Ihr Zugriff wurde als unberechtigt eingestuft

Woelfin2612 · 17.04.2015, 19:50

Hallo zusammen,
benötige dringend Hilfe weil ich nicht mehr weiter komme. Mein Mann hat dummerweise einen Link angeklickt den er besser hätte löschen sollen. Seit 2 Tagen kommt beim Starten : "Desktop wird vorbereitet" ... dauert ewig ... anschließend schwarzer Bildschirm mit Mauszeiger ... Internet ect. läuft alles bis auf Facebook stabil. Mein Account ist nicht betroffen, bei ihm kommt jedoch jetzt beim starten die Meldung :
"Sehr geehrter Facebook.com Kunde,
der Zugriff auf Ihren Account von der IP Nummer XXXXXXXXXX wurde als unberechtigt eingestuft und verhindert. Ihr Account wurde vorübergehend blockiert und erfordert eine Autorisierung mit Ihren Mobilfunktelefon. Bitte folgen Sie den Hinweisen auf den nächsten Seiten um Ihre Sicherheitseinstellungen zu überprüfen und Ihren Account wieder freizuschalten." Komischerweise nur auf dem stationären PC, Handy,Tablett und Laptop laufen ohne Fehler.

Weiß nicht ob beides zusammenhängt, hätte aber gerne wieder einen vernünftig laufenden PC ohne Neuaufsetzen. Und bin zwar lernfähig aber kein PC-Genie :-)

Mein System:
Windows 7 Home Premium
SP1, RAM: 6,00 GB
64 Bit-Betriebssystem
IntelCore i5 CPU

Hier meine LOG´S als Anhang weil sie leider zu groß sind

schrauber · 17.04.2015, 19:54

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Woelfin2612 · 17.04.2015, 20:06

MBAM:

Code:

ATTFilter

Suchlauf Datum: 17.04.2015
Suchlauf-Zeit: 18:14:50
Logdatei: virus.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.17.04
Rootkit Datenbank: v2015.03.31.01
Lizenz: Testversion
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Media

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 444205
Verstrichene Zeit: 16 Min, 37 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 9
PUP.Optional.BoBrowser.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\BoBrowser.IHDEG6FT2SXPL2LZ33JYNMJI7U, , [495f313c91f92a0c2e3a9d2ff80bb14f], 
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, , [98103e2f2268a88e662044793ec5cd33], 
PUP.Optional.BoBrowser.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\BoBrowser.IHDEG6FT2SXPL2LZ33JYNMJI7U, , [a9ffb7b6a3e750e6f1776a62a162a55b], 
PUP.Optional.BoBrowser.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\bobrowser.exe, , [3d6b78f593f760d6e72b71579d66a060], 
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, , [feaa8be28dfd7eb8169a1fb635ce659b], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, , [931595d86e1c37fffcb8804710f3966a], 
PUP.Optional.PlusHD.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-3.8, , [4068a4c9167487affb3cc63b39cb3fc1], 
PUP.Optional.ICinema.A, HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\SOFTWARE\I - Cinema-nv-ie, , [0d9bc1ac4c3e26100d55fbe963a0f40c], 
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-1350562663-2882368536-1752455160-501\SOFTWARE\APPDATALOW\SOFTWARE\DVDVideoSoftTB, , [921674f94a40d66009543aa2768d768a], 

Registrierungswerte: 2
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbot_de_183, , [03a5afbe3159eb4ba9f735ae4eb5d030], 
PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\extensions\searchengine@gmail.com, , [feaab2bb4941a0960f374e00f70e0bf5]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 14
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\tinyurl, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\tinyurl\images, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\_locales, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\_locales\en, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\_locales\es, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\_metadata, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT2269050, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.PlusHD.A, C:\Users\Media\AppData\LocalLow\Plus-HD-3.8, , [18900766bcce2610399370217d861de3], 
PUP.Optional.CrossRider.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh, , [5751bab37218c86e4f24d8c200036d93], 
PUP.Optional.Spigot.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk, , [099f1a5393f70c2af1c81d96a65d22de], 

