| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.02.2015, 20:39
| #1 |
 |  Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ Hey Leute, mir ist heute die Erinnerung an ein altes "Problem" gekommen. Ich schrieb damals schon hier im Forum und mir wurde auch geholfen. Ich war dann allerdings 3 Wochen in einem Urlaub, danach ist das Problem in Vergessenheit geraten. Hier der Link zum alten Problem: http://www.trojaner-board.de/145931-...unbekannt.html War wirklich keine Absicht... hab's einfach vergessen nach dem langen Urlaub, sorry und danke für die damalige Hilfe! Den letzten Schritt der damals von Schrauber empfohlen wurde habe ich nicht mehr ausgeführt. Da so viel Zeit vergangen ist, traue ich mich nicht einfach den Schritt auszuführen, ist ja nicht sicher ob er noch angebracht ist. Mir kam die Erinnerung an damals heute, als ich auf einer Partition folgenden Ordner gefunden habe: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ Der Ordner enthält wiederum Ordner mit Namen: Z......ZZ....ZZZ (in verschiedenen Variationen, die Z Anzahl variert) Die Ordner wiederum enthalten Datein mit selben Namensvormat, teilweise im Win-Rar bzw. Zip Format und im .ZZZ (Die Endung taucht dabei auch in verschiedenen Z Zahlen auf, von .Z bis .ZZZZZ ist alles dabei). Ich traue mich nicht weiter an den Ordner ran bzw. ihn einfach zu löschen ohne weiter abgeklärt zu haben, um was es sich dabei handeln könnte. Ich habe keine Ahnung ob mein PC infiziert ist, ich habe keine sichtbaren Symptome, bis eben diese Ordner/Datein. Ich hoffe ihr helft mir nochmal, auch wenn ich es damals vergessen habe zu Ende zu führen.  Entschuldigung dafür! Hier die FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Niko (administrator) on QUESTMASTER3000 on 09-02-2015 20:09:29
Running from C:\Users\Niko\Downloads
Loaded Profiles: Niko (Available profiles: Niko)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech Inc.) C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Roccat GmbH) C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.234\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\LoLPatcher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.127\deploy\LolClient.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [1783296 2006-07-23] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RoccatKova+] => C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Run: [] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {1f2ae42a-6c2a-11e1-b0a8-6c626d05b0fe} - H:\Startme.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {379e72df-efc9-11df-8b4a-bc0543012beb} - G:\autorun.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {5a9cca7b-9dd3-11e0-84c8-6c626d05b0fe} - G:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {5cad3377-32e1-11e0-b4ea-bc0543012beb} - G:\Setup.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {6aab9b84-3ad2-11e1-9c2a-6c626d05b0fe} - J:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {73f1126d-ebea-11e3-8e72-6c626d05b0fe} - G:\AutoRun.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {a4e48009-2754-11e1-acab-6c626d05b0fe} - G:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {b0ffa8fa-dcf2-11e3-bcfc-6c626d05b0fe} - I:\LaunchU3.exe -a
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {d76988f4-d636-11df-8edb-6c626d05b0fe} - H:\pushinst.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {f77b1307-55ad-11e3-b52c-6c626d05b0fe} - G:\AUTORUN.EXE
Startup: C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll (Kaspersky Lab ZAO)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1216835461-190305365-3235199106-1000 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKU\S-1-5-21-1216835461-190305365-3235199106-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B1BCECC2-475A-46EA-AF15-1D84FEA5E409}: [NameServer] 8.8.8.8,8.8.4.4
FireFox:
========
FF ProfilePath: C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default
FF DefaultSearchUrl:
FF SearchEngineOrder.1: foxsearch
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1216835461-190305365-3235199106-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-1216835461-190305365-3235199106-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\searchplugins\icqplugin.xml
FF Extension: Procon Latte Content Filter - C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\Extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi [2014-05-31]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF Extension: Adblock Plus - C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-23]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Thunderbird\Extensions: [te_9.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012-03-12]
FF HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.149\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.149\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.149\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Shockwave for Director) - C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll (Macromedia, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Gutscheinmieze-Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Niko\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-01-03]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-01-03]
CHR Extension: (Content Blocker) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-01-03]
CHR Extension: (Virtual Keyboard) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-01-03]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-01-10]
CHR Extension: (Google Wallet) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Anti-Banner) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-01-03]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-01-07]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2011-01-08] ()
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-04] (Disc Soft Ltd)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-06] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2014-12-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-06] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2013-04-24] (Windows (R) Win 7 DDK provider)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 VMC31D; C:\Windows\System32\Drivers\VMC31D.sys [179968 2008-04-09] (Vimicro Corporation) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 AODDriver; \??\C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-09 20:09 - 2015-02-09 20:10 - 00028117 _____ () C:\Users\Niko\Downloads\FRST.txt
2015-02-09 20:09 - 2015-02-09 20:09 - 02132992 _____ (Farbar) C:\Users\Niko\Downloads\FRST64.exe
2015-02-09 20:08 - 2015-02-09 20:08 - 00050477 _____ () C:\Users\Niko\Downloads\Defogger.exe
2015-02-09 20:08 - 2015-02-09 20:08 - 00000540 _____ () C:\Users\Niko\Downloads\defogger_disable.log
2015-01-26 20:43 - 2015-01-26 20:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 12:25 - 2015-01-25 12:25 - 00094720 _____ () C:\Users\Niko\Downloads\Controlling_Loesungen(1).xls
2015-01-14 21:04 - 2015-01-14 21:04 - 05516918 _____ () C:\Users\Niko\Downloads\1
2015-01-14 17:49 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 17:49 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 17:49 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 17:49 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 17:49 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 17:49 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 17:49 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 17:49 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 17:49 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 17:49 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 17:49 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 17:49 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 17:49 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 20:19 - 2015-01-11 20:39 - 00000000 ____D () C:\Program Files (x86)\Altitude
2015-01-11 20:19 - 2015-01-11 20:19 - 00001897 _____ () C:\Users\Public\Desktop\Altitude.lnk
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altitude
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-09 20:09 - 2013-12-11 13:53 - 00000000 ____D () C:\FRST
2015-02-09 20:08 - 2013-12-11 13:45 - 00000296 _____ () C:\Users\Niko\defogger_reenable
2015-02-09 19:58 - 2010-12-13 15:44 - 00000000 ____D () C:\Windows\Minidump
2015-02-09 19:51 - 2012-04-01 18:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 19:49 - 2013-12-04 11:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-09 18:19 - 2010-10-12 20:00 - 01834400 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 17:19 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 17:19 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 17:14 - 2012-04-15 19:12 - 00000000 ____D () C:\Users\Niko\Desktop\FK 10
