| |
| |||||||
Log-Analyse und Auswertung: Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.11.2014, 19:52
| #1 |
| |  Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden! Guten Tag liebes Trojaner-Board-Team, wie schon im Titel erwähnt hat mein Avira 2 Viren gefunden, welche direkt in Qarantäne gesteckt wurden. Zweiterer wurde schon länger gefunden. Beide Viren hatten bisher keinerlei sichtbaren Einfluss auf mein System, dennoch hätte ich nun beide gerne entfernt. Es sei zu erwähnen, dass während des Gmer-Scans ein Bluescreen auftrat und darauf das System (wie angeraten) ohne Devices gescannt wurde. Dieser Scan verlief dann erfolgreich, dennoch hatte ich kurze Zeit später erneut einen Bluescreen, was normalerweise noch nie passiert ist. Folgend sind nun die benötigten Log-Files aufgelistet: defogger_disable: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:18 on 21/11/2014 (Johannes)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014
Ran by Johannes at 2014-11-21 18:22:50
Running from C:\Users\Johannes\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.265 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface Service (HKLM-x32\...\Akamai) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.12 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.48.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.1.0.1 - Hewlett-Packard Company)
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.2.3.0 - devolo AG)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.100.35469 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4407 - Hewlett-Packard Company)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gyazo 2.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{5DCA44EB-03F6-44A3-A294-F3E5DE98D7F6}) (Version: 4.4.10.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (HKLM\...\{3DF2B8CD-072D-49F5-BCF8-1DB86B0DF632}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Hilfe (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{6A9C9BE1-14A3-42ED-A388-42E30A1412E9}) (Version: 1.2.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{840021F2-FFC0-467A-BF85-29B8B7803717}) (Version: 2.0.8.1 - Hewlett-Packard Company)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.4.1 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Power Assistant (HKLM\...\{D9355D03-2C06-401B-8A16-F6500379AE21}) (Version: 2.1.0.6 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.08.1017 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{3F437675-F102-4866-BDE1-FFFC7B45EC0B}) (Version: 3.1.2.10229 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{FE465061-894A-4023-8580-56FCDD4F23F9}) (Version: 3.4.4.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{EE5F1911-EA95-4F1A-AF97-495972F5032D}) (Version: 2.4.3.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6428.0 - IDT)
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java(TM) 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.64 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.58.411.2012 - Realtek)
SDK (x32 Version: 2.26.012 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten (HKLM\...\{B66CA6D0-8EA3-4838-91D1-47EACDCCFA2B}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.9 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.34998 Beta - TeamViewer)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.37.0 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.37.0 - Hewlett-Packard Company) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
USB PnP Sound Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: - )
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
VIP Access SDK x64(1.0.0.50) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.0.50 - Symantec Inc.)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.16 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13282 - Xobni Corp.)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
16-11-2014 13:26:55 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
16-11-2014 13:28:19 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
16-11-2014 13:45:36 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
16-11-2014 13:46:15 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
16-11-2014 13:52:25 Wiederherstellungsvorgang
16-11-2014 14:34:25 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
16-11-2014 14:35:33 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
18-11-2014 15:57:10 Windows Update
19-11-2014 21:40:49 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {03DE6ADE-9D66-4BE3-8077-21C27BA5B8C9} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {06E2CBAE-4FE4-4990-939D-B0543BFE7310} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: {2ED23246-8A74-4B30-B807-9379DA9CA639} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {30AEB0D7-06C6-4EDC-9430-607329A6F7C6} - System32\Tasks\HPCeeScheduleForJohannes => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {6BE448C4-E51A-4D4D-AEEC-E69E30A0F7DE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {98624B44-B9EF-492E-8EE2-D27CD9CB319D} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-25] ()
Task: {9912F099-3A7B-4C9C-9AD5-7514E6859ABD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {CD8FE907-F5C8-49A8-8430-B2883FCB1C6F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CF95DEC9-AA23-42F5-86E5-898F7A7D87DB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-10-21] (Microsoft)
