEA-800B-EF6E75535219} => D:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {BCBD4C9C-7FD0-4946-9169-CFC8350A1FCC} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-07-12] (File Type Advisor)
Task: {C3A401A9-D6A8-43F0-BA39-D190CE281869} - System32\Tasks\{BBBD1780-C0FF-4C5C-B2D8-7DB612F06A3D} => C:\Program Files (x86)\Terraria\Terraria.exe
Task: {CB52A3AF-8201-4406-B194-13FDC5865C31} - System32\Tasks\{29949044-F7D7-4E68-B9CE-644E4CFDA5BB} => D:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe [2013-08-17] (Sony DADC Austria AG)
Task: {D542AB36-D07C-4D3F-9A5E-F4302F4E4B52} - System32\Tasks\{4530D85B-3038-4F3A-A223-2608EB0CCCEE} => C:\Users\Robin\Desktop\ig2_addon_patch21_de(1).exe
Task: {E28B42B0-3D2A-4575-9D97-E71DA62794AB} - System32\Tasks\MSIAfterburner => D:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2014-05-19] ()
Task: {F1B6A710-99D9-499E-986D-28307E626B2B} - System32\Tasks\{88AA7E58-581B-4365-B920-437A052D9500} => C:\Users\Robin\Desktop\ig2_addon_patch21_de(1).exe
Task: {F4BF396D-6D2C-4175-8054-B4F75A9153F5} - \Freemium1ClickMaint No Task File <==== ATTENTION
Task: {FEC68702-49D6-4691-808C-EE3AA92F35AA} - System32\Tasks\{FA1A5B05-1D9B-4464-B2F7-CC8D12CB791A} => D:\Program Files (x86)\TransportGigant\transportgiant.exe [2004-10-28] (JoWooD Productions Software AG)
Task: {FF359BBC-3978-4773-BE3B-52784AA8D6D0} - System32\Tasks\avast! Emergency Update => D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-03] (AVAST Software)
Task: {FF36824C-7BCA-4FD1-A209-0A32FD4A0EB0} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\Zapp\WConnectorProductivity.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3062181239-1702867323-3627005284-1000Core.job => C:\Users\Robin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3062181239-1702867323-3627005284-1000UA.job => C:\Users\Robin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-08-04 23:49 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-16 18:39 - 2014-05-16 18:39 - 00399360 _____ () D:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () D:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () D:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-05-19 12:46 - 2014-05-19 12:46 - 00465064 _____ () D:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2013-10-10 00:11 - 2013-10-10 00:20 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-16 18:39 - 2014-05-16 18:39 - 00188928 _____ () D:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
2014-05-16 18:38 - 2014-05-16 18:38 - 00026112 _____ () D:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
2014-05-16 18:39 - 2014-05-16 18:39 - 00088576 _____ () D:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
2014-08-03 15:08 - 2014-08-03 15:08 - 00301152 _____ () D:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-19 13:27 - 2014-10-19 13:27 - 02896384 _____ () D:\Program Files\AVAST Software\Avast\defs\14101900\algo.dll
2014-05-16 18:38 - 2014-05-16 18:38 - 00354816 _____ () D:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll
2014-04-15 15:31 - 2014-04-15 15:31 - 00071680 _____ () D:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2014-04-15 15:31 - 2014-04-15 15:31 - 00056832 _____ () D:\Program Files (x86)\MSI Afterburner\RTFC.dll
2014-04-15 15:31 - 2014-04-15 15:31 - 00216064 _____ () D:\Program Files (x86)\MSI Afterburner\RTCore.dll
2014-04-15 15:31 - 2014-04-15 15:31 - 00127488 _____ () D:\Program Files (x86)\MSI Afterburner\RTUI.dll
2014-04-15 15:31 - 2014-04-15 15:31 - 00638976 _____ () D:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-03 15:08 - 2014-08-03 15:08 - 19329904 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-16 18:38 - 2014-05-16 18:38 - 00056320 _____ () D:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2014-05-16 18:38 - 2014-05-16 18:38 - 00127488 _____ () D:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2014-05-16 18:39 - 2014-05-16 18:39 - 00071680 _____ () D:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2014-09-29 16:46 - 2014-09-29 16:46 - 03715184 _____ () D:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:74603393
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hear.lnk => C:\Windows\pss\Hear.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: OfficeSyncProcess => "D:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
========================= Accounts: ==========================
Administrator (S-1-5-21-3062181239-1702867323-3627005284-500 - Administrator - Disabled)
Gast (S-1-5-21-3062181239-1702867323-3627005284-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3062181239-1702867323-3627005284-1134 - Limited - Enabled)
Robin (S-1-5-21-3062181239-1702867323-3627005284-1000 - Administrator - Enabled) => C:\Users\Robin
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/18/2014 05:11:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: dcc
Startzeit: 01cfeaa71d2b300d
Endzeit: 60000
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: ed6c0d85-56d8-11e4-bdbb-bc5ff48acc01
Error: (10/18/2014 10:13:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TFMM.exe, Version: 0.2.14.338, Zeitstempel: 0x543f0a43
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1504
Startzeit der fehlerhaften Anwendung: 0xTFMM.exe0
Pfad der fehlerhaften Anwendung: TFMM.exe1
Pfad des fehlerhaften Moduls: TFMM.exe2
Berichtskennung: TFMM.exe3
Error: (10/18/2014 10:12:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TFMM.exe, Version: 0.2.14.338, Zeitstempel: 0x543f0a43