2015-02-09 17:10 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-09 17:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 13:15 - 2010-10-13 19:31 - 00000000 ____D () C:\Users\Niko\AppData\Roaming\Skype
2015-02-06 19:51 - 2012-04-01 18:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 19:51 - 2012-04-01 18:41 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 19:51 - 2011-06-01 09:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 21:46 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-01-29 21:46 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-01-29 21:46 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 16:43 - 2012-05-04 11:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 20:53 - 2013-10-17 22:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 19:55 - 2014-08-11 15:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-26 19:55 - 2012-04-10 01:34 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-22 21:00 - 2010-10-12 20:42 - 00000000 ____D () C:\Users\Niko\AppData\Local\CrashDumps
2015-01-14 21:38 - 2013-08-15 10:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:29 - 2010-10-13 22:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2011-12-08 21:44 - 2011-12-08 21:53 - 0000651 _____ () C:\Users\Niko\AppData\Roaming\MPQEditor.ini
2012-08-09 14:35 - 2012-08-09 14:36 - 0097497 _____ () C:\Users\Niko\AppData\Roaming\Scribe.dmp
2011-08-29 13:01 - 2013-06-16 10:11 - 0023094 _____ () C:\Users\Niko\AppData\Roaming\wklnhst.dat
2014-04-08 20:28 - 2014-04-08 20:28 - 0001456 _____ () C:\Users\Niko\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2011-10-31 22:06 - 2011-10-31 22:06 - 0007604 _____ () C:\Users\Niko\AppData\Local\Resmon.ResmonCfg
2011-06-15 21:29 - 2011-06-19 16:38 - 0001940 _____ () C:\Users\Niko\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2010-10-13 19:32 - 2010-10-13 19:32 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-10-13 20:33 - 2014-10-18 21:22 - 0049225 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Niko\AppData\Local\Temp\detectionapi_rd.dll
C:\Users\Niko\AppData\Local\Temp\detectionui_r.exe
C:\Users\Niko\AppData\Local\Temp\directx10tests_rd.dll
C:\Users\Niko\AppData\Local\Temp\directx11tests_rd.dll
C:\Users\Niko\AppData\Local\Temp\directx9tests_rd.dll
C:\Users\Niko\AppData\Local\Temp\local.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-03 18:49
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Niko at 2015-02-09 20:10:54
Running from C:\Users\Niko\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Total Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Total Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Altitude 1.1 (HKLM-x32\...\4578-0181-0549-1546) (Version: 1.1 - Nimbly Games)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
America (HKLM-x32\...\America) (Version: - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
applicationupdater (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\SOE-C:/Users/Niko/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version: - Sony Online Entertainment)
Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C6300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Canon Utilities Digital Photo Professional 3.11 (HKLM-x32\...\Digital Photo Professional) (Version: 3.11.30.3 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.11.3.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.2.1.13 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.10.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.13 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Citrix Online Plug-in - Web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
EndNote X4 (HKLM-x32\...\{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}) (Version: 14.0.0.4845 - Thomson Reuters)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Free 3GP Video Converter version 5.0.21.1212 (HKLM-x32\...\Free 3GP Video Converter_is1) (Version: 5.0.21.1212 - DVDVideoSoft Ltd.)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Converter version 5.0.23.320 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.1.42.1212 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.42.1212 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IBM SPSS Statistics 19 (HKLM\...\{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}) (Version: 19.0.0 - SPSS Inc., an IBM Company)
IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
IndustrieGigant 2 (HKLM-x32\...\{8FA7E81D-6D99-4788-8BE4-D898B346AB2E}) (Version: 1.1.0.0 - JoWooD Productions Software AG)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader (HKLM-x32\...\JDownloader) (Version: - AppWork UG (haftungsbeschränkt))
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech G11 Keyboard Software 1.03 (HKLM\...\{59427B1F-852F-4AF1-8215-E5B12F966D89}) (Version: 1.3.166.0 - Logitech)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mendeley Desktop 1.3.1 (HKLM-x32\...\Mendeley Desktop) (Version: 1.3.1 - Mendeley Ltd.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{B26E3B0D-C2FA-4370-B068-7C476766F029}) (Version: 08.04.0702 - Microsoft Corporation)
Microsoft Works Suite-Add-Ins für Microsoft Word (HKLM-x32\...\{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}) (Version: 8.0.0.0000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mindjet (HKLM-x32\...\{6D1AFA44-6E87-41F5-B7D4-4C457A98A3A3}) (Version: 11.1.353 - Mindjet)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{4AA68A73-DB9C-439D-9481-981C82BD008B}) (Version: 7.1.69.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.3.86.0 - Nokia)
Nokia Suite (x32 Version: 3.3.86.0 - Nokia) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.36 - Symantec)
Notation Composer 2.6.3 Trial (HKLM-x32\...\{9C20F41F-CD00-4EA9-BCC9-5D0855EF30C2}) (Version: 2.6.3 - Notation Software) <==== ATTENTION
Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version: - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
partypoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
PC Connectivity Solution (HKLM-x32\...\{A2AA4204-C05A-4013-888A-AD153139297F}) (Version: 11.5.29.0 - Nokia)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PlanetSide 2 (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\SOE-PlanetSide 2 PSG) (Version: - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
Populous: The Beginning (HKLM-x32\...\Populous: The Beginning) (Version: 1.03 - Bullfrog)
PS_AIO_04_C6300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - )
ROCCAT Kova[+] Mouse Driver (HKLM-x32\...\{A86DDFE3-F661-461C-9BF2-876AC2CA57DE}) (Version: 1.10 - Roccat GmbH)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScummVM Git (HKLM-x32\...\ScummVM_is1) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Setup-Start von Microsoft Works 2005 (HKLM-x32\...\Works2005Setup) (Version: - )
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
Silent Hunter 5 (HKLM-x32\...\{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}) (Version: 1.2.0 - Ubisoft)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Söldner Secret Wars - Community Edition Version 33960 (HKLM-x32\...\{F3AF62F5-665E-4B3E-8899-5C46D1793391}_is1) (Version: 33960 - soldnersecretwars.de)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.12.12.41 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.108 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.108 - Sony)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
STARWARS: The Battle of Endor version 2.1 (HKLM-x32\...\STARWARS: The Battle of Endor v2.1_is1) (Version: - Bruno R. Marcos)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stranded II 1.0.0.1 (HKLM-x32\...\{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1) (Version: - Unreal Software)
Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal (HKLM-x32\...\Steam App 31170) (Version: - Telltale Games)
Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay (HKLM-x32\...\Steam App 31180) (Version: - Telltale Games)
Tales of Monkey Island: Chapter 3 - Lair of the Leviathan (HKLM-x32\...\Steam App 31190) (Version: - Telltale Games)
Tales of Monkey Island: Chapter 4 - The Trial and Execution of Guybrush Threepwood (HKLM-x32\...\Steam App 31200) (Version: - Telltale Games)
Tales of Monkey Island: Chapter 5 - Rise of the Pirate God (HKLM-x32\...\Steam App 31210) (Version: - Telltale Games)
TeamSpeak 3 Client (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