Task: {EA533C09-D00D-472E-B4A8-6629842205EB} - System32\Tasks\HPCeeScheduleForJOHANNES-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: C:\windows\Tasks\HPCeeScheduleForJOHANNES-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HPCeeScheduleForJohannes.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2011-07-18 15:48 - 2011-07-18 15:48 - 00156216 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-02-01 09:39 - 2013-02-01 09:39 - 03401216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-09-06 13:18 - 2010-09-06 13:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2013-02-01 08:39 - 2013-02-01 08:39 - 01323008 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2013-04-06 21:54 - 2013-04-06 21:54 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2011-05-03 02:24 - 2011-06-11 12:42 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-12-30 19:28 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-09-14 11:42 - 2012-09-14 11:42 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-09-14 11:37 - 2012-09-14 11:37 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2011-01-27 06:11 - 2011-01-27 06:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-01 09:14 - 2013-02-01 09:14 - 02830336 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2013-02-01 08:38 - 2013-02-01 08:38 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2013-02-01 09:17 - 2013-02-01 09:17 - 02863104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2013-02-01 09:15 - 2013-02-01 09:15 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2013-02-01 08:42 - 2013-02-01 08:42 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2013-02-01 08:43 - 2013-02-01 08:43 - 01945600 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2013-02-01 09:12 - 2013-02-01 09:12 - 03092480 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2014-10-18 21:06 - 2014-10-18 21:06 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2011-06-29 22:36 - 2011-01-13 02:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-09-23 19:43 - 2012-09-23 19:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2014-08-29 19:11 - 2014-11-11 19:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 19:11 - 2014-11-11 19:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 19:11 - 2014-11-11 19:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-03-12 17:10 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 20:12 - 2014-11-18 21:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 19:11 - 2014-11-11 19:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 19:11 - 2014-11-11 19:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2011-12-27 00:43 - 2014-11-18 21:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2011-12-27 00:43 - 2014-11-11 19:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-14 22:46 - 2014-11-11 19:48 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-11-10 17:27 - 2014-11-10 17:28 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-17 17:02 - 2014-11-17 17:02 - 16840880 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: (default) =>
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BtvStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: DTRun => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
MSCONFIG\startupreg: File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: HPConnectionManager => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPPowerAssistant => C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: MfeEpePcMonitor => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: QLBController => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-1488422038-2814791348-2129004140-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1488422038-2814791348-2129004140-1006 - Limited - Enabled)
Gast (S-1-5-21-1488422038-2814791348-2129004140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1488422038-2814791348-2129004140-1003 - Limited - Enabled)
Johannes (S-1-5-21-1488422038-2814791348-2129004140-1002 - Administrator - Enabled) => C:\Users\Johannes
Peter (S-1-5-21-1488422038-2814791348-2129004140-1004 - Administrator - Enabled) => C:\Users\Peter
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/21/2014 05:24:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WicaInventory.exe, Version: 6.3.9600.17204, Zeitstempel: 0x545480c0
Name des fehlerhaften Moduls: aticfx64.dll, Version: 8.17.10.1072, Zeitstempel: 0x4d90ad9f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000047b96
ID des fehlerhaften Prozesses: 0x12b0
Startzeit der fehlerhaften Anwendung: 0xWicaInventory.exe0
Pfad der fehlerhaften Anwendung: WicaInventory.exe1
Pfad des fehlerhaften Moduls: WicaInventory.exe2
Berichtskennung: WicaInventory.exe3
Error: (11/21/2014 05:23:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WicaInventory.exe, Version: 6.3.9600.17204, Zeitstempel: 0x545480c0
Name des fehlerhaften Moduls: aticfx64.dll, Version: 8.17.10.1072, Zeitstempel: 0x4d90ad9f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000047b96
ID des fehlerhaften Prozesses: 0x104c
Startzeit der fehlerhaften Anwendung: 0xWicaInventory.exe0
Pfad der fehlerhaften Anwendung: WicaInventory.exe1
Pfad des fehlerhaften Moduls: WicaInventory.exe2
Berichtskennung: WicaInventory.exe3
System errors:
=============
Error: (11/21/2014 05:19:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UimBus
Uim_DEVIM
Uim_IM
Error: (11/21/2014 05:17:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Arp Intelligent Protection Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/21/2014 05:17:54 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (11/20/2014 11:12:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Microsoft Office Sessions:
=========================
Error: (11/21/2014 05:24:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WicaInventory.exe6.3.9600.17204545480c0aticfx64.dll8.17.10.10724d90ad9fc00000050000000000047b9612b001d005a78a14cd5dC:\windows\system32\CompatTel\WicaInventory.exeC:\windows\system32\aticfx64.dllcdf50e14-719a-11e4-b637-2c4138002964
Error: (11/21/2014 05:23:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WicaInventory.exe6.3.9600.17204545480c0aticfx64.dll8.17.10.10724d90ad9fc00000050000000000047b96104c01d005a77ad29b3cC:\windows\system32\CompatTel\WicaInventory.exeC:\windows\system32\aticfx64.dllc3224c56-719a-11e4-b637-2c4138002964