Dateien: 66
PUP.Optional.Yappyz.A, C:\Users\Media\AppData\Roaming\Angry_Birds\Angry_Birds.exe, , [4d5bff6ef694d264c1bbd52f2bd7be42], 
PUP.Optional.OutBrowse, C:\Users\Media\Downloads\setup.exe, , [e9bfbab3e3a72e0882cdf154cb3756aa], 
PUP.Optional.SmartBar.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_amfclgbdpgndipgoegfpkkgobahigbcl_0.localstorage, , [bfe94a23a5e587afdfc8795ada296c94], 
PUP.Optional.CrossRider.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ofjgnhihlklpobkaloamkankaaoclfjh_0.localstorage, , [4e5a5419c0ca51e55747ae4644bf0bf5], 
PUP.Optional.WebsSearches.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\searchplugins\webssearches.xml, , [8a1e333ae7a35adc422828d9e2224eb2], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\manifest.json, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\tinyurl\ajax.js, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\tinyurl\background.js, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\tinyurl\common.js, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\tinyurl\content.js, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\tinyurl\notifier.js, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\tinyurl\notify.css, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\tinyurl\images\back.png, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\tinyurl\images\bitty.png, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\tinyurl\images\close.png, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\tinyurl\images\logo-sm.png, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\tinyurl\images\logo.png, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\_locales\en\messages.json, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\_locales\es\messages.json, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.SnapDo.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\0.63_1\_metadata\verified_contents.json, , [f8b05c11127894a2055d1a75a85bdf21], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E2x305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E=x305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\mam_gk_appsConfig.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\mam_gk_localization.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\mam_gk_settings1.13.0.17.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\url_history0001.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E31;CJ;y=_BFBL%OO.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E31;CJEIK4!KK.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E31;CJG__;MK#MM.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E31;CJI77 JJ.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E31;CJI_K3_A#MM.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E31;CJ_BHA!KK.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E3x305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E4x305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E5x305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E6x305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E7x305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E8x305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E9x305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E;x305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E+x305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E,x305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E-x305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E.x305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E._2z527.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E0x305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E1x305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E@x305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7EAx305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7EBx305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7ECx305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7EDx305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7Etx305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.ValueApps.A, C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\valueApps\CT0000000\_9B+7E_x305.txt, , [ddcb75f88ffb3204f51111809a696898], 
PUP.Optional.CrossRider.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\000003.log, , [5751bab37218c86e4f24d8c200036d93], 
PUP.Optional.CrossRider.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\CURRENT, , [5751bab37218c86e4f24d8c200036d93], 
PUP.Optional.CrossRider.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\LOCK, , [5751bab37218c86e4f24d8c200036d93], 
PUP.Optional.CrossRider.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\LOG, , [5751bab37218c86e4f24d8c200036d93], 
PUP.Optional.CrossRider.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\MANIFEST-000002, , [5751bab37218c86e4f24d8c200036d93], 
PUP.Optional.Spigot.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\000005.ldb, , [099f1a5393f70c2af1c81d96a65d22de], 
PUP.Optional.Spigot.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\000012.log, , [099f1a5393f70c2af1c81d96a65d22de], 
PUP.Optional.Spigot.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\CURRENT, , [099f1a5393f70c2af1c81d96a65d22de], 
PUP.Optional.Spigot.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\LOCK, , [099f1a5393f70c2af1c81d96a65d22de], 
PUP.Optional.Spigot.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\LOG, , [099f1a5393f70c2af1c81d96a65d22de], 
PUP.Optional.Spigot.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\LOG.old, , [099f1a5393f70c2af1c81d96a65d22de], 
PUP.Optional.Spigot.A, C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\MANIFEST-000011, , [099f1a5393f70c2af1c81d96a65d22de], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by Media (administrator) on MEDIA-PC on 17-04-2015 20:06:50
Running from C:\Users\Media\Downloads
Loaded Profiles: Media (Available profiles: Media & Ben & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Option) C:\Program Files (x86)\T-Mobile\web'n'walk Manager\GtDetectSc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Syntek Ltd.) C:\Windows\STK02N\STK02NM.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Carthago Software) C:\Program Files (x86)\DeskTask\DeskTask.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-17] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [722256 2008-12-11] (CANON INC.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-06-29] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-17] (Avast Software s.r.o.)
HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\...\Run: [leather_select] => C:\Users\Media\AppData\Local\Leather-highlight\leather-wing.exe [146944 2015-04-16] ()
HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\...\Run: [teacher_priest] => C:\Users\Media\AppData\Local\Teacher-invest\teacher-prove.exe
HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\...\Run: [mechanics] => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\ja\rs_232\alpha_particle.exe [219648 2015-02-12] (Uncomsoft)
HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\...\Run: [baseball-cause] => C:\Users\Media\AppData\Local\Temp\Baseball_mail\baseball_sentence.exe <===== ATTENTION
HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\...\MountPoints2: L - L:\AutoRun.exe
HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\...\MountPoints2: {263d480f-7330-11e1-bfd9-90fba685f47e} - K:\AutoRun.exe
HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\...\MountPoints2: {263d4817-7330-11e1-bfd9-90fba685f47e} - K:\AutoRun.exe
HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\...\MountPoints2: {2b2ebfdf-6365-11e1-ad0c-90fba685f47e} - K:\setup.exe AUTORUN=1
HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\...\MountPoints2: {7574068f-638a-11e1-ae76-90fba685f47e} - K:\AutoRun.exe
HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\...\MountPoints2: {75740694-638a-11e1-ae76-90fba685f47e} - L:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk
ShortcutTarget: STK02N 2.3 PNP Monitor.lnk -> C:\Windows\STK02N\STK02NM.exe (Syntek Ltd.)
Startup: C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskTask.lnk
ShortcutTarget: DeskTask.lnk -> C:\Program Files (x86)\DeskTask\DeskTask.exe (Carthago Software)
Startup: C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-17] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-17] (Avast Software s.r.o.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2011-05-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-21] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1350562663-2882368536-1752455160-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {0972B098-DEE9-4279-AC7E-4BAAA029102D} hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20111026060252
DPF: HKLM-x32 {D71F9A27-723E-4B8B-B428-B725E47CBA3E} hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1350562663-2882368536-1752455160-1000: @bitmanagement.com/BS Contact -> C:\Users\Media\AppData\Local\Bitmanagement Software\BS Contact\npBSContact.dll [2012-09-06] (Bitmanagement Software)
FF Plugin HKU\S-1-5-21-1350562663-2882368536-1752455160-1000: @bitmanagement.com/BSVersion,version=1.006 -> C:\Users\Media\AppData\Local\Bitmanagement Software\BS Contact\npBSVersion_6.dll [2011-09-19] (Bitmanagement Software GmbH)
FF Plugin HKU\S-1-5-21-1350562663-2882368536-1752455160-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-1350562663-2882368536-1752455160-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Media\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-25] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1350562663-2882368536-1752455160-1000: opencandy.com/OpenCandyIgnite -> C:\Users\Media\AppData\Local\OpenCandy\Ignite\npIgnite.1.1.0.75.dll No File
FF SearchPlugin: C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\searchplugins\google-avast.xml [2015-04-17]
FF Extension: No Name - C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-03-10]
FF Extension: Adblock Edge - C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\h3rkxfg8.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-02-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-17]
FF HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-03-25]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.de/webhp?sourceid=chrome-instant&rlz=1C1VEAD_enDE444&ion=1&espv=2&es_th=1&ie=UTF-8
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M9715B891-B8C9-427F-8772-FFD038D188B3&SearchSource=55&CUI=&UM=8&UP=SP01D6A06F-CED4-40D4-A90C-C51D3DEC598D&SSPV=", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=9e9c574b000000000000001333b020db", "hxxp://search.conduit.com/?ctid=CT3317893&SearchSource=48&CUI=UN25740107152156832&UM=2", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzuzytD0F0B0AyCzzyD0FyEyB0EyDyByE0BtN0D0Tzu0CyByBtCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1980271503&ir=", "hxxp://de.search.yahoo.com/?type=937811&fr=spigot-yhp-ch", "hxxp://istart.webssearches.com/?type=hp&ts=1424283218&from=squadm1&uid=HitachiXHDT721010SLA360_STF6L7MQ06T7GK06T7GKX"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]
CHR Extension: (Google Search) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]
CHR Extension: (TinyURL Automatic Link Shortener) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj [2015-04-17]