TomTom HOME 2.8.2.2264 (HKLM-x32\...\TomTom HOME) (Version: 2.8.2.2264 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.49 - Creative Island Media, LLC) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 1.1.8 (HKLM-x32\...\VLC media player) (Version: 1.1.8 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Works Update (x32 Version: 8.0.0.0000 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.2.0.16826 - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{5be52a22-f148-4495-bf42-53cd0367c056}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-05-24 15:24 - 00000836 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {07F14CBB-44D8-4976-8119-8C69192C48BE} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0897BBC7-D121-4F07-9838-F12C6DA30141} - System32\Tasks\{B24CB037-AB4D-4C95-B81B-9C8AF6B600E5} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {1DEADAE6-FC5C-4ACE-9D0A-A8C54D135654} - System32\Tasks\{BCCDA5D3-2212-4AB4-921C-831790D4D59D} => D:\Niko\LucasArts\Monkey Island 2 LeChucks Revenge Special Edition\Monkey2.exe
Task: {263007BF-6B17-4D8F-9A49-C962FE28CE4F} - System32\Tasks\{BE69D37A-D45C-41C5-97D7-ABBBE8F4B4E0} => F:\AUTORUN.EXE
Task: {283F984A-AB35-4FC3-A64F-0D98C52EAC6E} - System32\Tasks\{D83F7E2F-F944-4344-A2C0-7E43A04F4192} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -c -runfromtemp -l0x0007 -removeonly
Task: {2EB67EBE-7D0C-41A7-9EBA-71964B81DDC3} - System32\Tasks\{4D2E3DDC-0A55-4CDF-8193-B49A86F1F31E} => D:\Siedler\BLUEBYTE\SIEDLER2\SIEDLER2.EXE [2010-10-18] ()
Task: {2F2FD535-9B25-4027-8EBD-0B5D41894E69} - System32\Tasks\{42A8F30A-90D7-4932-A9A4-B8209AE63396} => D:\Siedler\BLUEBYTE\SIEDLER2\SIEDLER2.EXE [2010-10-18] ()
Task: {31250475-1FD8-4276-BF00-173EF208248E} - System32\Tasks\{E01AF9FC-3534-45FD-BB90-68DCF6FEBE07} => C:\Team17\Worms World Party\wwp.exe
Task: {3EE62B6E-BC92-4833-8480-2D9166AD6023} - System32\Tasks\{6AF28C70-A5F5-4E2F-8776-A1F02E199B3A} => C:\Program Files (x86)\DATA BECKER\America\America.exe [2001-01-09] (Related Designs Software GmbH)
Task: {3F2EC12C-BB24-4328-9E03-212A0E98C8AE} - System32\Tasks\{6E25A4CC-0165-4D47-BC2D-737AE62E5A05} => D:\worms_arma\Worms_2_Armageddon\wa.exe
Task: {42C7E264-7A69-4C6F-B0D9-F094D128A31D} - System32\Tasks\{B56D80DE-2BF5-4431-AE7D-EF6AC461BA36} => D:\110\commandos\betasux.exe
Task: {4DCBCB29-8F7E-4FE8-912B-619F7D1E7495} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-05-07] (Oracle Corporation)
Task: {5336786C-D351-4E1C-ACAE-5C5F06940241} - System32\Tasks\{EF4A83C9-FDE2-4C9C-9C82-D763D863A393} => C:\Program Files (x86)\IndustrieGigant 2\enginetest.exe
Task: {5A881D11-A8FE-42C7-9CBF-F78D4299B07C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {5CAEF151-92A5-464D-A104-F71852FA71ED} - System32\Tasks\DLL-files.com Fixer => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {74242883-8C19-43FA-B548-45D65795D860} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {76894412-422E-4900-8D40-6790C3A00453} - System32\Tasks\{9D45BAF4-090B-416A-BEAE-58E186B7AF81} => D:\worms_arma\Worms_2_Armageddon\wa.exe
Task: {843A3CBD-CCA1-48A4-AF9E-5C95C2F9B1A8} - System32\Tasks\{075F83F5-4508-48FB-BFF2-0320604E19C4} => C:\Program Files (x86)\IndustrieGigant 2\ig2.exe
Task: {929B4B8F-495B-4B84-A456-AD69AC087F33} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A2304F2E-408C-4F08-B751-AF3D3391A72F} - System32\Tasks\{574609B5-BCD2-44A3-B1D5-4E616F5A71AC} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {A562E7FB-0709-4640-BC44-D8CFB206FDBE} - System32\Tasks\{573FC5F3-DC3E-4A8B-AA99-DF270D6A24BB} => G:\SETUP.EXE [2005-04-06] (Macrovision Corporation)
Task: {AD384E94-3136-447C-83BD-1D8499955373} - System32\Tasks\{603E6881-FB7D-42DA-9702-17AC9D70506C} => pcalua.exe -a "C:\Program Files (x86)\avmwlanstick\instwcli.exe" -d "C:\Program Files (x86)\avmwlanstick"
Task: {AD7CD137-8732-4AA2-BD86-96B62FCBD724} - System32\Tasks\{561CF15B-5378-4012-A919-D2D8C080120C} => pcalua.exe -a "C:\Program Files (x86)\EA GAMES\Die Sims 2 Nightlife\eauninstall.exe" -d "C:\Program Files (x86)\EA GAMES\Die Sims 2 Nightlife"
Task: {B0F4B8B8-3F9B-47E1-9473-ECE741C7827C} - System32\Tasks\{7D743872-4514-4F70-8963-CD993D7B3DA9} => C:\Emergency\emergy.exe [1998-04-28] ()
Task: {B3DBC25B-6B8A-48DC-932E-F0BC48AA544C} - System32\Tasks\{39C61096-0393-49FE-9103-79A8C49767C3} => D:\worms_arma\Worms_2_Armageddon\wa.exe
Task: {B80AB8E9-E2F9-4398-8999-9E034F9B1FAC} - System32\Tasks\{4CBDF0BE-AB76-4389-9BAE-03E1C5DA06AB} => D:\Niko\LucasArts\Monkey2Launcher.exe [2010-07-29] ()
Task: {BB150135-744B-435F-A4AE-20E7CF156FEF} - System32\Tasks\{8B0B2FA5-AECC-4577-BBE1-F36F579EC056} => D:\Pizza Syndicate\Autorun.exe
Task: {CD9599FB-F604-4398-97A6-61B6CF25C24C} - System32\Tasks\{CE267232-BC30-4FDC-886D-92AB01325001} => C:\Team17\Worms World Party\wwp.exe
Task: {D76172FF-1B90-4522-A342-21585159C3BD} - System32\Tasks\{4B5AA4C3-6DB9-4CC9-8377-6D0F7AA73424} => D:\Emergency\emergy.exe
Task: {D9757778-8515-40E2-B097-7560A21885A3} - System32\Tasks\{94D78FD0-AA40-47FB-AF1F-DBE3E932BA82} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.73.129.457/de/abandoninstall?page=tsWLM
Task: {DADA45EF-CA2A-4370-9830-DEDBDDAE3B82} - System32\Tasks\{FF640566-487F-493B-976D-AF61DDA0251F} => D:\Emergency\emergy.exe
Task: {DB8B467B-773D-4B13-8609-3809862037B2} - System32\Tasks\{5ACEA32C-AE59-480F-ABC6-FBDB0BCA4D14} => D:\Emergency\emergy.exe
Task: {E7682E85-D68B-4663-AED0-377E2A47AF1D} - System32\Tasks\{5F59D4BF-403D-4ED4-B93C-ACED9C48D0BD} => C:\Program Files (x86)\DATA BECKER\America\America.exe [2001-01-09] (Related Designs Software GmbH)
Task: {E8D66105-45EB-4BF7-ADC3-35807FEB2CB6} - System32\Tasks\{2BB5F165-2886-4B5B-A2F5-18D71DBF59E5} => pcalua.exe -a G:\setup.exe -d G:\
Task: {EED55FB9-B7AE-4B1C-9B93-2D0D99F61F4E} - System32\Tasks\{191935BD-D718-4812-86E7-D3C695199D12} => D:\Siedler\BLUEBYTE\SIEDLER2\SIEDLER2.EXE [2010-10-18] ()
Task: {F7EBD3BC-9E4B-41A0-9FE6-21A0E7A55BA1} - System32\Tasks\{3B40AD84-DD3D-4E71-9400-424EEECF6903} => D:\Niko\LucasArts\Monkey Island 2 LeChucks Revenge Special Edition\Monkey2.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2010-10-12 21:38 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2011-01-08 17:23 - 2011-01-08 17:23 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-07-14 02:17 - 2009-07-14 02:41 - 01708032 _____ () C:\Windows\system32\hpotiop1.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-06-12 17:11 - 2014-06-04 20:05 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2014-06-04 20:06 - 2015-02-04 16:24 - 02445816 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.234\deploy\LoLLauncher.exe
2015-02-04 16:24 - 2015-02-04 16:24 - 04234232 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\LoLPatcher.exe
2014-06-04 20:19 - 2014-06-04 20:19 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.127\deploy\LolClient.exe
2013-10-10 22:48 - 2013-10-10 22:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\kpcengine.2.3.dll
2014-10-14 18:28 - 2010-05-29 13:57 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\hiddriver.dll
2015-01-26 20:43 - 2015-01-26 20:43 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-30 17:12 - 2014-12-06 12:47 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-08-30 17:12 - 2014-12-06 12:47 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-08-30 17:12 - 2014-12-06 12:47 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2015-02-06 19:51 - 2015-02-06 19:51 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "E:\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-1216835461-190305365-3235199106-500 - Administrator - Disabled)
Gast (S-1-5-21-1216835461-190305365-3235199106-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1216835461-190305365-3235199106-1002 - Limited - Enabled)
Niko (S-1-5-21-1216835461-190305365-3235199106-1000 - Administrator - Enabled) => C:\Users\Niko
==================== Faulty Device Manager Devices =============
Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/05/2015 10:26:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 492: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
Error: (02/05/2015 10:26:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/03/2015 06:50:27 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (02/03/2015 06:50:01 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (02/03/2015 06:49:28 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (02/02/2015 09:19:21 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (02/02/2015 09:18:53 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (02/02/2015 09:18:21 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (02/01/2015 05:18:47 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (02/01/2015 05:18:36 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (02/09/2015 05:14:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126
Error: (02/09/2015 05:12:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (02/09/2015 05:12:30 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (02/09/2015 05:11:58 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (02/09/2015 05:11:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" wurde nicht richtig gestartet.