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1b0c
Startzeit der fehlerhaften Anwendung: 0xTFMM.exe0
Pfad der fehlerhaften Anwendung: TFMM.exe1
Pfad des fehlerhaften Moduls: TFMM.exe2
Berichtskennung: TFMM.exe3
Error: (10/18/2014 10:12:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TFMM.exe, Version: 0.2.14.338, Zeitstempel: 0x543f0a43
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x15c0
Startzeit der fehlerhaften Anwendung: 0xTFMM.exe0
Pfad der fehlerhaften Anwendung: TFMM.exe1
Pfad des fehlerhaften Moduls: TFMM.exe2
Berichtskennung: TFMM.exe3
Error: (10/18/2014 09:42:40 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (10/18/2014 09:42:40 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (10/18/2014 09:42:40 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (10/17/2014 00:42:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm _iu14D2N.tmp, Version 51.1052.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 3bc
Startzeit: 01cfe9f69ac7a4f6
Endzeit: 60000
Anwendungspfad: C:\Users\Robin\AppData\Local\Temp\_iu14D2N.tmp
Berichts-ID:
Error: (10/05/2014 02:38:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Uplay.exe, Version: 4.6.1.3217, Zeitstempel: 0x53b41990
Name des fehlerhaften Moduls: Uplay.exe, Version: 4.6.1.3217, Zeitstempel: 0x53b41990
Ausnahmecode: 0xc0000417
Fehleroffset: 0x01194140
ID des fehlerhaften Prozesses: 0x1cc0
Startzeit der fehlerhaften Anwendung: 0xUplay.exe0
Pfad der fehlerhaften Anwendung: Uplay.exe1
Pfad des fehlerhaften Moduls: Uplay.exe2
Berichtskennung: Uplay.exe3
Error: (10/04/2014 10:47:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm GTAIV.exe, Version 1.0.7.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2228
Startzeit: 01cfe01434fc32d5
Endzeit: 29
Anwendungspfad: D:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe
Berichts-ID:
System errors:
=============
Error: (10/19/2014 02:01:21 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (10/19/2014 01:32:09 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x8000400431
Error: (10/19/2014 01:25:37 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (10/18/2014 10:23:39 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (10/18/2014 10:23:04 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "KEVIN",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{EEA190C6-B15E-4384-A7D5-FAFFE9C5B96D}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (10/18/2014 06:37:49 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{596F0B4F-F567-4408-8CCE-FD78F63F53D4}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (10/18/2014 06:28:35 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SANDRA",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{596F0B4F-F567-4408-8CCE-FD78F63F53D4}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (10/18/2014 05:19:06 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (10/18/2014 09:43:36 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (10/18/2014 09:42:33 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 17.10.2014 um 23:42:40 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (10/18/2014 05:11:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17514dcc01cfeaa71d2b300d60000C:\Windows\Explorer.EXEed6c0d85-56d8-11e4-bdbb-bc5ff48acc01
Error: (10/18/2014 10:13:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TFMM.exe0.2.14.338543f0a43unknown0.0.0.000000000c000000500000000150401cfeaab3d3aa9beD:\Desktop\Sonstiges\TFMM.exeunknown93e3338e-569e-11e4-bdbb-bc5ff48acc01
Error: (10/18/2014 10:12:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TFMM.exe0.2.14.338543f0a43unknown0.0.0.000000000c0000005000000001b0c01cfeaab379ce5d1D:\Desktop\Sonstiges\TFMM.exeunknown77d082d3-569e-11e4-bdbb-bc5ff48acc01
Error: (10/18/2014 10:12:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TFMM.exe0.2.14.338543f0a43unknown0.0.0.000000000c00000050000000015c001cfeaab2630cdc2D:\Desktop\Sonstiges\TFMM.exeunknown709e3649-569e-11e4-bdbb-bc5ff48acc01
Error: (10/18/2014 09:42:40 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (10/18/2014 09:42:40 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (10/18/2014 09:42:40 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (10/17/2014 00:42:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: _iu14D2N.tmp51.1052.0.03bc01cfe9f69ac7a4f660000C:\Users\Robin\AppData\Local\Temp\_iu14D2N.tmp
Error: (10/05/2014 02:38:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Uplay.exe4.6.1.321753b41990Uplay.exe4.6.1.321753b41990c0000417011941401cc001cfe099416141a7C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exeC:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe828d9a2e-4c8c-11e4-a1ef-bc5ff48acc01
Error: (10/04/2014 10:47:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: GTAIV.exe1.0.7.0222801cfe01434fc32d529D:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe
CodeIntegrity Errors:
===================================
Date: 2014-02-20 16:00:09.678
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-02-20 16:00:09.636
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD FX(tm)-6350 Six-Core Processor
Percentage of memory in use: 26%
Total physical RAM: 8148.74 MB
Available physical RAM: 5976.86 MB
Total Pagefile: 16295.68 MB
Available Pagefile: 13997.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (Betriebssystem) (Fixed) (Total:55.8 GB) (Free:5.73 GB) NTFS
Drive d: (Programme) (Fixed) (Total:465.76 GB) (Free:47.57 GB) NTFS
Drive e: () (Removable) (Total:14.43 GB) (Free:3.93 GB) FAT32