CHR Extension: (Bookmark Manager) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (the Hobbit) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\miabjcilknnjnfeikobfhbfkhjcfhpbe [2015-01-07]
CHR Extension: (Google Wallet) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2013-02-20]
CHR Extension: (Gmail) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-17] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-17] (Avast Software)
R2 GtDetectSc; C:\Program Files (x86)\T-Mobile\web'n'walk Manager\GtDetectSc.exe [204915 2007-11-05] (Option) [File not signed]
R2 HPSLPSVC; C:\Users\Media\AppData\Local\Temp\7zS3410\hpslpsvc64.dll [1039360 2012-08-27] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [107912 2008-10-09] ()
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-01-02] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2012-01-02] ()
S2 pr2anmub; C:\Windows\system32\pr2anmub.exe [781176 2007-10-18] (City Interactive Sp z o.o.)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-13] () [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-17] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-17] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-17] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-17] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-17] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-17] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2013-11-25] () [File not signed]
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-11-25] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R0 pe3anmub; C:\Windows\System32\drivers\pe3anmub.sys [72832 2007-10-18] (City Interactive Sp z o.o.)
R0 ps7anmub; C:\Windows\System32\drivers\ps7anmub.sys [102536 2007-10-18] (City Interactive Sp z o.o.)
S4 sptd; No ImagePath
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [17280 2011-12-26] (Scott)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-17] (Avast Software)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S1 egupilff; \??\C:\Windows\system32\drivers\egupilff.sys [X]
S3 GPU-Z; \??\C:\Users\Media\AppData\Local\Temp\GPU-Z.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 PCDSRVC{4368CD8C-ED31D4B7-06020101}_0; \??\c:\users\admini~1\appdata\local\temp\dbrwajbppuiz\pcdrdiag\bin\pcdsrvc_x64.pkms [X]
S3 SNP2STD; system32\DRIVERS\snp2sxp.sys [X]
S3 WPN111; system32\DRIVERS\WPN111vx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-17 20:06 - 2015-04-17 20:07 - 00027961 _____ () C:\Users\Media\Downloads\FRST.txt
2015-04-17 20:06 - 2015-04-17 20:07 - 00000000 ____D () C:\FRST
2015-04-17 20:06 - 2015-04-17 20:06 - 02097664 _____ (Farbar) C:\Users\Media\Downloads\FRST64.exe
2015-04-17 20:05 - 2015-04-17 20:05 - 01137152 _____ (Farbar) C:\Users\Media\Downloads\FRST.exe
2015-04-17 20:04 - 2015-04-17 20:04 - 00000504 _____ () C:\Users\Media\Downloads\defogger_disable.log
2015-04-17 20:04 - 2015-04-17 20:04 - 00000020 _____ () C:\Users\Media\defogger_reenable
2015-04-17 20:02 - 2015-04-17 20:02 - 00050477 _____ () C:\Users\Media\Downloads\Defogger.exe
2015-04-17 18:33 - 2015-04-17 18:33 - 00017336 _____ () C:\Users\Media\Desktop\virus.txt
2015-04-17 18:09 - 2015-04-17 19:06 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-17 18:09 - 2015-04-17 18:09 - 00001070 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-17 18:09 - 2015-04-17 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-17 18:08 - 2015-04-17 18:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-17 18:08 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-17 18:08 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-17 18:08 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-17 17:40 - 2015-04-17 17:58 - 00003278 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1350562663-2882368536-1752455160-1000
2015-04-17 17:04 - 2015-04-17 17:04 - 00000000 ____D () C:\ProgramData\gyejv
2015-04-17 16:56 - 2015-04-17 16:56 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Media\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-17 16:54 - 2015-04-17 16:54 - 00001034 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-17 16:46 - 2015-04-17 16:46 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-04-17 16:46 - 2015-04-17 16:46 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-04-17 16:43 - 2015-04-17 16:43 - 00000000 ____D () C:\Users\Media\AppData\Roaming\Dropbox
2015-04-17 16:42 - 2015-04-17 16:42 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-17 16:42 - 2015-04-17 16:42 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-17 16:40 - 2015-04-17 16:40 - 00033280 _____ (Microsoft Corporation) C:\Users\Media\Downloads\dpnsvr.exe
2015-04-17 16:35 - 2015-04-17 18:44 - 00002083 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-17 16:35 - 2015-04-17 16:42 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-17 16:35 - 2015-04-17 16:35 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-04-17 16:35 - 2015-04-17 16:35 - 00000000 ____D () C:\Windows\system32\vbox
2015-04-17 16:35 - 2015-04-17 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-17 16:34 - 2015-04-17 16:42 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-17 16:34 - 2015-04-17 16:42 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-17 16:34 - 2015-04-17 16:42 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-17 16:34 - 2015-04-17 16:42 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-17 16:34 - 2015-04-17 16:42 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-17 16:34 - 2015-04-17 16:42 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-17 16:34 - 2015-04-17 16:42 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-17 16:34 - 2015-04-17 16:41 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-17 16:33 - 2015-04-17 16:33 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-17 16:31 - 2015-04-17 16:32 - 147571744 _____ (Avast Software s.r.o.) C:\Users\Media\Downloads\avast_free_antivirus_setup.exe
2015-04-17 13:06 - 2015-04-17 13:06 - 00001156 _____ () C:\Users\Media\Downloads\ce9894e4e0936c3a0344e050c756531e.dlc
2015-04-17 13:04 - 2015-04-17 13:52 - 833408305 _____ () C:\Users\Media\Downloads\351RwdJTY.rar
2015-04-17 12:58 - 2015-04-17 12:58 - 04809950 _____ () C:\Users\Media\Downloads\krähen.rar
2015-04-16 20:20 - 2015-04-16 20:21 - 45142720 _____ (Microsoft Corporation) C:\Users\Media\Downloads\Windows-KB890830-x64-V5.23.exe
2015-04-16 20:19 - 2015-04-16 20:19 - 04314792 _____ (Bytelayer AB ) C:\Users\Media\Downloads\TrojanHunter56Setup (2).exe
2015-04-16 20:18 - 2015-04-16 20:19 - 04314792 _____ (Bytelayer AB ) C:\Users\Media\Downloads\TrojanHunter56Setup (1).exe
2015-04-16 20:18 - 2015-04-16 20:18 - 04314792 _____ (Bytelayer AB ) C:\Users\Media\Downloads\TrojanHunter56Setup.exe
2015-04-16 20:13 - 2015-04-16 20:13 - 00000000 ____D () C:\Users\Media\AppData\Roaming\dlg
2015-04-16 20:13 - 2015-04-16 20:13 - 00000000 ____D () C:\ProgramData\Licenses
2015-04-16 20:05 - 2015-04-16 20:12 - 35218576 _____ (Simply Super Software ) C:\Users\Media\Downloads\trjsetup692.exe
2015-04-16 20:03 - 2015-04-16 20:03 - 00356328 _____ () C:\Users\Media\Downloads\trjsetup692_CB-DL-Manager.exe
2015-04-16 15:02 - 2015-04-16 19:47 - 00000000 ____D () C:\Users\Media\AppData\Roaming\Solvusoft
2015-04-16 15:02 - 2015-04-16 15:02 - 03894696 _____ (solvusoft Corporation ) C:\Users\Media\Downloads\Setup_WinThruster_2015.exe
2015-04-16 15:02 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe
2015-04-16 06:16 - 2015-04-16 12:07 - 00000000 ___HD () C:\Users\Media\AppData\Local\Teacher-invest
2015-04-16 05:35 - 2015-04-16 05:35 - 00000000 ___HD () C:\Users\Media\AppData\Local\Leather-highlight
2015-04-15 17:53 - 2015-04-15 19:56 - 379360736 _____ () C:\Users\Media\Downloads\2932qby8p.rar
2015-04-15 17:51 - 2015-04-15 18:27 - 422899028 _____ () C:\Users\Media\Downloads\Hoh-KenFolDre.rar
2015-04-15 11:20 - 2015-04-15 15:51 - 00000000 ___HD () C:\Users\Media\AppData\Local\Teacherattract
2015-04-15 11:12 - 2015-04-15 11:12 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 07:58 - 2015-04-15 07:58 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-15 06:34 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 06:34 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 06:34 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 06:34 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 06:34 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 06:34 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 06:34 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 06:34 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 06:34 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 06:34 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 06:34 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 06:34 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 06:34 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 06:34 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 06:34 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 06:34 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 06:34 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 06:34 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 06:34 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 06:34 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 06:34 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 06:34 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 06:34 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 06:34 - 2015-01-28 01:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-15 06:33 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 06:33 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 06:33 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 06:33 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 06:33 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 06:33 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 06:33 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 06:33 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 06:33 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 06:33 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 06:33 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 06:33 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 06:33 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 06:33 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 06:33 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 06:33 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 06:33 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 06:33 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 06:33 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 06:33 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 06:33 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 06:33 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 06:33 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 06:33 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 06:33 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 06:33 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 06:33 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 06:33 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 06:33 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 06:33 