Error: (02/09/2015 05:11:16 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (02/09/2015 05:10:34 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (02/08/2015 11:41:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126
Error: (02/08/2015 11:40:22 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (02/08/2015 11:39:40 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (02/05/2015 10:26:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 492: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
Error: (02/05/2015 10:26:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (02/03/2015 06:50:27 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (02/03/2015 06:50:01 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dllC:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll19
Error: (02/03/2015 06:49:28 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exeC:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe19
Error: (02/02/2015 09:19:21 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (02/02/2015 09:18:53 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dllC:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll19
Error: (02/02/2015 09:18:21 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exeC:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe19
Error: (02/01/2015 05:18:47 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (02/01/2015 05:18:36 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dllC:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll19
CodeIntegrity Errors:
===================================
Date: 2015-02-03 18:50:36.956
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-03 18:50:36.941
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-03 18:50:36.941
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-03 18:50:36.941
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-03 18:50:36.941
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-03 18:50:36.941
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-02 21:19:32.242
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-02 21:19:32.242
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-02 21:19:32.242
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-02 21:19:32.227
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X6 1055T Processor
Percentage of memory in use: 34%
Total physical RAM: 8191.18 MB
Available physical RAM: 5328.75 MB
Total Pagefile: 16380.54 MB
Available Pagefile: 13290.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:152.34 GB) (Free:23.61 GB) NTFS
Drive d: () (Fixed) (Total:380.86 GB) (Free:159.78 GB) NTFS
Drive e: () (Fixed) (Total:398.21 GB) (Free:80.33 GB) NTFS
Drive g: (FEAR) (CDROM) (Total:4.16 GB) (Free:0 GB) CDFS
Drive h: (USB DISK) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BAFBAE4D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=152.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=380.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=398.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0C)
==================== End Of Log ============================
 |
|
09.02.2015, 21:54
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ Hi und
__________________ Bitte einen Lauf mit MBAR machen: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
09.02.2015, 22:49
| #3 |
| | Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ Mbar nichts gefunden, hier der Report:
__________________Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
Database version:
main: v2015.02.09.10
rootkit: v2015.02.03.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Niko :: QUESTMASTER3000 [administrator]
09.02.2015 22:28:19
mbar-log-2015-02-09 (22-28-19).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 367075
Time elapsed: 12 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-09 22:04:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Niko\AppData\Local\Temp\fwldiaoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072ec1a22 2 bytes [EC, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072ec1ad0 2 bytes [EC, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072ec1b08 2 bytes [EC, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072ec1bba 2 bytes [EC, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072ec1bda 2 bytes [EC, 72]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077671398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007767143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077671594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007767191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077671bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077671d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077671edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077671fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776727d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007767282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077672898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077672d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077672d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007767323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077673a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077673ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077673b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077674190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077674241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077674434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077674a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077674b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077674c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077674d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077674ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077674ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007767668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007767687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007767692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077677166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077677dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077677e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000776c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000776c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000751213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007512146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000751216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000751219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000751219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075121a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077671398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007767143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077671594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007767191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077671bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077671d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077671edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077671fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776727d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007767282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077672898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077672d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077672d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007767323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077673a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077673ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077673b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077674190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077674241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077674434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077674a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077674b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077674c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077674d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077674ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077674ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007767668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007767687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007767692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077677166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077677dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077677e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000776c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000776c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000751213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007512146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000751216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000751219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000751219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075121a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077671398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007767143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077671594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007767191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077671bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077671d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077671edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077671fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776727d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007767282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077672898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077672d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077672d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007767323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077673a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077673ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077673b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077674190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077674241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077674434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077674a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077674b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077674c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077674d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077674ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077674ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007767668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007767687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007767692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077677166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077677dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077677e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000776c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000776c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000751213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007512146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000751216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000751219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000751219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075121a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077671398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007767143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077671594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007767191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077671bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077671d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077671edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077671fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776727d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007767282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077672898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077672d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077672d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