Drive g: (Youtube) (Fixed) (Total:1862.89 GB) (Free:1617.34 GB) NTFS
Drive h: (Disc) (CDROM) (Total:1.35 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 57D4B197)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8F2F8149)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 331A92D7)
Partition: GPT Partition Type.
========================================================
Disk: 3 (Size: 14.4 GB) (Disk ID: 70123E6A)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0B)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-19 14:45:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000068 KINGSTON rev.505A 55,90GB
Running: kjv372ku.exe; Driver: C:\Users\Robin\AppData\Local\Temp\pgtorpod.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[576] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\services.exe[628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[912] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075ada322 1 byte [62]
.text C:\Windows\system32\svchost.exe[956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[248] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[284] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\Explorer.EXE[1516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1672] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075ada322 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
.text ... * 2
.text C:\Windows\SysWOW64\rundll32.exe[1724] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075ada322 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1840] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1896] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1964] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE[1664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[1720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\taskeng.exe[2064] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2232] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075ada322 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2356] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075ada322 1 byte [62]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[2532] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075ada322 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2632] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text D:\Program Files (x86)\GameTracker\GSInGameService.exe[2672] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075ada322 1 byte [62]
.text D:\Program Files (x86)\GameTracker\GSInGameService.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
.text D:\Program Files (x86)\GameTracker\GSInGameService.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2716] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075ada322 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
.text ... * 2
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2780] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2824] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075ada322 1 byte [62]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2824] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074151a22 2 bytes [15, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2824] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074151ad0 2 bytes [15, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2824] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074151b08 2 bytes [15, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2824] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074151bba 2 bytes [15, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2824] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074151bda 2 bytes [15, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075a41465 2 bytes [A4, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075a414bb 2 bytes [A4, 75]
.text ... * 2
.text C:\Windows\system32\svchost.exe[2864] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text D:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2184] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075ada322 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2200] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2268] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\conhost.exe[616] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text D:\Program Files\AVAST Software\Avast\AvastUI.exe[3228] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075ab87c9 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text D:\Program Files\AVAST Software\Avast\AvastUI.exe[3228] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075ada322 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3236] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075ada322 1 byte [62]
.text C:\Windows\System32\svchost.exe[3380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3412] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[3768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text D:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[3928] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[4100] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[4892] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\DllHost.exe[5704] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[4352] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 00000000778ceecd 1 byte [62]
.text C:\Users\Robin\Desktop\Antivirus\kjv372ku.exe[3428] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075ada322 1 byte [62]
---- EOF - GMER 2.1 ----
|
Baum-Darstellung