CodeIntegrity Errors:
===================================
Date: 2012-07-22 14:24:03.817
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-22 14:24:03.771
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-22 14:24:03.708
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-22 14:24:03.630
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-22 13:02:39.288
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-22 13:02:39.225
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-22 13:02:24.873
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-22 13:02:24.795
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-21 14:07:56.405
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-07-21 14:07:56.312
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 60%
Total physical RAM: 4030.36 MB
Available physical RAM: 1609.87 MB
Total Pagefile: 8058.9 MB
Available Pagefile: 5166.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:573.04 GB) (Free:447.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:17.83 GB) (Free:2.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.1 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 5BB8F1BD)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=573 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)
==================== End Of Log ============================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by Johannes (administrator) on JOHANNES-HP on 21-11-2014 18:20:59
Running from C:\Users\Johannes\Desktop
Loaded Profile: Johannes (Available profiles: Johannes & Peter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Akamai Technologies, Inc.) C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Cm108Sound] => C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-11-19] (Synaptics Incorporated)
HKLM\...\Run: [tvncontrol] => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\...\MountPoints2: {8f71424b-8644-11e1-bee0-68a3c4f641c1} - D:\LaunchU3.exe -a
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKU\.DEFAULT -> {01A1E719-78CA-4756-BA03-4B7DDCD9F0F3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=70501de8-4b19-497a-bd3a-901d763d8869&apn_sauid=2238973F-F20E-4A09-BE90-5EA92D5E04A9
SearchScopes: HKU\S-1-5-21-1488422038-2814791348-2129004140-1002 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-1488422038-2814791348-2129004140-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default
FF Homepage: https://www.youtube.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1488422038-2814791348-2129004140-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\abs@avira.com [2014-11-19]
FF Extension: HTTPS-Everywhere - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\https-everywhere@eff.org [2014-10-16]
FF Extension: YouTube Unblocker - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\youtubeunblocker@unblocker.yt [2014-11-20]
FF Extension: ipFuck - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\ipfuck@p4ul.info.xpi [2013-02-28]
FF Extension: Magic Actions for YouTube™ - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2013-03-16]
FF Extension: NoScript - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-22]
FF Extension: {9ac7d46a-d278-4fba-acc6-2dc897e4d762} - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\{9ac7d46a-d278-4fba-acc6-2dc897e4d762}.xpi [2013-10-29]
FF Extension: Adblock Plus - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-28]
FF Extension: PDF Print Wizard Light - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\Extensions\{d3a1baf2-1c0d-4144-ac5f-15108599e5c3}.xpi [2013-11-06]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2012-08-12]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-08-26]
FF HKU\S-1-5-21-1488422038-2814791348-2129004140-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\ptz4vyct.default\extensions\cliqz@cliqz.com
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [993584 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-11-10] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2013-02-01] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2013-04-06] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2013-04-26] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5400848 2014-11-03] (TeamViewer GmbH)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]
S2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-07-22] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-09-14] (Qualcomm Atheros)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-07-22] ()
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [101288 2013-02-01] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158888 2013-02-01] (McAfee, Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2014-07-18] (CACE Technologies)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-01-23] ()
S1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-01-23] ()
S1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700680 2014-01-23] ()
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-21 18:20 - 2014-11-21 18:22 - 00021952 _____ () C:\Users\Johannes\Desktop\FRST.txt
2014-11-21 18:20 - 2014-11-21 18:21 - 00000000 ____D () C:\FRST
2014-11-21 18:18 - 2014-11-21 18:18 - 02117632 _____ (Farbar) C:\Users\Johannes\Desktop\FRST64.exe
2014-11-21 18:18 - 2014-11-21 18:18 - 00000478 _____ () C:\Users\Johannes\Desktop\defogger_disable.log
2014-11-21 18:18 - 2014-11-21 18:18 - 00000000 _____ () C:\Users\Johannes\defogger_reenable
2014-11-21 18:15 - 2014-11-21 18:15 - 00050477 _____ () C:\Users\Johannes\Desktop\Defogger.exe
2014-11-20 22:36 - 2014-11-20 22:36 - 00000000 ____D () C:\windows\ERUNT
2014-11-20 22:28 - 2014-11-20 22:32 - 00000000 ____D () C:\AdwCleaner