007767323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077673a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077673ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077673b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077674190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077674241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077674434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077674a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077674b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077674c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077674d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077674ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077674ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007767668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007767687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007767692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077677166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077677dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077677e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000776c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000776c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000751213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007512146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000751216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000751219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000751219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075121a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077671398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007767143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077671594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007767191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077671bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077671d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077671edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077671fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776727d2 8 bytes {JMP 0x10}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007767282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077672898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077672d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077672d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007767323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077673a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077673ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077673b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077674190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077674241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077674434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077674a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077674b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077674c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077674d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077674ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077674ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007767668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007767687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007767692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077677166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077677dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077677e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000776c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000776c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000751213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007512146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000751216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000751219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000751219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000075121a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=26F42A7 TREIBER\Windows XP\Intel\xae Matrix Storage Manager\Setup.exe 1
---- EOF - GMER 2.1 ----
|
|
09.02.2015, 22:51
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.02.2015, 23:51
| #5 |
| | Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ AdwCleaner: Code:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 09/02/2015 um 23:11:25
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-09.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Niko - QUESTMASTER3000
# Gestarted von : C:\Users\Niko\Downloads\AdwCleaner_4.110.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\RHelpers
Ordner Gelöscht : C:\ProgramData\Updater
Ordner Gelöscht : C:\ProgramData\Websteroids
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Users\Niko\AppData\Roaming\Gutscheinmieze
Ordner Gelöscht : C:\Users\Niko\AppData\Roaming\pdfforge
[!] Ordner Gelöscht : C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Ordner Gelöscht : C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Datei Gelöscht : C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.xpi
Datei Gelöscht : C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\user.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\dll-files.com
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\dll-files.com
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\B696D3C37BD0D6C33A65D38BEC459181
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\B696D3C37BD0D6C33A65D38BEC459181
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B696D3C37BD0D6C33A65D38BEC459181
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - fritz;*.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17496
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v35.0.1 (x86 de)
-\\ Google Chrome v
[C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp
*************************
AdwCleaner[R0].txt - [10476 Bytes] - [17/12/2013 20:30:00]
AdwCleaner[R1].txt - [4174 Bytes] - [09/02/2015 23:08:53]
AdwCleaner[S0].txt - [9865 Bytes] - [17/12/2013 20:31:27]
AdwCleaner[S1].txt - [3669 Bytes] - [09/02/2015 23:11:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3728 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Niko on 09.02.2015 at 23:21:22,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.02.2015 at 23:24:13,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Niko (administrator) on QUESTMASTER3000 on 09-02-2015 23:51:53
Running from C:\Users\Niko\Desktop
Loaded Profiles: Niko (Available profiles: Niko)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech Inc.) C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Roccat GmbH) C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [1783296 2006-07-23] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RoccatKova+] => C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Run: [] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {1f2ae42a-6c2a-11e1-b0a8-6c626d05b0fe} - H:\Startme.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {379e72df-efc9-11df-8b4a-bc0543012beb} - G:\autorun.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {5a9cca7b-9dd3-11e0-84c8-6c626d05b0fe} - G:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {5cad3377-32e1-11e0-b4ea-bc0543012beb} - G:\Setup.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {6aab9b84-3ad2-11e1-9c2a-6c626d05b0fe} - J:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {73f1126d-ebea-11e3-8e72-6c626d05b0fe} - G:\AutoRun.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {a4e48009-2754-11e1-acab-6c626d05b0fe} - G:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {b0ffa8fa-dcf2-11e3-bcfc-6c626d05b0fe} - I:\LaunchU3.exe -a
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {d76988f4-d636-11df-8edb-6c626d05b0fe} - H:\pushinst.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {f77b1307-55ad-11e3-b52c-6c626d05b0fe} - G:\AUTORUN.EXE
Startup: C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll (Kaspersky Lab ZAO)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKU\S-1-5-21-1216835461-190305365-3235199106-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B1BCECC2-475A-46EA-AF15-1D84FEA5E409}: [NameServer] 8.8.8.8,8.8.4.4
FireFox:
========
FF ProfilePath: C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default
FF DefaultSearchUrl:
FF SearchEngineOrder.1: foxsearch
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1216835461-190305365-3235199106-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-1216835461-190305365-3235199106-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\searchplugins\englische-ergebnisse.xml
FF Extension: Procon Latte Content Filter - C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\Extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi [2014-05-31]
FF Extension: Adblock Plus - C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-23]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Thunderbird\Extensions: [te_9.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012-03-12]
FF HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.149\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.149\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.149\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Shockwave for Director) - C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll (Macromedia, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Gutscheinmieze-Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Niko\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-01-03]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-01-03]
CHR Extension: (Content Blocker) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-01-03]
CHR Extension: (Virtual Keyboard) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-01-03]
CHR Extension: (Google Wallet) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Anti-Banner) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-01-03]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2011-01-08] ()
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-04] (Disc Soft Ltd)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-06] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2014-12-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-06] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2013-04-24] (Windows (R) Win 7 DDK provider)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 VMC31D; C:\Windows\System32\Drivers\VMC31D.sys [179968 2008-04-09] (Vimicro Corporation) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 AODDriver; \??\C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-09 23:46 - 2015-02-09 23:46 - 00016281 _____ () C:\Users\Niko\Desktop\Addition.txt
2015-02-09 23:24 - 2015-02-09 23:24 - 00000624 _____ () C:\Users\Niko\Desktop\JRT.txt
2015-02-09 23:16 - 2015-02-09 23:16 - 01388274 _____ (Thisisu) C:\Users\Niko\Desktop\JRT.exe
2015-02-09 23:15 - 2015-02-09 23:15 - 00003824 _____ () C:\Users\Niko\Desktop\AdwCleaner[S1].txt
2015-02-09 23:08 - 2015-02-09 23:08 - 02112512 _____ () C:\Users\Niko\Desktop\AdwCleaner_4.110.exe
2015-02-09 23:02 - 2015-02-09 23:02 - 00500744 _____ () C:\Windows\Minidump\020915-20404-01.dmp
2015-02-09 22:28 - 2015-02-09 22:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-09 22:28 - 2015-02-09 22:28 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 22:24 - 2015-02-09 22:44 - 00000000 ____D () C:\Users\Niko\Desktop\mbar
2015-02-09 22:24 - 2015-02-09 22:24 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-09 22:07 - 2015-02-09 22:11 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Niko\Downloads\mbar-1.08.3.1004.exe
2015-02-09 22:04 - 2015-02-09 22:04 - 00077273 _____ () C:\Users\Niko\Desktop\GEMR.log
2015-02-09 20:47 - 2015-02-09 23:47 - 00000336 _____ () C:\Windows\setupact.log
2015-02-09 20:47 - 2015-02-09 23:02 - 844008652 _____ () C:\Windows\MEMORY.DMP
2015-02-09 20:47 - 2015-02-09 20:47 - 00320264 _____ () C:\Windows\Minidump\020915-20202-01.dmp
2015-02-09 20:47 - 2015-02-09 20:47 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-09 20:42 - 2015-02-09 20:42 - 00380416 _____ () C:\Users\Niko\Downloads\Gmer-19357.exe
2015-02-09 20:11 - 2015-02-09 23:52 - 00026140 _____ () C:\Users\Niko\Desktop\FRST.txt
2015-02-09 20:10 - 2015-02-09 20:11 - 00049688 _____ () C:\Users\Niko\Downloads\Addition.txt
2015-02-09 20:09 - 2015-02-09 20:11 - 00035643 _____ () C:\Users\Niko\Downloads\FRST.txt