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 06:33 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 06:33 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 06:33 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 06:33 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 06:33 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 06:33 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 06:33 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 06:33 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 06:33 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 06:33 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 06:33 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 06:33 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 06:33 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 06:33 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 06:33 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 06:33 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 06:33 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 06:33 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 06:33 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 06:33 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 06:33 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 06:33 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 06:33 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 06:33 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 06:33 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 06:33 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 06:33 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 06:33 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 06:33 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 06:33 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 06:33 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 06:33 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 06:33 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 06:33 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 06:33 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 06:33 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 06:33 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 06:33 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 06:33 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 06:33 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 06:33 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 06:33 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 06:33 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 06:33 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 06:33 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 06:33 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 06:33 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 06:33 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 06:33 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 06:33 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 06:33 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 06:33 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 06:33 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 06:33 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 06:33 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 06:33 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 06:33 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 06:33 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 06:33 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 06:33 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 06:33 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 06:33 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 06:33 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 06:33 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 06:33 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 06:33 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 06:33 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 06:33 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 06:33 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 06:33 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 06:33 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 06:33 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 06:33 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 06:33 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 06:33 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 06:33 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 06:33 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 06:33 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 06:33 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 06:33 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 06:33 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 06:33 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 06:33 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 06:33 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 06:33 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 06:33 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-12 19:29 - 2015-04-12 21:36 - 587528831 _____ () C:\Users\Media\Downloads\Sons.of.Anarchy.S06E06.Korrupte.Cops-SOF(1).rar
2015-04-11 15:48 - 2015-04-11 15:49 - 00685000 _____ () C:\Users\Media\Downloads\Setup (2).exe
2015-04-09 22:35 - 2015-04-09 22:59 - 587528831 _____ () C:\Users\Media\Downloads\Sons.of.Anarchy.S06E06.Korrupte.Cops-SOF.rar
2015-04-09 16:03 - 2015-04-09 16:03 - 00000023 _____ () C:\Users\Media\Downloads\listen.pls
2015-04-07 17:50 - 2015-04-15 16:45 - 00000000 ____D () C:\Users\Media\Desktop\Neuer Ordner (2)
2015-04-05 00:21 - 2015-04-05 00:21 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 00:21 - 2015-04-05 00:21 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 10:15 - 2015-04-04 10:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-02 20:50 - 2015-04-02 20:56 - 102742044 _____ () C:\Users\Media\Downloads\Anna-Maria_Zimmermann_-_Bauchgefuehl-DE-2015-MOD.rar
2015-04-02 20:49 - 2015-04-02 20:58 - 152767348 _____ () C:\Users\Media\Downloads\Juergen_Drews_-_Es_War_Alles_Am_Besten-_2015_-NoGroup.rar
2015-03-28 17:02 - 2015-03-28 17:02 - 01714413 _____ () C:\Users\Media\Downloads\Blackhat-RELiABLE.part5.rar
2015-03-27 17:13 - 2015-03-27 17:51 - 118500361 _____ () C:\Users\Media\Downloads\Der deutsche Hitmix - Die Party-CANNA.rar
2015-03-25 08:42 - 2015-03-25 08:42 - 07388946 _____ () C:\Users\Media\Downloads\Mein_erster_Wellensittich.rar
2015-03-23 19:19 - 2015-03-23 19:22 - 93607319 _____ () C:\Users\Media\Downloads\170315fsogde3882tkjz28.part2.rar
2015-03-23 19:19 - 2015-03-23 19:22 - 209715200 _____ () C:\Users\Media\Downloads\170315fsogde3882tkjz28.part1.rar
2015-03-20 22:06 - 2015-03-20 22:29 - 137127263 _____ () C:\Users\Media\Downloads\WC.BD-PsO.part3.rar
2015-03-20 22:02 - 2015-03-20 22:04 - 11274952 _____ () C:\Users\Media\Downloads\pso-chappie_ts.sd-sample.mkv
2015-03-20 16:52 - 2015-03-20 16:56 - 112395764 _____ () C:\Users\Media\Downloads\Johannes_Oerding-Alles_Brennt-DE-2015-VOiCE.rar
2015-03-20 16:39 - 2015-03-20 16:43 - 97311643 _____ () C:\Users\Media\Downloads\Michael_Wendler-Die_Maske_Faellt-DE-2015-VOiCE.rar
2015-03-18 09:40 - 2015-03-18 09:40 - 00000482 _____ () C:\Users\Media\Downloads\backofen-grillreiniger-detvo.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-17 20:04 - 2011-07-15 18:12 - 00000000 ____D () C:\Users\Media
2015-04-17 19:53 - 2011-07-18 21:05 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-17 19:14 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-17 19:14 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-17 19:11 - 2014-06-25 12:07 - 00000224 _____ () C:\Users\Media\BullseyeCoverageError.txt
2015-04-17 19:11 - 2011-07-15 18:14 - 01226628 _____ () C:\Windows\WindowsUpdate.log
2015-04-17 19:04 - 2011-07-18 21:05 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-17 19:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-17 19:03 - 2013-08-11 20:53 - 00121664 _____ () C:\Windows\setupact.log
2015-04-17 18:59 - 2013-08-21 04:16 - 00586478 _____ () C:\Windows\PFRO.log
2015-04-17 18:42 - 2015-02-18 20:11 - 00000000 ____D () C:\Users\Media\AppData\Roaming\Angry_Birds
2015-04-17 18:11 - 2014-02-20 11:02 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-04-17 18:08 - 2014-02-08 21:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-17 17:40 - 2014-02-10 09:10 - 00001005 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-17 17:37 - 2011-06-22 18:54 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-04-17 17:36 - 2011-06-22 18:54 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-04-17 17:36 - 2011-01-04 17:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-17 17:06 - 2013-04-10 13:11 - 00000000 ____D () C:\Users\Media\Documents\Anti-Malware
2015-04-17 16:46 - 2011-07-23 12:40 - 00000000 ____D () C:\Users\Media\AppData\Local\Adobe
2015-04-17 16:46 - 2011-07-15 18:42 - 00000000 ____D () C:\Users\Media\AppData\Roaming\Adobe
2015-04-17 16:46 - 2011-01-04 17:44 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-17 16:44 - 2012-09-03 18:05 - 00000759 _____ () C:\Windows\wininit.ini
2015-04-17 16:32 - 2013-11-20 15:24 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-17 12:45 - 2012-09-01 20:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-17 01:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 01:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 20:17 - 2011-06-22 19:10 - 00000000 ____D () C:\ProgramData\Temp
2015-04-16 20:03 - 2013-10-24 12:18 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-04-16 20:03 - 2013-04-05 18:44 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-04-16 06:28 - 2011-11-26 11:30 - 00000000 ____D () C:\Users\Media\Desktop\Nicole
2015-04-15 13:52 - 2011-06-23 04:43 - 00702942 _____ () C:\Windows\system32\perfh007.dat
2015-04-15 13:52 - 2011-06-23 04:43 - 00150582 _____ () C:\Windows\system32\perfc007.dat
2015-04-15 13:52 - 2009-07-14 07:13 - 01629348 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 11:12 - 2014-05-06 23:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 11:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 07:58 - 2012-09-01 20:18 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 07:58 - 2011-07-25 09:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 07:58 - 2011-07-23 10:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 07:57 - 2011-07-25 18:58 - 01602692 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 07:55 - 2013-07-24 20:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 07:24 - 2011-08-29 17:56 - 09858048 ___SH () C:\Users\Media\Desktop\Thumbs.db
2015-04-15 06:58 - 2012-09-01 20:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 20:04 - 2013-09-28 23:39 - 00000000 ____D () C:\Users\Media\Documents\Calibre-Bibliothek
2015-04-11 21:14 - 2012-01-14 21:18 - 00000000 ____D () C:\Users\Media\AppData\Roaming\dvdcss
2015-04-11 20:58 - 2011-07-18 20:18 - 00000000 ____D () C:\Users\Media\AppData\Roaming\vlc
2015-04-04 20:41 - 2014-02-10 09:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-01 11:16 - 2012-09-30 19:32 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-01 09:20 - 2011-07-24 19:42 - 00000000 ____D () C:\ProgramData\CanonIJPLM