2014-11-19 16:56 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 16:56 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 16:56 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 16:56 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-18 20:30 - 2014-11-20 22:27 - 00000196 _____ () C:\Users\Johannes\Desktop\csgo.txt
2014-11-17 21:17 - 2014-11-17 21:19 - 207485208 _____ (Advanced Micro Devices, Inc.) C:\Users\Johannes\Downloads\13-9_win7_win8_64_dd_ccc_whql(1).exe
2014-11-17 21:07 - 2014-11-17 21:07 - 00891224 _____ (AMD) C:\Users\Johannes\Downloads\amddriverdownloader.exe
2014-11-16 14:38 - 2014-11-16 14:38 - 00056548 _____ () C:\windows\SysWOW64\CCCInstall_201411161438097924.log
2014-11-16 14:38 - 2014-11-16 14:38 - 00000000 ____D () C:\ProgramData\ATI
2014-11-16 14:38 - 2014-11-16 14:38 - 00000000 ____D () C:\ProgramData\AMD
2014-11-16 14:38 - 2014-11-16 14:38 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-11-16 14:37 - 2014-11-16 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-11-16 14:32 - 2014-11-16 14:32 - 00000000 ____D () C:\Program Files\AMD
2014-11-16 14:21 - 2014-11-16 14:24 - 286582040 _____ (AMD Inc.) C:\Users\Johannes\Downloads\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe
2014-11-16 14:01 - 2014-11-16 14:01 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-11-16 14:00 - 2014-11-16 14:25 - 00000000 ____D () C:\AMD
2014-11-16 13:54 - 2014-11-16 13:59 - 207485208 _____ (Advanced Micro Devices, Inc.) C:\Users\Johannes\Downloads\13-9_win7_win8_64_dd_ccc_whql.exe
2014-11-12 17:25 - 2014-11-12 17:25 - 09698760 _____ (Nota Inc. ) C:\Users\Johannes\Downloads\Gyazo-2.3.0.exe
2014-11-12 17:25 - 2014-11-12 17:25 - 00003764 _____ () C:\windows\System32\Tasks\GyazoUpdateTaskMachine
2014-11-12 17:11 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-12 17:11 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-12 17:11 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-12 17:11 - 2014-10-27 21:32 - 17870336 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-12 17:11 - 2014-10-27 21:13 - 02339840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-12 17:11 - 2014-10-27 21:12 - 10921472 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-12 17:11 - 2014-10-27 21:07 - 01388032 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-12 17:11 - 2014-10-27 21:06 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-12 17:11 - 2014-10-27 21:05 - 01494016 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-12 17:11 - 2014-10-27 21:05 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-11-12 17:11 - 2014-10-27 21:05 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 02157056 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-12 17:11 - 2014-10-27 21:04 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-12 17:11 - 2014-10-27 21:03 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-12 17:11 - 2014-10-27 21:03 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-12 17:11 - 2014-10-27 21:03 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-12 17:11 - 2014-10-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-12 17:11 - 2014-10-27 21:03 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-11-12 17:11 - 2014-10-27 21:03 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-11-12 17:11 - 2014-10-27 21:03 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-11-12 17:11 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-12 17:11 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-12 17:11 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-12 17:11 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-12 17:11 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-12 17:11 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-12 17:11 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-11-12 17:11 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-12 17:11 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-12 17:11 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-12 17:11 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-12 17:11 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-12 17:11 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-12 17:11 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-11-12 17:11 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-11-12 17:11 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-11-12 17:11 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-12 17:11 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-12 17:11 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-12 17:11 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-12 17:11 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-12 17:11 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-12 17:11 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-12 17:11 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-12 17:11 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-12 17:11 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-12 17:11 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-12 17:11 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-12 17:11 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-12 17:11 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-12 17:11 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-12 17:11 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-12 17:10 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-12 17:10 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-12 17:10 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-12 17:10 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-12 17:10 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-12 17:10 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-12 17:10 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-12 17:10 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-12 17:10 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-12 17:10 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-12 17:10 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-12 17:10 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-12 17:10 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-12 17:10 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-12 17:10 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-12 17:10 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-12 17:10 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-10 17:27 - 2014-11-10 17:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-04 20:56 - 2014-11-04 20:56 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\TightVNC