2015-02-09 20:09 - 2015-02-09 20:09 - 02132992 _____ (Farbar) C:\Users\Niko\Desktop\FRST64.exe
2015-02-09 20:08 - 2015-02-09 20:08 - 00050477 _____ () C:\Users\Niko\Downloads\Defogger.exe
2015-02-09 20:08 - 2015-02-09 20:08 - 00000540 _____ () C:\Users\Niko\Downloads\defogger_disable.log
2015-01-26 20:43 - 2015-01-26 20:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 12:25 - 2015-01-25 12:25 - 00094720 _____ () C:\Users\Niko\Downloads\Controlling_Loesungen(1).xls
2015-01-14 21:04 - 2015-01-14 21:04 - 05516918 _____ () C:\Users\Niko\Downloads\1
2015-01-14 17:49 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 17:49 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 17:49 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 17:49 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 17:49 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 17:49 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 17:49 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 17:49 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 17:49 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 17:49 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 17:49 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 17:49 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 17:49 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 20:19 - 2015-01-11 20:39 - 00000000 ____D () C:\Program Files (x86)\Altitude
2015-01-11 20:19 - 2015-01-11 20:19 - 00001897 _____ () C:\Users\Public\Desktop\Altitude.lnk
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altitude
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-09 23:52 - 2010-10-12 20:00 - 01886863 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 23:51 - 2013-12-11 13:53 - 00000000 ____D () C:\FRST
2015-02-09 23:51 - 2012-04-01 18:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 23:47 - 2013-12-04 11:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-09 23:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 23:45 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 23:45 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 23:36 - 2013-12-17 20:29 - 00000000 ____D () C:\AdwCleaner
2015-02-09 23:17 - 2010-10-12 20:42 - 00000000 ____D () C:\Users\Niko\AppData\Local\CrashDumps
2015-02-09 23:13 - 2012-05-23 17:39 - 00852288 _____ () C:\Windows\PFRO.log
2015-02-09 23:11 - 2010-10-20 20:57 - 00000000 ____D () C:\ProgramData\ICQ
2015-02-09 23:02 - 2010-12-13 15:44 - 00000000 ____D () C:\Windows\Minidump
2015-02-09 20:39 - 2010-10-13 19:31 - 00000000 ____D () C:\Users\Niko\AppData\Roaming\Skype
2015-02-09 20:08 - 2013-12-11 13:45 - 00000296 _____ () C:\Users\Niko\defogger_reenable
2015-02-09 17:14 - 2012-04-15 19:12 - 00000000 ____D () C:\Users\Niko\Desktop\FK 10
2015-02-09 17:10 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-06 19:51 - 2012-04-01 18:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 19:51 - 2012-04-01 18:41 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 19:51 - 2011-06-01 09:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 21:46 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-01-29 21:46 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-01-29 21:46 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 16:43 - 2012-05-04 11:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 20:53 - 2013-10-17 22:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 19:55 - 2014-08-11 15:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-26 19:55 - 2012-04-10 01:34 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-14 21:38 - 2013-08-15 10:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:29 - 2010-10-13 22:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2011-12-08 21:44 - 2011-12-08 21:53 - 0000651 _____ () C:\Users\Niko\AppData\Roaming\MPQEditor.ini
2012-08-09 14:35 - 2012-08-09 14:36 - 0097497 _____ () C:\Users\Niko\AppData\Roaming\Scribe.dmp
2011-08-29 13:01 - 2013-06-16 10:11 - 0023094 _____ () C:\Users\Niko\AppData\Roaming\wklnhst.dat
2014-04-08 20:28 - 2014-04-08 20:28 - 0001456 _____ () C:\Users\Niko\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2011-10-31 22:06 - 2011-10-31 22:06 - 0007604 _____ () C:\Users\Niko\AppData\Local\Resmon.ResmonCfg
2011-06-15 21:29 - 2011-06-19 16:38 - 0001940 _____ () C:\Users\Niko\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2010-10-13 19:32 - 2010-10-13 19:32 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-10-13 20:33 - 2014-10-18 21:22 - 0049225 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Niko\AppData\Local\Temp\detectionapi_rd.dll
C:\Users\Niko\AppData\Local\Temp\detectionui_r.exe
C:\Users\Niko\AppData\Local\Temp\directx10tests_rd.dll
C:\Users\Niko\AppData\Local\Temp\directx11tests_rd.dll
C:\Users\Niko\AppData\Local\Temp\directx9tests_rd.dll
C:\Users\Niko\AppData\Local\Temp\local.dll
C:\Users\Niko\AppData\Local\Temp\Quarantine.exe
C:\Users\Niko\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Niko\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-03 18:49
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Niko at 2015-02-09 23:52:58
Running from C:\Users\Niko\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Total Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Total Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Altitude 1.1 (HKLM-x32\...\4578-0181-0549-1546) (Version: 1.1 - Nimbly Games)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
America (HKLM-x32\...\America) (Version: - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
applicationupdater (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\SOE-C:/Users/Niko/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version: - Sony Online Entertainment)
Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C6300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Canon Utilities Digital Photo Professional 3.11 (HKLM-x32\...\Digital Photo Professional) (Version: 3.11.30.3 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.11.3.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.2.1.13 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.10.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.13 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Citrix Online Plug-in - Web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
EndNote X4 (HKLM-x32\...\{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}) (Version: 14.0.0.4845 - Thomson Reuters)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Free 3GP Video Converter version 5.0.21.1212 (HKLM-x32\...\Free 3GP Video Converter_is1) (Version: 5.0.21.1212 - DVDVideoSoft Ltd.)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Converter version 5.0.23.320 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.1.42.1212 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.42.1212 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IBM SPSS Statistics 19 (HKLM\...\{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}) (Version: 19.0.0 - SPSS Inc., an IBM Company)
IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
IndustrieGigant 2 (HKLM-x32\...\{8FA7E81D-6D99-4788-8BE4-D898B346AB2E}) (Version: 1.1.0.0 - JoWooD Productions Software AG)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader (HKLM-x32\...\JDownloader) (Version: - AppWork UG (haftungsbeschränkt))
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LEGO® Harry Potter™ - Die Jahre 1-4 (HKLM-x32\...\LEGO_HarryPotter_Years1-4_is1) (Version: 1.0 - WB Games)
Logitech G11 Keyboard Software 1.03 (HKLM\...\{59427B1F-852F-4AF1-8215-E5B12F966D89}) (Version: 1.3.166.0 - Logitech)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mendeley Desktop 1.3.1 (HKLM-x32\...\Mendeley Desktop) (Version: 1.3.1 - Mendeley Ltd.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{B26E3B0D-C2FA-4370-B068-7C476766F029}) (Version: 08.04.0702 - Microsoft Corporation)
Microsoft Works Suite-Add-Ins für Microsoft Word (HKLM-x32\...\{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}) (Version: 8.0.0.0000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mindjet (HKLM-x32\...\{6D1AFA44-6E87-41F5-B7D4-4C457A98A3A3}) (Version: 11.1.353 - Mindjet)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{4AA68A73-DB9C-439D-9481-981C82BD008B}) (Version: 7.1.69.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.3.86.0 - Nokia)
Nokia Suite (x32 Version: 3.3.86.0 - Nokia) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.36 - Symantec)
Notation Composer 2.6.3 Trial (HKLM-x32\...\{9C20F41F-CD00-4EA9-BCC9-5D0855EF30C2}) (Version: 2.6.3 - Notation Software) <==== ATTENTION
Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version: - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
partypoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
PC Connectivity Solution (HKLM-x32\...\{A2AA4204-C05A-4013-888A-AD153139297F}) (Version: 11.5.29.0 - Nokia)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PlanetSide 2 (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\SOE-PlanetSide 2 PSG) (Version: - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
Populous: The Beginning (HKLM-x32\...\Populous: The Beginning) (Version: 1.03 - Bullfrog)
PS_AIO_04_C6300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - )
ROCCAT Kova[+] Mouse Driver (HKLM-x32\...\{A86DDFE3-F661-461C-9BF2-876AC2CA57DE}) (Version: 1.10 - Roccat GmbH)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScummVM Git (HKLM-x32\...\ScummVM_is1) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Setup-Start von Microsoft Works 2005 (HKLM-x32\...\Works2005Setup) (Version: - )
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
Silent Hunter 5 (HKLM-x32\...\{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}) (Version: 1.2.0 - Ubisoft)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Söldner Secret Wars - Community Edition Version 33960 (HKLM-x32\...\{F3AF62F5-665E-4B3E-8899-5C46D1793391}_is1) (Version: 33960 - soldnersecretwars.de)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.12.12.41 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.108 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.108 - Sony)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
STARWARS: The Battle of Endor version 2.1 (HKLM-x32\...\STARWARS: The Battle of Endor v2.1_is1) (Version: - Bruno R. Marcos)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stranded II 1.0.0.1 (HKLM-x32\...\{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1) (Version: - Unreal Software)
Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal (HKLM-x32\...\Steam App 31170) (Version: - Telltale Games)
Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay (HKLM-x32\...\Steam App 31180) (Version: - Telltale Games)
Tales of Monkey Island: Chapter 3 - Lair of the Leviathan (HKLM-x32\...\Steam App 31190) (Version: - Telltale Games)
Tales of Monkey Island: Chapter 4 - The Trial and Execution of Guybrush Threepwood (HKLM-x32\...\Steam App 31200) (Version: - Telltale Games)
Tales of Monkey Island: Chapter 5 - Rise of the Pirate God (HKLM-x32\...\Steam App 31210) (Version: - Telltale Games)
TeamSpeak 3 Client (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
TomTom HOME 2.8.2.2264 (HKLM-x32\...\TomTom HOME) (Version: 2.8.2.2264 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.49 - Creative Island Media, LLC) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 1.1.8 (HKLM-x32\...\VLC media player) (Version: 1.1.8 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Works Update (x32 Version: 8.0.0.0000 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.2.0.16826 - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{5be52a22-f148-4495-bf42-53cd0367c056}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-05-24 15:24 - 00000836 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {07F14CBB-44D8-4976-8119-8C69192C48BE} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0897BBC7-D121-4F07-9838-F12C6DA30141} - System32\Tasks\{B24CB037-AB4D-4C95-B81B-9C8AF6B600E5} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {1DEADAE6-FC5C-4ACE-9D0A-A8C54D135654} - System32\Tasks\{BCCDA5D3-2212-4AB4-921C-831790D4D59D} => D:\Niko\LucasArts\Monkey Island 2 LeChucks Revenge Special Edition\Monkey2.exe
Task: {263007BF-6B17-4D8F-9A49-C962FE28CE4F} - System32\Tasks\{BE69D37A-D45C-41C5-97D7-ABBBE8F4B4E0} => F:\AUTORUN.EXE