==================== Files in the root of some directories =======

2004-01-26 18:15 - 2004-01-26 18:15 - 0233472 ____R () C:\Users\Media\AppData\Roaming\MafiaSetup.exe
2014-06-19 10:23 - 2014-06-19 10:23 - 0000024 _____ () C:\Users\Media\AppData\Roaming\temp.ini
2014-02-10 09:10 - 2014-03-25 20:49 - 0000082 _____ () C:\Users\Media\AppData\Roaming\WB.CFG
2015-01-06 14:58 - 2015-01-06 14:58 - 0003584 _____ () C:\Users\Media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-21 17:26 - 2011-07-21 17:26 - 0017408 _____ () C:\Users\Media\AppData\Local\WebpageIcons.db
2011-06-22 19:10 - 2011-06-22 19:12 - 0015491 _____ () C:\ProgramData\ArcadeDeluxe4.log
2012-09-09 10:47 - 2014-03-05 09:48 - 0006847 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\Media\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\Media\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Media\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Media\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Media\AppData\Local\Temp\SDShelEx-x64.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 15:32

==================== End Of Log ============================

--- --- ---

--- --- ---

Woelfin2612 · 17.04.2015, 20:08

GMER

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-17 20:18:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 Hitachi_ rev.ST6O 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Media\AppData\Local\Temp\kwloypod.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                 00000000779f1401 2 bytes JMP 774ab1ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2424] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                   00000000779f1419 2 bytes JMP 774ab31a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                 00000000779f1431 2 bytes JMP 77528f09 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                 00000000779f144a 2 bytes CALL 77484885 C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2424] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                    00000000779f14dd 2 bytes JMP 77528802 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                             00000000779f14f5 2 bytes JMP 775289d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                    00000000779f150d 2 bytes JMP 775286f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                             00000000779f1525 2 bytes JMP 77528ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                   00000000779f153d 2 bytes JMP 7749fc78 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2424] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                        00000000779f1555 2 bytes JMP 774a68bf C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2424] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                 00000000779f156d 2 bytes JMP 77528fc1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2424] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                   00000000779f1585 2 bytes JMP 77528b22 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                      00000000779f159d 2 bytes JMP 775286bc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                   00000000779f15b5 2 bytes JMP 7749fd11 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                 00000000779f15cd 2 bytes JMP 774ab2b0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                             00000000779f16b2 2 bytes JMP 77528e84 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                             00000000779f16bd 2 bytes JMP 77528651 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                  00000000779f1401 2 bytes JMP 774ab1ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2460] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                    00000000779f1419 2 bytes JMP 774ab31a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                  00000000779f1431 2 bytes JMP 77528f09 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                  00000000779f144a 2 bytes CALL 77484885 C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2460] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                     00000000779f14dd 2 bytes JMP 77528802 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                              00000000779f14f5 2 bytes JMP 775289d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                     00000000779f150d 2 bytes JMP 775286f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                              00000000779f1525 2 bytes JMP 77528ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                    00000000779f153d 2 bytes JMP 7749fc78 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2460] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                         00000000779f1555 2 bytes JMP 774a68bf C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                  00000000779f156d 2 bytes JMP 77528fc1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                    00000000779f1585 2 bytes JMP 77528b22 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                       00000000779f159d 2 bytes JMP 775286bc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                    00000000779f15b5 2 bytes JMP 7749fd11 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                  00000000779f15cd 2 bytes JMP 774ab2b0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                              00000000779f16b2 2 bytes JMP 77528e84 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                              00000000779f16bd 2 bytes JMP 77528651 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                              00000000779f1401 2 bytes JMP 774ab1ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2496] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                00000000779f1419 2 bytes JMP 774ab31a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                              00000000779f1431 2 bytes JMP 77528f09 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                              00000000779f144a 2 bytes CALL 77484885 C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2496] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                 00000000779f14dd 2 bytes JMP 77528802 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                          00000000779f14f5 2 bytes JMP 775289d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                 00000000779f150d 2 bytes JMP 775286f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                          00000000779f1525 2 bytes JMP 77528ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                00000000779f153d 2 bytes JMP 7749fc78 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2496] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                     00000000779f1555 2 bytes JMP 774a68bf C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                              00000000779f156d 2 bytes JMP 77528fc1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                00000000779f1585 2 bytes JMP 77528b22 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                   00000000779f159d 2 bytes JMP 775286bc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                00000000779f15b5 2 bytes JMP 7749fd11 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                              00000000779f15cd 2 bytes JMP 774ab2b0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                          00000000779f16b2 2 bytes JMP 77528e84 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                          00000000779f16bd 2 bytes JMP 77528651 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                00000000779f1401 2 bytes JMP 774ab1ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2588] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                  00000000779f1419 2 bytes JMP 774ab31a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                00000000779f1431 2 bytes JMP 77528f09 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                00000000779f144a 2 bytes CALL 77484885 C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2588] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                   00000000779f14dd 2 bytes JMP 77528802 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                            00000000779f14f5 2 bytes JMP 775289d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                   00000000779f150d 2 bytes JMP 775286f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                            00000000779f1525 2 bytes JMP 77528ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                  00000000779f153d 2 bytes JMP 7749fc78 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2588] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                       00000000779f1555 2 bytes JMP 774a68bf C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                00000000779f156d 2 bytes JMP 77528fc1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                  00000000779f1585 2 bytes JMP 77528b22 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                     00000000779f159d 2 bytes JMP 775286bc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                  00000000779f15b5 2 bytes JMP 7749fd11 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                00000000779f15cd 2 bytes JMP 774ab2b0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                            00000000779f16b2 2 bytes JMP 77528e84 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                            00000000779f16bd 2 bytes JMP 77528651 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2752] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                                                                              0000000073c117fa 2 bytes CALL 774811a9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2752] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                                                                          0000000073c11860 2 bytes CALL 774811a9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2752] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                                                                        0000000073c11942 2 bytes JMP 76ea7089 C:\Windows\syswow64\WS2_32.dll
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2752] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                                                                       0000000073c1194d 2 bytes JMP 76eacba6 C:\Windows\syswow64\WS2_32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                                                                              0000000073c117fa 2 bytes CALL 774811a9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                                                                          0000000073c11860 2 bytes CALL 774811a9 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                                                                        0000000073c11942 2 bytes JMP 76ea7089 C:\Windows\syswow64\WS2_32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                                                                       0000000073c1194d 2 bytes JMP 76eacba6 C:\Windows\syswow64\WS2_32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                                                                                00000000779f1401 2 bytes JMP 774ab1ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                                                                  00000000779f1419 2 bytes JMP 774ab31a C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                                                                                00000000779f1431 2 bytes JMP 77528f09 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                                                                                00000000779f144a 2 bytes CALL 77484885 C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                           * 9