2014-11-04 20:07 - 2014-11-04 20:07 - 00001007 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-11-04 20:07 - 2014-11-04 20:07 - 00000995 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-11-04 19:41 - 2014-11-04 19:41 - 00000000 ____D () C:\Users\Johannes\Documents\My Games
2014-11-04 17:07 - 2014-11-04 19:43 - 00000222 _____ () C:\Users\Johannes\Desktop\The Binding of Isaac Rebirth.url
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-21 18:18 - 2011-12-03 18:03 - 00000000 ____D () C:\Users\Johannes
2014-11-21 17:38 - 2011-06-29 22:32 - 01241435 _____ () C:\windows\WindowsUpdate.log
2014-11-21 17:31 - 2011-12-27 00:39 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-21 17:26 - 2009-07-14 05:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-21 17:26 - 2009-07-14 05:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 17:25 - 2011-05-03 02:10 - 00714300 _____ () C:\windows\system32\perfh007.dat
2014-11-21 17:25 - 2011-05-03 02:10 - 00156098 _____ () C:\windows\system32\perfc007.dat
2014-11-21 17:25 - 2009-07-14 06:13 - 01660510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-21 17:19 - 2011-05-03 02:22 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-21 17:17 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-21 17:17 - 2009-07-14 05:51 - 00173043 _____ () C:\windows\setupact.log
2014-11-20 22:42 - 2012-01-04 17:16 - 00003954 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{D07EF50A-85F7-4C00-BDDA-5B79AFF39123}
2014-11-20 22:33 - 2011-06-29 23:01 - 00561958 _____ () C:\windows\PFRO.log
2014-11-20 17:23 - 2014-07-08 16:26 - 00003204 _____ () C:\windows\System32\Tasks\HPCeeScheduleForJohannes
2014-11-20 17:23 - 2014-07-08 16:26 - 00000344 _____ () C:\windows\Tasks\HPCeeScheduleForJohannes.job
2014-11-18 17:26 - 2012-01-01 21:13 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-18 17:26 - 2011-12-25 21:44 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-11-17 17:48 - 2011-12-04 01:58 - 00000000 ____D () C:\windows\rescache
2014-11-17 17:02 - 2012-04-02 08:47 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-17 17:02 - 2011-12-27 13:36 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-16 15:39 - 2011-12-27 13:17 - 00000000 ____D () C:\Users\Johannes\AppData\Local\CrashDumps
2014-11-16 14:58 - 2011-12-25 11:35 - 00000000 ____D () C:\Users\Peter
2014-11-16 14:58 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\registration
2014-11-16 14:36 - 2011-06-29 22:42 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-11-16 14:29 - 2014-08-14 16:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-16 01:12 - 2012-02-28 19:38 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\TS3Client
2014-11-15 18:41 - 2012-12-18 20:28 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\HpUpdate
2014-11-14 16:32 - 2012-03-14 19:32 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Akamai
2014-11-13 16:39 - 2011-12-03 18:24 - 00110352 _____ () C:\Users\Johannes\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 16:23 - 2009-07-14 05:45 - 00410904 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-12 23:16 - 2014-05-06 17:06 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-12 18:25 - 2012-05-06 18:15 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2014-11-12 17:35 - 2011-12-03 18:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 17:28 - 2013-08-15 18:19 - 00000000 ____D () C:\windows\system32\MRT
2014-11-12 17:25 - 2012-08-27 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-11-12 17:21 - 2011-12-03 18:59 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-11 16:59 - 2012-08-24 21:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-08 12:41 - 2014-09-15 15:40 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-08 12:41 - 2012-11-02 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-08 12:41 - 2012-11-02 17:23 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-04 21:58 - 2011-12-30 19:31 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-11-04 20:07 - 2012-01-14 13:56 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\TeamViewer
2014-11-04 14:30 - 2011-12-03 18:21 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-30 18:11 - 2011-12-03 18:03 - 00003224 _____ () C:\windows\System32\Tasks\HPCeeScheduleForJOHANNES-HP$
2014-10-30 18:11 - 2011-12-03 18:03 - 00000348 _____ () C:\windows\Tasks\HPCeeScheduleForJOHANNES-HP$.job
2014-10-29 17:11 - 2009-07-14 06:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-10-28 16:53 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-23 19:39 - 2011-05-03 01:45 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-10-22 16:29 - 2014-06-30 13:35 - 00000000 ____D () C:\Users\Johannes\Documents\Studium
Some content of TEMP:
====================
C:\Users\Johannes\AppData\Local\Temp\AskSLib.dll
C:\Users\Johannes\AppData\Local\Temp\AtpTimerInfo.dll
C:\Users\Johannes\AppData\Local\Temp\avgnt.exe
C:\Users\Johannes\AppData\Local\Temp\DTLocker+-D-ParaDelay.exe