Task: {283F984A-AB35-4FC3-A64F-0D98C52EAC6E} - System32\Tasks\{D83F7E2F-F944-4344-A2C0-7E43A04F4192} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -c -runfromtemp -l0x0007 -removeonly
Task: {2EB67EBE-7D0C-41A7-9EBA-71964B81DDC3} - System32\Tasks\{4D2E3DDC-0A55-4CDF-8193-B49A86F1F31E} => D:\Siedler\BLUEBYTE\SIEDLER2\SIEDLER2.EXE [2010-10-18] ()
Task: {2F2FD535-9B25-4027-8EBD-0B5D41894E69} - System32\Tasks\{42A8F30A-90D7-4932-A9A4-B8209AE63396} => D:\Siedler\BLUEBYTE\SIEDLER2\SIEDLER2.EXE [2010-10-18] ()
Task: {31250475-1FD8-4276-BF00-173EF208248E} - System32\Tasks\{E01AF9FC-3534-45FD-BB90-68DCF6FEBE07} => C:\Team17\Worms World Party\wwp.exe
Task: {3EE62B6E-BC92-4833-8480-2D9166AD6023} - System32\Tasks\{6AF28C70-A5F5-4E2F-8776-A1F02E199B3A} => C:\Program Files (x86)\DATA BECKER\America\America.exe [2001-01-09] (Related Designs Software GmbH)
Task: {3F2EC12C-BB24-4328-9E03-212A0E98C8AE} - System32\Tasks\{6E25A4CC-0165-4D47-BC2D-737AE62E5A05} => D:\worms_arma\Worms_2_Armageddon\wa.exe
Task: {42C7E264-7A69-4C6F-B0D9-F094D128A31D} - System32\Tasks\{B56D80DE-2BF5-4431-AE7D-EF6AC461BA36} => D:\110\commandos\betasux.exe
Task: {4DCBCB29-8F7E-4FE8-912B-619F7D1E7495} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-05-07] (Oracle Corporation)
Task: {5336786C-D351-4E1C-ACAE-5C5F06940241} - System32\Tasks\{EF4A83C9-FDE2-4C9C-9C82-D763D863A393} => C:\Program Files (x86)\IndustrieGigant 2\enginetest.exe
Task: {5A881D11-A8FE-42C7-9CBF-F78D4299B07C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {5CAEF151-92A5-464D-A104-F71852FA71ED} - System32\Tasks\DLL-files.com Fixer => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {74242883-8C19-43FA-B548-45D65795D860} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {76894412-422E-4900-8D40-6790C3A00453} - System32\Tasks\{9D45BAF4-090B-416A-BEAE-58E186B7AF81} => D:\worms_arma\Worms_2_Armageddon\wa.exe
Task: {843A3CBD-CCA1-48A4-AF9E-5C95C2F9B1A8} - System32\Tasks\{075F83F5-4508-48FB-BFF2-0320604E19C4} => C:\Program Files (x86)\IndustrieGigant 2\ig2.exe
Task: {929B4B8F-495B-4B84-A456-AD69AC087F33} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A2304F2E-408C-4F08-B751-AF3D3391A72F} - System32\Tasks\{574609B5-BCD2-44A3-B1D5-4E616F5A71AC} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {A562E7FB-0709-4640-BC44-D8CFB206FDBE} - System32\Tasks\{573FC5F3-DC3E-4A8B-AA99-DF270D6A24BB} => G:\SETUP.EXE
Task: {AD384E94-3136-447C-83BD-1D8499955373} - System32\Tasks\{603E6881-FB7D-42DA-9702-17AC9D70506C} => pcalua.exe -a "C:\Program Files (x86)\avmwlanstick\instwcli.exe" -d "C:\Program Files (x86)\avmwlanstick"
Task: {AD7CD137-8732-4AA2-BD86-96B62FCBD724} - System32\Tasks\{561CF15B-5378-4012-A919-D2D8C080120C} => pcalua.exe -a "C:\Program Files (x86)\EA GAMES\Die Sims 2 Nightlife\eauninstall.exe" -d "C:\Program Files (x86)\EA GAMES\Die Sims 2 Nightlife"
Task: {B0F4B8B8-3F9B-47E1-9473-ECE741C7827C} - System32\Tasks\{7D743872-4514-4F70-8963-CD993D7B3DA9} => C:\Emergency\emergy.exe [1998-04-28] ()
Task: {B3DBC25B-6B8A-48DC-932E-F0BC48AA544C} - System32\Tasks\{39C61096-0393-49FE-9103-79A8C49767C3} => D:\worms_arma\Worms_2_Armageddon\wa.exe
Task: {B80AB8E9-E2F9-4398-8999-9E034F9B1FAC} - System32\Tasks\{4CBDF0BE-AB76-4389-9BAE-03E1C5DA06AB} => D:\Niko\LucasArts\Monkey2Launcher.exe [2010-07-29] ()
Task: {BB150135-744B-435F-A4AE-20E7CF156FEF} - System32\Tasks\{8B0B2FA5-AECC-4577-BBE1-F36F579EC056} => D:\Pizza Syndicate\Autorun.exe
Task: {CD9599FB-F604-4398-97A6-61B6CF25C24C} - System32\Tasks\{CE267232-BC30-4FDC-886D-92AB01325001} => C:\Team17\Worms World Party\wwp.exe
Task: {D76172FF-1B90-4522-A342-21585159C3BD} - System32\Tasks\{4B5AA4C3-6DB9-4CC9-8377-6D0F7AA73424} => D:\Emergency\emergy.exe
Task: {D9757778-8515-40E2-B097-7560A21885A3} - System32\Tasks\{94D78FD0-AA40-47FB-AF1F-DBE3E932BA82} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.73.129.457/de/abandoninstall?page=tsWLM
Task: {DADA45EF-CA2A-4370-9830-DEDBDDAE3B82} - System32\Tasks\{FF640566-487F-493B-976D-AF61DDA0251F} => D:\Emergency\emergy.exe
Task: {DB8B467B-773D-4B13-8609-3809862037B2} - System32\Tasks\{5ACEA32C-AE59-480F-ABC6-FBDB0BCA4D14} => D:\Emergency\emergy.exe
Task: {E7682E85-D68B-4663-AED0-377E2A47AF1D} - System32\Tasks\{5F59D4BF-403D-4ED4-B93C-ACED9C48D0BD} => C:\Program Files (x86)\DATA BECKER\America\America.exe [2001-01-09] (Related Designs Software GmbH)
Task: {E8D66105-45EB-4BF7-ADC3-35807FEB2CB6} - System32\Tasks\{2BB5F165-2886-4B5B-A2F5-18D71DBF59E5} => pcalua.exe -a G:\setup.exe -d G:\
Task: {EED55FB9-B7AE-4B1C-9B93-2D0D99F61F4E} - System32\Tasks\{191935BD-D718-4812-86E7-D3C695199D12} => D:\Siedler\BLUEBYTE\SIEDLER2\SIEDLER2.EXE [2010-10-18] ()
Task: {F7EBD3BC-9E4B-41A0-9FE6-21A0E7A55BA1} - System32\Tasks\{3B40AD84-DD3D-4E71-9400-424EEECF6903} => D:\Niko\LucasArts\Monkey Island 2 LeChucks Revenge Special Edition\Monkey2.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2010-10-12 21:38 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2011-01-08 17:23 - 2011-01-08 17:23 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-07-14 02:17 - 2009-07-14 02:41 - 01708032 _____ () C:\Windows\system32\hpotiop1.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-10-10 22:48 - 2013-10-10 22:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-14 18:28 - 2010-05-29 13:57 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\hiddriver.dll
2015-01-26 20:43 - 2015-01-26 20:43 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-30 17:12 - 2014-12-06 12:47 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-08-30 17:12 - 2014-12-06 12:47 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-08-30 17:12 - 2014-12-06 12:47 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "E:\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-1216835461-190305365-3235199106-500 - Administrator - Disabled)
Gast (S-1-5-21-1216835461-190305365-3235199106-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1216835461-190305365-3235199106-1002 - Limited - Enabled)
Niko (S-1-5-21-1216835461-190305365-3235199106-1000 - Administrator - Enabled) => C:\Users\Niko
==================== Faulty Device Manager Devices =============
Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (02/09/2015 11:51:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126
Error: (02/09/2015 11:49:56 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (02/09/2015 11:49:26 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (02/09/2015 11:49:14 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (02/09/2015 11:49:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" wurde nicht richtig gestartet.
Error: (02/09/2015 11:48:32 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (02/09/2015 11:47:50 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (02/09/2015 11:39:03 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (02/09/2015 11:38:21 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (02/09/2015 11:38:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" wurde nicht richtig gestartet.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-02-09 22:01:44.731
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-09 22:01:44.731
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-09 22:01:44.731
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-09 22:01:44.715
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-09 22:01:44.715
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-09 22:01:44.715
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-03 18:50:36.956
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-03 18:50:36.941
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-03 18:50:36.941
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-03 18:50:36.941
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X6 1055T Processor
Percentage of memory in use: 20%
Total physical RAM: 8191.18 MB
Available physical RAM: 6493.29 MB
Total Pagefile: 16380.54 MB
Available Pagefile: 14429.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:152.34 GB) (Free:31.39 GB) NTFS
Drive d: () (Fixed) (Total:380.86 GB) (Free:159.78 GB) NTFS
Drive e: () (Fixed) (Total:398.21 GB) (Free:80.33 GB) NTFS
Drive h: (USB DISK) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BAFBAE4D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=152.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=380.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=398.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0C)
==================== End Of Log ============================
|
|
09.02.2015, 23:52
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ Da fehlt aber einiges im Addition-Log 
__________________ --> Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ |
|
10.02.2015, 00:03
| #7 |
| | Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ Bist mir zu schnell �� hab das fehlende Addition editiert. Hab nach Neustart vergessen Kaspersky zu deaktivieren. Im oberen Post ist jetzt der richtige log |
|
10.02.2015, 00:15
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Run: [] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {1f2ae42a-6c2a-11e1-b0a8-6c626d05b0fe} - H:\Startme.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {379e72df-efc9-11df-8b4a-bc0543012beb} - G:\autorun.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {5a9cca7b-9dd3-11e0-84c8-6c626d05b0fe} - G:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {5cad3377-32e1-11e0-b4ea-bc0543012beb} - G:\Setup.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {6aab9b84-3ad2-11e1-9c2a-6c626d05b0fe} - J:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {73f1126d-ebea-11e3-8e72-6c626d05b0fe} - G:\AutoRun.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {a4e48009-2754-11e1-acab-6c626d05b0fe} - G:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {b0ffa8fa-dcf2-11e3-bcfc-6c626d05b0fe} - I:\LaunchU3.exe -a
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {d76988f4-d636-11df-8edb-6c626d05b0fe} - H:\pushinst.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {f77b1307-55ad-11e3-b52c-6c626d05b0fe} - G:\AUTORUN.EXE
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKU\S-1-5-21-1216835461-190305365-3235199106-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
FF DefaultSearchUrl:
FF SearchEngineOrder.1: foxsearch
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
EmptyTemp:
Hosts:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.02.2015, 22:34
| #9 |
| | Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ Und hier der Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by Niko at 2015-02-10 22:31:30 Run:1
Running from C:\Users\Niko\Desktop
Loaded Profiles: Niko (Available profiles: Niko)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Run: [] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {1f2ae42a-6c2a-11e1-b0a8-6c626d05b0fe} - H:\Startme.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {379e72df-efc9-11df-8b4a-bc0543012beb} - G:\autorun.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {5a9cca7b-9dd3-11e0-84c8-6c626d05b0fe} - G:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {5cad3377-32e1-11e0-b4ea-bc0543012beb} - G:\Setup.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {6aab9b84-3ad2-11e1-9c2a-6c626d05b0fe} - J:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {73f1126d-ebea-11e3-8e72-6c626d05b0fe} - G:\AutoRun.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {a4e48009-2754-11e1-acab-6c626d05b0fe} - G:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {b0ffa8fa-dcf2-11e3-bcfc-6c626d05b0fe} - I:\LaunchU3.exe -a
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {d76988f4-d636-11df-8edb-6c626d05b0fe} - H:\pushinst.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {f77b1307-55ad-11e3-b52c-6c626d05b0fe} - G:\AUTORUN.EXE
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKU\S-1-5-21-1216835461-190305365-3235199106-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
FF DefaultSearchUrl:
FF SearchEngineOrder.1: foxsearch
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
EmptyTemp:
Hosts:
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => Key deleted successfully.
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f2ae42a-6c2a-11e1-b0a8-6c626d05b0fe}" => Key deleted successfully.
HKCR\CLSID\{1f2ae42a-6c2a-11e1-b0a8-6c626d05b0fe} => Key not found.
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379e72df-efc9-11df-8b4a-bc0543012beb}" => Key deleted successfully.
HKCR\CLSID\{379e72df-efc9-11df-8b4a-bc0543012beb} => Key not found.