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                                                                   00000000779f14dd 2 bytes JMP 77528802 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                            00000000779f14f5 2 bytes JMP 775289d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                                                                   00000000779f150d 2 bytes JMP 775286f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                            00000000779f1525 2 bytes JMP 77528ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                                                                  00000000779f153d 2 bytes JMP 7749fc78 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                                                                       00000000779f1555 2 bytes JMP 774a68bf C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                                                                                00000000779f156d 2 bytes JMP 77528fc1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                                                                  00000000779f1585 2 bytes JMP 77528b22 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                                                                     00000000779f159d 2 bytes JMP 775286bc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                                                                  00000000779f15b5 2 bytes JMP 7749fd11 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                                                                                00000000779f15cd 2 bytes JMP 774ab2b0 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                                                                            00000000779f16b2 2 bytes JMP 77528e84 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2776] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                                                                            00000000779f16bd 2 bytes JMP 77528651 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                       00000000779f1401 2 bytes JMP 774ab1ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2956] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                         00000000779f1419 2 bytes JMP 774ab31a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                       00000000779f1431 2 bytes JMP 77528f09 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                       00000000779f144a 2 bytes CALL 77484885 C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2956] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                          00000000779f14dd 2 bytes JMP 77528802 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                   00000000779f14f5 2 bytes JMP 775289d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                          00000000779f150d 2 bytes JMP 775286f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                   00000000779f1525 2 bytes JMP 77528ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                         00000000779f153d 2 bytes JMP 7749fc78 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2956] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                              00000000779f1555 2 bytes JMP 774a68bf C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                       00000000779f156d 2 bytes JMP 77528fc1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                         00000000779f1585 2 bytes JMP 77528b22 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                            00000000779f159d 2 bytes JMP 775286bc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                         00000000779f15b5 2 bytes JMP 7749fd11 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                       00000000779f15cd 2 bytes JMP 774ab2b0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                   00000000779f16b2 2 bytes JMP 77528e84 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                   00000000779f16bd 2 bytes JMP 77528651 C:\Windows\syswow64\kernel32.dll
?        C:\Windows\system32\mssprxy.dll [2956] entry point in ".rdata" section                                                                                                                        00000000750a71e6
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                    00000000779f1401 2 bytes JMP 774ab1ef C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4648] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                      00000000779f1419 2 bytes JMP 774ab31a C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                    00000000779f1431 2 bytes JMP 77528f09 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                    00000000779f144a 2 bytes CALL 77484885 C:\Windows\syswow64\KERNEL32.dll
.text    ...                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4648] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                       00000000779f14dd 2 bytes JMP 77528802 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                00000000779f14f5 2 bytes JMP 775289d8 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                       00000000779f150d 2 bytes JMP 775286f8 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                00000000779f1525 2 bytes JMP 77528ac2 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                      00000000779f153d 2 bytes JMP 7749fc78 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4648] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                           00000000779f1555 2 bytes JMP 774a68bf C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                    00000000779f156d 2 bytes JMP 77528fc1 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                      00000000779f1585 2 bytes JMP 77528b22 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                         00000000779f159d 2 bytes JMP 775286bc C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                      00000000779f15b5 2 bytes JMP 7749fd11 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                    00000000779f15cd 2 bytes JMP 774ab2b0 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                00000000779f16b2 2 bytes JMP 77528e84 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Samsung\Kies\Kies.exe[4648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                00000000779f16bd 2 bytes JMP 77528651 C:\Windows\syswow64\KERNEL32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                    00000000779f1401 2 bytes JMP 774ab1ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                      00000000779f1419 2 bytes JMP 774ab31a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                    00000000779f1431 2 bytes JMP 77528f09 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                    00000000779f144a 2 bytes CALL 77484885 C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                       00000000779f14dd 2 bytes JMP 77528802 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                00000000779f14f5 2 bytes JMP 775289d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                       00000000779f150d 2 bytes JMP 775286f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                00000000779f1525 2 bytes JMP 77528ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                      00000000779f153d 2 bytes JMP 7749fc78 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                           00000000779f1555 2 bytes JMP 774a68bf C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                    00000000779f156d 2 bytes JMP 77528fc1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                      00000000779f1585 2 bytes JMP 77528b22 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                         00000000779f159d 2 bytes JMP 775286bc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                      00000000779f15b5 2 bytes JMP 7749fd11 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                    00000000779f15cd 2 bytes JMP 774ab2b0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                00000000779f16b2 2 bytes JMP 77528e84 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                00000000779f16bd 2 bytes JMP 77528651 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                           00000000779f1401 2 bytes JMP 774ab1ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3672] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                             00000000779f1419 2 bytes JMP 774ab31a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                           00000000779f1431 2 bytes JMP 77528f09 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                           00000000779f144a 2 bytes CALL 77484885 C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3672] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                              00000000779f14dd 2 bytes JMP 77528802 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                       00000000779f14f5 2 bytes JMP 775289d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                              00000000779f150d 2 bytes JMP 775286f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                       00000000779f1525 2 bytes JMP 77528ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                             00000000779f153d 2 bytes JMP 7749fc78 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3672] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                  00000000779f1555 2 bytes JMP 774a68bf C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                           00000000779f156d 2 bytes JMP 77528fc1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                             00000000779f1585 2 bytes JMP 77528b22 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                00000000779f159d 2 bytes JMP 775286bc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                             00000000779f15b5 2 bytes JMP 7749fd11 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                           00000000779f15cd 2 bytes JMP 774ab2b0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                       00000000779f16b2 2 bytes JMP 77528e84 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                       00000000779f16bd 2 bytes JMP 77528651 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files\AVAST Software\Avast\AvastUI.exe[4664] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                                          0000000077488769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text    C:\Windows\SysWOW64\fsutil.exe[5496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                  00000000779f1401 2 bytes JMP 774ab1ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\fsutil.exe[5496] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                    00000000779f1419 2 bytes JMP 774ab31a C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\fsutil.exe[5496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                  00000000779f1431 2 bytes JMP 77528f09 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\fsutil.exe[5496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                  00000000779f144a 2 bytes CALL 77484885 C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                           * 9