C:\Users\Johannes\AppData\Local\Temp\Extract.exe
C:\Users\Johannes\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Johannes\AppData\Local\Temp\install_flashplayer12x32au_mssd_aaa_aih.exe
C:\Users\Johannes\AppData\Local\Temp\mqermkms.dll
C:\Users\Johannes\AppData\Local\Temp\Paint.NET.3.5.11.Install.exe
C:\Users\Johannes\AppData\Local\Temp\paint.net.4.0.3.install.exe
C:\Users\Johannes\AppData\Local\Temp\Quarantine.exe
C:\Users\Johannes\AppData\Local\Temp\Resource.exe
C:\Users\Johannes\AppData\Local\Temp\SP53858.exe
C:\Users\Johannes\AppData\Local\Temp\SP54972.exe
C:\Users\Johannes\AppData\Local\Temp\SP56729.exe
C:\Users\Johannes\AppData\Local\Temp\SP57014.exe
C:\Users\Johannes\AppData\Local\Temp\SP57555.exe
C:\Users\Johannes\AppData\Local\Temp\SP57556.exe
C:\Users\Johannes\AppData\Local\Temp\SP57879.exe
C:\Users\Johannes\AppData\Local\Temp\SP58268.exe
C:\Users\Johannes\AppData\Local\Temp\SP58647.exe
C:\Users\Johannes\AppData\Local\Temp\sp58915.exe
C:\Users\Johannes\AppData\Local\Temp\SP58930.exe
C:\Users\Johannes\AppData\Local\Temp\SP59118.exe
C:\Users\Johannes\AppData\Local\Temp\SP59151.exe
C:\Users\Johannes\AppData\Local\Temp\SP59196.exe
C:\Users\Johannes\AppData\Local\Temp\SP59202.exe
C:\Users\Johannes\AppData\Local\Temp\SP59213.exe
C:\Users\Johannes\AppData\Local\Temp\SP59291.exe
C:\Users\Johannes\AppData\Local\Temp\SP59529.exe
C:\Users\Johannes\AppData\Local\Temp\SP59530.exe
C:\Users\Johannes\AppData\Local\Temp\SP60095.exe
C:\Users\Johannes\AppData\Local\Temp\SP60686.exe
C:\Users\Johannes\AppData\Local\Temp\SP60769.exe
C:\Users\Johannes\AppData\Local\Temp\SP61104.exe
C:\Users\Johannes\AppData\Local\Temp\SP61411.exe
C:\Users\Johannes\AppData\Local\Temp\SP61423.exe
C:\Users\Johannes\AppData\Local\Temp\SP61823.exe
C:\Users\Johannes\AppData\Local\Temp\SP63779.exe
C:\Users\Johannes\AppData\Local\Temp\sp64126.exe
C:\Users\Johannes\AppData\Local\Temp\sqlite3.dll
C:\Users\Johannes\AppData\Local\Temp\uninst1.exe
C:\Users\Johannes\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Peter\AppData\Local\Temp\AskSLib.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-17 17:40
==================== End Of Log ============================
Gmer: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-21 19:02:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\Johannes\AppData\Local\Temp\axddrkow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033c1000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800033c102f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000754f1401 2 bytes JMP 7500b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000754f1419 2 bytes JMP 7500b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000754f1431 2 bytes JMP 75088ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000754f144a 2 bytes CALL 74fe48ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754f14dd 2 bytes JMP 750887a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754f14f5 2 bytes JMP 75088978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000754f150d 2 bytes JMP 75088698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000754f1525 2 bytes JMP 75088a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000754f153d 2 bytes JMP 74fffca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000754f1555 2 bytes JMP 750068ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000754f156d 2 bytes JMP 75088f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000754f1585 2 bytes JMP 75088ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000754f159d 2 bytes JMP 7508865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754f15b5 2 bytes JMP 74fffd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754f15cd 2 bytes JMP 7500b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754f16b2 2 bytes JMP 75088e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2220] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754f16bd 2 bytes JMP 750885f1 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000754f1401 2 bytes JMP 7500b21b C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000754f1419 2 bytes JMP 7500b346 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000754f1431 2 bytes JMP 75088ea9 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000754f144a 2 bytes CALL 74fe48ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754f14dd 2 bytes JMP 750887a2 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754f14f5 2 bytes JMP 75088978 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000754f150d 2 bytes JMP 75088698 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000754f1525 2 bytes JMP 75088a62 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000754f153d 2 bytes JMP 74fffca8 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000754f1555 2 bytes JMP 750068ef C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000754f156d 2 bytes JMP 75088f61 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000754f1585 2 bytes JMP 75088ac2 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000754f159d 2 bytes JMP 7508865c C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754f15b5 2 bytes JMP 74fffd41 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754f15cd 2 bytes JMP 7500b2dc C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754f16b2 2 bytes JMP 75088e24 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2864] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754f16bd 2 bytes JMP 750885f1 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000754f1401 2 bytes JMP 7500b21b C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000754f1419 2 bytes JMP 7500b346 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000754f1431 2 bytes JMP 75088ea9 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000754f144a 2 bytes CALL 74fe48ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754f14dd 2 