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a9cca7b-9dd3-11e0-84c8-6c626d05b0fe}" => Key deleted successfully.
HKCR\CLSID\{5a9cca7b-9dd3-11e0-84c8-6c626d05b0fe} => Key not found.
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cad3377-32e1-11e0-b4ea-bc0543012beb}" => Key deleted successfully.
HKCR\CLSID\{5cad3377-32e1-11e0-b4ea-bc0543012beb} => Key not found.
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6aab9b84-3ad2-11e1-9c2a-6c626d05b0fe}" => Key deleted successfully.
HKCR\CLSID\{6aab9b84-3ad2-11e1-9c2a-6c626d05b0fe} => Key not found.
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73f1126d-ebea-11e3-8e72-6c626d05b0fe}" => Key deleted successfully.
HKCR\CLSID\{73f1126d-ebea-11e3-8e72-6c626d05b0fe} => Key not found.
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e48009-2754-11e1-acab-6c626d05b0fe}" => Key deleted successfully.
HKCR\CLSID\{a4e48009-2754-11e1-acab-6c626d05b0fe} => Key not found.
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0ffa8fa-dcf2-11e3-bcfc-6c626d05b0fe}" => Key deleted successfully.
HKCR\CLSID\{b0ffa8fa-dcf2-11e3-bcfc-6c626d05b0fe} => Key not found.
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d76988f4-d636-11df-8edb-6c626d05b0fe}" => Key deleted successfully.
HKCR\CLSID\{d76988f4-d636-11df-8edb-6c626d05b0fe} => Key not found.
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f77b1307-55ad-11e3-b52c-6c626d05b0fe}" => Key deleted successfully.
HKCR\CLSID\{f77b1307-55ad-11e3-b52c-6c626d05b0fe} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => Key not found.
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => value deleted successfully.
HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => Key not found.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 3.5 GB temporary data.
The system needed a reboot.
==== End of Fixlog 22:31:43 ====
|
|
10.02.2015, 22:44
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.02.2015, 23:05
| #11 |
| | Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ Hey, leider hängt sich der Eset Online Scanner bei 32 % auf. Ich werde es morgen dann nochmal versuchen und berichten. Ich hoffe, dass es dann funktioniert. |
|
11.02.2015, 23:44
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ MBAM hast davor aber gemacht oder?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2015, 22:13
| #13 |
| | Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ So, geschafft! Mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 11.02.2015 Suchlauf-Zeit: 19:34:20 Logdatei: AMBLog.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.11.06 Rootkit Datenbank: v2015.02.03.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Niko Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 360847 Verstrichene Zeit: 11 Min, 3 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 2 PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\37568BAB52209F23, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], Dateien: 8 PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\0.ini, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\20120627090604.log, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\Setup.dat, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\Setup.exe, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\Setup.ico, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\TsuDll.dll, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\_Setup.dll, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\_Setupx.dll, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ed8b7c5952292e4cb3cddf3eb5f0d37c
# engine=22422
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-11 08:19:35
# local_time=2015-02-11 09:19:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Total Security'
# compatibility_mode=1298 16777213 100 100 11985 51257605 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 50063968 175315825 0 0
# scanned=152708
# found=7
# cleaned=0
# scan_time=5040
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=F0C172550AA4ED9255C4D7AFCC650991F29AB7AA ft=1 fh=f4da2b89fff0e940 vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Updater\Uninstall.exe.vir"
sh=7671FBBD26BCEECB772D1A26CC7B1911B7A20E3E ft=1 fh=4fd638d5eab7a926 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=F85ACC6D44ED37D5C487581495CD52F644911B2B ft=1 fh=b11cb89f3457cf6c vn="Win32/Virut.NBP Virus" ac=I fn="C:\Program Files (x86)\Bethesda Softworks\Fallout 3\FalloutLauncher.exe"
sh=1D814EA403A946B40CC0A6A261B2387880D6B547 ft=1 fh=ff0bc5a908f5ad94 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Niko\Documents\Downloads\Integrated_BrotherSoft_TB.exe"
sh=D66CB3A290A683B3BA48D136D95089316A3054A5 ft=1 fh=cc854acfe5a0e7e4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Niko\Downloads\Star Wars The Battle of Endor - CHIP-Installer.exe"
sh=3951441AD0BEA5EF5F0CDC1C929B08F90C5D89C7 ft=1 fh=b71f7a435ee1d98a
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ed8b7c5952292e4cb3cddf3eb5f0d37c
# engine=22440
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-12 08:21:06
# local_time=2015-02-12 09:21:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Total Security'
# compatibility_mode=1298 16777213 100 100 17455 51344096 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 50150459 175402316 0 0
# scanned=436163
# found=10
# cleaned=0
# scan_time=13570
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=F0C172550AA4ED9255C4D7AFCC650991F29AB7AA ft=1 fh=f4da2b89fff0e940 vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Updater\Uninstall.exe.vir"
sh=7671FBBD26BCEECB772D1A26CC7B1911B7A20E3E ft=1 fh=4fd638d5eab7a926 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=F85ACC6D44ED37D5C487581495CD52F644911B2B ft=1 fh=b11cb89f3457cf6c vn="Win32/Virut.NBP Virus" ac=I fn="C:\Program Files (x86)\Bethesda Softworks\Fallout 3\FalloutLauncher.exe"
sh=1D814EA403A946B40CC0A6A261B2387880D6B547 ft=1 fh=ff0bc5a908f5ad94 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Niko\Documents\Downloads\Integrated_BrotherSoft_TB.exe"
sh=D66CB3A290A683B3BA48D136D95089316A3054A5 ft=1 fh=cc854acfe5a0e7e4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Niko\Downloads\Star Wars The Battle of Endor - CHIP-Installer.exe"
sh=3951441AD0BEA5EF5F0CDC1C929B08F90C5D89C7 ft=1 fh=b71f7a435ee1d98a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I
sh=F85ACC6D44ED37D5C487581495CD52F644911B2B ft=1 fh=b11cb89f3457cf6c vn="Win32/Virut.NBP Virus" ac=I fn="D:\Niko\FO3\FO3\FalloutLauncher.exe"
sh=173A746619C712051899C1EC4E03940091F8E5A5 ft=1 fh=ee537c48dcf64e43 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\HD\ffdshow_beta6_rev2527_20081219.exe"
|
|
12.02.2015, 22:16
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files (x86)\Bethesda Softworks\Fallout 3\FalloutLauncher.exe
C:\Users\Niko\Documents\Downloads\Integrated_BrotherSoft_TB.exe
C:\Users\Niko\Downloads\Star Wars The Battle of Endor - CHIP-Installer.exe
D:\Niko\FO3\FO3\FalloutLauncher.exe
E:\HD\ffdshow_beta6_rev2527_20081219.exe
EmptyTemp:
Hosts:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.02.2015, 17:47
| #15 |
| | Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ So hier der Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-02-2015
Ran by Niko at 2015-02-14 17:44:16 Run:2
Running from C:\Users\Niko\Desktop
Loaded Profiles: Niko (Available profiles: Niko)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Program Files (x86)\Bethesda Softworks\Fallout 3\FalloutLauncher.exe
C:\Users\Niko\Documents\Downloads\Integrated_BrotherSoft_TB.exe
C:\Users\Niko\Downloads\Star Wars The Battle of Endor - CHIP-Installer.exe
D:\Niko\FO3\FO3\FalloutLauncher.exe
E:\HD\ffdshow_beta6_rev2527_20081219.exe
EmptyTemp:
Hosts:
*****************
C:\Program Files (x86)\Bethesda Softworks\Fallout 3\FalloutLauncher.exe => Moved successfully.
C:\Users\Niko\Documents\Downloads\Integrated_BrotherSoft_TB.exe => Moved successfully.
C:\Users\Niko\Downloads\Star Wars The Battle of Endor - CHIP-Installer.exe => Moved successfully.
D:\Niko\FO3\FO3\FalloutLauncher.exe => Moved successfully.
E:\HD\ffdshow_beta6_rev2527_20081219.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 541.5 MB temporary data.
The system needed a reboot.
|
|
| Themen zu Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ |
| bonjour, browser, converter, desktop, dvdvideosoft ltd., firefox, flash player, google, helper, home, homepage, install.exe, kaspersky, kaspersky total security, league of legends, malware, mozilla, mp3, pc infiziert, problem, realtek, registry, robot, scan, security, software, spyware, svchost.exe, symantec, system, unbekannter ordner, virus, vista, windows, windows xp |
Linear-Darstellung