.text    C:\Windows\SysWOW64\fsutil.exe[5496] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                     00000000779f14dd 2 bytes JMP 77528802 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\fsutil.exe[5496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                              00000000779f14f5 2 bytes JMP 775289d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\fsutil.exe[5496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                     00000000779f150d 2 bytes JMP 775286f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\fsutil.exe[5496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                              00000000779f1525 2 bytes JMP 77528ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\fsutil.exe[5496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                    00000000779f153d 2 bytes JMP 7749fc78 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\fsutil.exe[5496] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                         00000000779f1555 2 bytes JMP 774a68bf C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\fsutil.exe[5496] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                  00000000779f156d 2 bytes JMP 77528fc1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\fsutil.exe[5496] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                    00000000779f1585 2 bytes JMP 77528b22 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\fsutil.exe[5496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                       00000000779f159d 2 bytes JMP 775286bc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\fsutil.exe[5496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                    00000000779f15b5 2 bytes JMP 7749fd11 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\fsutil.exe[5496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                  00000000779f15cd 2 bytes JMP 774ab2b0 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\fsutil.exe[5496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                              00000000779f16b2 2 bytes JMP 77528e84 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\SysWOW64\fsutil.exe[5496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                              00000000779f16bd 2 bytes JMP 77528651 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                 00000000779f1401 2 bytes JMP 774ab1ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5256] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                   00000000779f1419 2 bytes JMP 774ab31a C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                 00000000779f1431 2 bytes JMP 77528f09 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                 00000000779f144a 2 bytes CALL 77484885 C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                           * 9
.text    C:\Windows\syswow64\svchost.exe[5256] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                    00000000779f14dd 2 bytes JMP 77528802 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                             00000000779f14f5 2 bytes JMP 775289d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                    00000000779f150d 2 bytes JMP 775286f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                             00000000779f1525 2 bytes JMP 77528ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                   00000000779f153d 2 bytes JMP 7749fc78 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5256] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                        00000000779f1555 2 bytes JMP 774a68bf C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5256] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                 00000000779f156d 2 bytes JMP 77528fc1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5256] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                   00000000779f1585 2 bytes JMP 77528b22 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                      00000000779f159d 2 bytes JMP 775286bc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                   00000000779f15b5 2 bytes JMP 7749fd11 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                 00000000779f15cd 2 bytes JMP 774ab2b0 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                             00000000779f16b2 2 bytes JMP 77528e84 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                             00000000779f16bd 2 bytes JMP 77528651 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                 00000000779f1401 2 bytes JMP 774ab1ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5984] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                   00000000779f1419 2 bytes JMP 774ab31a C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                 00000000779f1431 2 bytes JMP 77528f09 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                 00000000779f144a 2 bytes CALL 77484885 C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                           * 9
.text    C:\Windows\syswow64\svchost.exe[5984] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                    00000000779f14dd 2 bytes JMP 77528802 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                             00000000779f14f5 2 bytes JMP 775289d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5984] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                    00000000779f150d 2 bytes JMP 775286f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                             00000000779f1525 2 bytes JMP 77528ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                   00000000779f153d 2 bytes JMP 7749fc78 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5984] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                        00000000779f1555 2 bytes JMP 774a68bf C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                 00000000779f156d 2 bytes JMP 77528fc1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                   00000000779f1585 2 bytes JMP 77528b22 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5984] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                      00000000779f159d 2 bytes JMP 775286bc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                   00000000779f15b5 2 bytes JMP 7749fd11 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                 00000000779f15cd 2 bytes JMP 774ab2b0 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                             00000000779f16b2 2 bytes JMP 77528e84 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5984] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                             00000000779f16bd 2 bytes JMP 77528651 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                 00000000779f1401 2 bytes JMP 774ab1ef C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5540] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                   00000000779f1419 2 bytes JMP 774ab31a C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                 00000000779f1431 2 bytes JMP 77528f09 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                 00000000779f144a 2 bytes CALL 77484885 C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                           * 9
.text    C:\Windows\syswow64\svchost.exe[5540] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                    00000000779f14dd 2 bytes JMP 77528802 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                             00000000779f14f5 2 bytes JMP 775289d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                    00000000779f150d 2 bytes JMP 775286f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                             00000000779f1525 2 bytes JMP 77528ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                   00000000779f153d 2 bytes JMP 7749fc78 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5540] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                        00000000779f1555 2 bytes JMP 774a68bf C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                 00000000779f156d 2 bytes JMP 77528fc1 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                   00000000779f1585 2 bytes JMP 77528b22 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                      00000000779f159d 2 bytes JMP 775286bc C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                   00000000779f15b5 2 bytes JMP 7749fd11 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                 00000000779f15cd 2 bytes JMP 774ab2b0 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                             00000000779f16b2 2 bytes JMP 77528e84 C:\Windows\syswow64\kernel32.dll
.text    C:\Windows\syswow64\svchost.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                             00000000779f16bd 2 bytes JMP 77528651 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                  00000000779f1401 2 bytes JMP 774ab1ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7848] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                    00000000779f1419 2 bytes JMP 774ab31a C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                  00000000779f1431 2 bytes JMP 77528f09 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                  00000000779f144a 2 bytes CALL 77484885 C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7848] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                     00000000779f14dd 2 bytes JMP 77528802 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                              00000000779f14f5 2 bytes JMP 775289d8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                     00000000779f150d 2 bytes JMP 775286f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                              00000000779f1525 2 bytes JMP 77528ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                    00000000779f153d 2 bytes JMP 7749fc78 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7848] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                         00000000779f1555 2 bytes JMP 774a68bf C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7848] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                  00000000779f156d 2 bytes JMP 77528fc1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7848] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                    00000000779f1585 2 bytes JMP 77528b22 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                       00000000779f159d 2 bytes JMP 775286bc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                    00000000779f15b5 2 bytes JMP 7749fd11 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                  00000000779f15cd 2 bytes JMP 774ab2b0 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                              00000000779f16b2 2 bytes JMP 77528e84 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                              00000000779f16bd 2 bytes JMP 77528651 C:\Windows\syswow64\kernel32.dll