bytes JMP 750887a2 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754f14f5 2 bytes JMP 75088978 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000754f150d 2 bytes JMP 75088698 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000754f1525 2 bytes JMP 75088a62 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000754f153d 2 bytes JMP 74fffca8 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000754f1555 2 bytes JMP 750068ef C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000754f156d 2 bytes JMP 75088f61 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000754f1585 2 bytes JMP 75088ac2 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000754f159d 2 bytes JMP 7508865c C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754f15b5 2 bytes JMP 74fffd41 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754f15cd 2 bytes JMP 7500b2dc C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754f16b2 2 bytes JMP 75088e24 C:\windows\syswow64\kernel32.dll
.text C:\Users\Johannes\AppData\Local\Akamai\netsession_win.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754f16bd 2 bytes JMP 750885f1 C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\SysWOW64\WSOCK32.dll!recv + 82 00000000728517fa 2 bytes CALL 74fe11a9 C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072851860 2 bytes CALL 74fe11a9 C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072851942 2 bytes JMP 75797089 C:\windows\syswow64\WS2_32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007285194d 2 bytes JMP 7579cba6 C:\windows\syswow64\WS2_32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000754f1401 2 bytes JMP 7500b21b C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000754f1419 2 bytes JMP 7500b346 C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000754f1431 2 bytes JMP 75088ea9 C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000754f144a 2 bytes CALL 74fe48ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754f14dd 2 bytes JMP 750887a2 C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754f14f5 2 bytes JMP 75088978 C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000754f150d 2 bytes JMP 75088698 C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000754f1525 2 bytes JMP 75088a62 C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000754f153d 2 bytes JMP 74fffca8 C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000754f1555 2 bytes JMP 750068ef C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000754f156d 2 bytes JMP 75088f61 C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000754f1585 2 bytes JMP 75088ac2 C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000754f159d 2 bytes JMP 7508865c C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754f15b5 2 bytes JMP 74fffd41 C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754f15cd 2 bytes JMP 7500b2dc C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754f16b2 2 bytes JMP 75088e24 C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWOW64\PnkBstrA.exe[3084] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754f16bd 2 bytes JMP 750885f1 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000754f1401 2 bytes JMP 7500b21b C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000754f1419 2 bytes JMP 7500b346 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000754f1431 2 bytes JMP 75088ea9 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000754f144a 2 bytes CALL 74fe48ad C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754f14dd 2 bytes JMP 750887a2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754f14f5 2 bytes JMP 75088978 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000754f150d 2 bytes JMP 75088698 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000754f1525 2 bytes JMP 75088a62 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000754f153d 2 bytes JMP 74fffca8 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000754f1555 2 bytes JMP 750068ef C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000754f156d 2 bytes JMP 75088f61 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000754f1585 2 bytes JMP 75088ac2 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000754f159d 2 bytes JMP 7508865c C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754f15b5 2 bytes JMP 74fffd41 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754f15cd 2 bytes JMP 7500b2dc C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754f16b2 2 bytes JMP 75088e24 C:\windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3164] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754f16bd 2 bytes JMP 750885f1 C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000739f11a8 2 bytes [9F, 73]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 00000000739f127d 2 bytes CALL 74fe14b9 C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 00000000739f1310 2 bytes CALL 74fe14b9 C:\windows\syswow64\kernel32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000739f13a8 2 bytes [9F, 73]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 00000000739f1422 2 bytes [9F, 73]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 00000000739f1498 2 bytes [9F, 73]
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4 0000000073811825 2 bytes JMP 755b6125 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4 0000000073811830 2 bytes JMP 755b6145 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4 000000007381183b 2 bytes JMP 755b6165 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4 0000000073811846 2 bytes JMP 755b5a05 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4 0000000073811851 2 bytes JMP 755b6185 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4 000000007381185c 2 bytes JMP 755b6265 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4 0000000073811867 2 bytes JMP 755b6285 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4 0000000073811872 2 bytes JMP 755b62a5 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4 000000007381187d 2 bytes JMP 755b62c5 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4 0000000073811888 2 bytes JMP 755b5a25 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4 0000000073811893 2 bytes JMP 755b62e5 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4 000000007381189e 2 bytes JMP 755b5aa5 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4 00000000738118a9 2 bytes JMP 755b6305 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4 00000000738118b4 2 bytes JMP 755b6325 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4 00000000738118bf 2 bytes JMP 75581fcb C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4 00000000738118ca 2 bytes JMP 755b6365 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4 00000000738118d5 2 bytes JMP 755b5ac5 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4 00000000738118e0 2 bytes JMP 755b5b45 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4 00000000738118eb 2 bytes JMP 755b5b65 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4 00000000738118f6 2 bytes JMP 755b68c5 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4 0000000073811901 2 bytes JMP 755b5a85 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4 000000007381190c 2 bytes JMP 755b68e5 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4 0000000073811917 2 bytes JMP 755b6925 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4 0000000073811922 2 bytes JMP 755b5ae5 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4 000000007381192d 2 bytes JMP 755b6945 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4 0000000073811938 2 bytes JMP 755b6965 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4 0000000073811943 2 bytes JMP 755b6985 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4 000000007381194e 2 bytes JMP 755b69a5 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4 0000000073811959 2 bytes JMP 755b69c5 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4 0000000073811964 2 bytes JMP 755b69e5 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4 000000007381196f 2 bytes JMP 755b6a05 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4 000000007381197a 2 bytes JMP 755b6a25 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4 0000000073811985 2 bytes JMP 755b6a45 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4 0000000073811990 2 bytes JMP 755b6a65 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4 000000007381199b 2 bytes JMP 755b6a85 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4 00000000738119a6 2 bytes JMP 755b6aa5 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4 00000000738119b1 2 bytes JMP 755b6ac5 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4 00000000738119bc 2 bytes JMP 755b6ae5 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4 00000000738119c7 2 bytes JMP 755b6b05 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4 00000000738119d2 2 bytes JMP 755b6b25 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4 00000000738119dd 2 bytes JMP 755b5b85 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4 00000000738119e8 2 bytes JMP 755b6b65 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4 00000000738119f3 2 bytes JMP 755b6b85 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4 00000000738119fe 2 bytes JMP 755b6bc3 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4 0000000073811a09 2 bytes JMP 755b6be3 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4 0000000073811a14 2 bytes JMP 755b6c03 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4 0000000073811a1f 2 bytes JMP 755b5b05 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4 0000000073811a2a 2 bytes JMP 755b6c23 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4 0000000073811a35 2 bytes JMP 755b6c43 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4 0000000073811a40 2 bytes JMP 755b6c63 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4 0000000073811a4b 2 bytes JMP 755b6c83 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4 0000000073811a56 2 bytes JMP 755b6ca3 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4 0000000073811a61 2 bytes JMP 755b6cc3 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4 0000000073811a6c 2 bytes JMP 755b5ba5 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4 0000000073811a77 2 bytes JMP 755b6ce3 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4 0000000073811a82 2 bytes JMP 755b6d03 C:\windows\syswow64\GDI32.dll
.text C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe[3196] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52 0000000073811ab2 2 bytes JMP 76bddc75 C:\windows\syswow64\msvcrt.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\68a3c4f641c1
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\68a3c4f641c1 (not active ControlSet)
---- EOF - GMER 2.1 ----
Code:
ATTFilter Exportierte Ereignisse:
20.11.2014 21:33 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Johannes\AppData\Local\Temp\CBB993BC-BAB0-7891-B450-D6D7D872DD06\Lates
t\ccp.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/BProtector.Gen2' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5014f119.qua'
verschoben!
|
| Themen zu Windows7: TR/BProtector.Gen2 & EXP/CVE-2012-1723.A1 gefunden! |
| adware, bingbar, bluescreen, bprotector.gen2, converter, device driver, dvdvideosoft ltd., exp/cve-2012-1723.a1, fehlercode 0xc0000005, fehlercode windows, firefox 33.1, homepage, installation, rundll, services.exe, svchost.exe, symantec, tr/bprotector.gen2, win32/adware.advpctweak, win32/downloadsponsor.a, win32/toolbar.babylon.a, win32/toolbar.babylon.e, win32/toolbar.babylon.i, win32/toolbar.conduit, windows |
Baum-Darstellung