---- Threads - GMER 2.1 ----

Thread   C:\Windows\Explorer.EXE [1784:6356]                                                                                                                                                           00000000042dcfe8
Thread   C:\Windows\Explorer.EXE [1784:6336]                                                                                                                                                           00000000042db394
Thread   C:\Windows\Explorer.EXE [1784:6376]                                                                                                                                                           00000000042d4228
Thread   C:\Windows\SysWOW64\fsutil.exe [5496:5956]                                                                                                                                                    000000007ef802d3
Thread   C:\Windows\SysWOW64\fsutil.exe [5496:5952]                                                                                                                                                    000000007ef804dd
Thread   C:\Windows\SysWOW64\fsutil.exe [5496:6008]                                                                                                                                                    000000007ef9a990
Thread   C:\Windows\SysWOW64\fsutil.exe [5496:3376]                                                                                                                                                    000000007efacde5
Thread   C:\Windows\SysWOW64\fsutil.exe [5496:5152]                                                                                                                                                    000000007efa109d
---- Processes - GMER 2.1 ----

Library  c:\users\media\appdata\local\temp\7zs3410\hpslpsvc64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [7560] (HP Network Devices Support/Hewlett-Packard Co.)(2012-10-01 12:16:11)  0000000180000000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272c8bbaf                                                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272c8bbaf@b08991804c10                                                                                                      0x46 0x2A 0x52 0x13 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Shares@Zechenfest \x00b412                                                                                                                CSCFlags=2048?MaxUses=4294967295?Path=D:\laptop\bilder\Zechenfest ?12?Permissions=0?Remark=?ShareName=Zechenfest ?12?Type=0?
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                                                              
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                           0
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                        0x4B 0x94 0xC4 0x56 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272c8bbaf (not active ControlSet)                                                                                               
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272c8bbaf@b08991804c10                                                                                                          0x46 0x2A 0x52 0x13 ...
Reg      HKLM\SYSTEM\ControlSet002\services\LanmanServer\Shares@Zechenfest \x00b412                                                                                                                    CSCFlags=2048?MaxUses=4294967295?Path=D:\laptop\bilder\Zechenfest ?12?Permissions=0?Remark=?ShareName=Zechenfest ?12?Type=0?
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                                          
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                               0
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                            0x4B 0x94 0xC4 0x56 ...
Reg      HKCU\Software\Microsoft\Windows Live\Companion\dlapitch@aol.com@bb420760fd76910486f27e568e93828c\r\n                                                                                          0xAF 0x26 0x9E 0xD5 ...
Reg      HKCU\Software\Microsoft\Windows Live\Companion\dlapitch@aol.com@94a858a222d9c8cf969d93f6d5be46af\r\n                                                                                          0x66 0x71 0x27 0x88 ...
Reg      HKCU\Software\Microsoft\Windows Live\Companion\npackheiser@yahoo.de@c46433b22804e71fd23c1fa8d31fa5e1\r\n                                                                                      0xB9 0xFD 0x41 0x46 ...
Reg      HKCU\Software\Microsoft\Windows Live\Companion\npackheiser@yahoo.de@3daabe094404afc6e207c93771312911\r\n                                                                                      0xCB 0x03 0x92 0xF5 ...
Reg      HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ExcludeProfileDirs                                                                                                                 AppData\Local;AppData\LocalLow;$Recycle.Bin
Reg      HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@BuildNumber                                                                                                                        7601
Reg      HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@FirstLogon                                                                                                                         0
Reg      HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ParseAutoexec                                                                                                                      1

---- EOF - GMER 2.1 ----

Addition:

Code:

ATTFilter

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 04
Ran by Media at 2015-04-17 20:07:53
Running from C:\Users\Media\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

0.5.0 (HKLM-x32\...\{880CCD78-5657-459E-B3DC-298F3B585F9B}_is1) (Version:  - EuropeInRuins)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.5.7828 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 4.5.7828 - CyberLink Corp.) Hidden
Acer Arcade Movie (x32 Version: 9.0.6629 - CyberLink Corp.) Hidden
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0909 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Alpha Protocol (HKLM-x32\...\{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}) (Version: 1.00.0000 - SEGA Corporation)
Aquamarin Haushaltsbuch 2.9.2 b (HKLM-x32\...\{1E517C0C-8542-4F8C-DA23-98BCA13CD1F4}_is1) (Version:  - makasy.com)
ATI Catalyst Install Manager (HKLM\...\{DD99C9BF-5A9C-25B5-EF7D-AA9A0DB12800}) (Version: 3.0.825.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
BS Contact (HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\...\BS Contact) (Version:  - Bitmanagement Software GmbH)
calibre (HKLM-x32\...\{48C84341-E4F7-42EC-BED5-7A5CAA3291F5}) (Version: 1.33.0 - Kovid Goyal)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version:  - )
Canon MX320 series Benutzerregistrierung (HKLM-x32\...\Canon MX320 series Benutzerregistrierung) (Version:  - )
Canon MX320 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeskTask (remove only) (HKLM-x32\...\desktask) (Version:  - )
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.38.151 - Electronic Arts)
EAX Unified (HKLM-x32\...\EAX Unified) (Version:  - )
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
FormatFactory 3.2.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.2.1.0 - Free Time)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.30.319 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.30.319 - DVDVideoSoft Ltd.)
FUSSBALL MANAGER 09 (HKLM-x32\...\FUSSBALL MANAGER 09) (Version:  - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaminfeuer Comprehensive Edition Free (HKLM-x32\...\ST5UNST #1) (Version:  - )
KONZ-Steuer-2014 (HKLM-x32\...\InstallShield_{20F1078B-E3B6-4DA1-9570-003DE110890A}) (Version: 1.00.0000 - USM)
KONZ-Steuer-2014 (x32 Version: 1.00.0000 - USM) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MediaShow Espresso (x32 Version: 5.5.1713_26701 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 2.0 (HKLM-x32\...\{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}) (Version: 2.0.11128.1 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\...\MyFreeCodec) (Version:  - )
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nero 9 Essentials (HKLM-x32\...\{9c221718-e0a6-4b81-9c34-188c9cdb43a4}) (Version:  - Nero AG)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.2.2065 - Electronic Arts, Inc.)
PC Connectivity Solution (HKLM-x32\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Romi (HKLM-x32\...\Romi) (Version:  - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shutdown Manager (HKLM-x32\...\{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1) (Version: 2.0.7 - Daniel Höllig)
Siggi Blitz Vorschule 1 (HKLM-x32\...\Siggi Blitz Vorschule 1_is1) (Version:  - Paletti)
Steuer 2013 (HKLM-x32\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
STK02N 2.3 (HKLM-x32\...\{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}) (Version: 2.3 - Syntek)
Stronghold (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SWR3 RauchFrei Version 1.2 (HKLM-x32\...\SWR3 RauchFrei_is1) (Version: 1.1 - Oliver Reuther und SWR3)
ÜberSoldier 2 (HKLM-x32\...\ÜberSoldier 2_is1) (Version:  - City Interctive)
Unity Web Player (HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
UseNeXT (HKLM-x32\...\UseNeXT_is1) (Version:  - Tangysoft Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
web'n'walk Manager (HKLM-x32\...\{25DEC9F7-08C7-4511-9B4A-40A61E40658E}) (Version: 2.5.0.68 - Option NV)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Wildlife Park 2 - Farm World Version 2.1 (HKLM-x32\...\{1CF07ACD-A556-4980-9CFC-F8DA0E58EAF5}_is1) (Version: 2.1 - Deep Silver)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-04-2015 07:45:46 Windows Update
16-04-2015 20:06:03 TuneUp Utilities 2014 wird entfernt
16-04-2015 20:06:45 TuneUp Utilities 2014 (de-DE) wird entfernt
17-04-2015 16:33:01 avast! antivirus system restore point
17-04-2015 16:40:29 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {105AE47F-AFAA-4611-9503-48AC29F98220} - System32\Tasks\{260801F7-9A11-4D8F-A16A-C52219AA9932} => C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\ReStart.exe
Task: {4BADA1CC-5A2E-4051-8105-EE8C96D40998} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {56C17769-ECD7-4D29-B782-89CCACF53F69} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {66FECDDD-9F3A-418F-9C00-872AF34CA144} - System32\Tasks\{65363E81-6DDB-449E-A901-56987FDB9B48} => pcalua.exe -a "C:\Program Files (x86)\Spreng- und Abriss-Simulator\Uninstal.exe"
Task: {6FF5E5AE-5974-45CB-83CF-E66E0B7C9B7B} - System32\Tasks\{197F1A4E-6B47-4D90-A49B-96D7A8D7C8E9} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {975CEE45-6A0E-406B-8E9F-0845178388EF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {A70ED218-261E-4AF9-996C-9A5633954683} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {A88E594E-AC8F-4FAE-9B29-04A902C49ADB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {ACE3310D-E78B-4159-9850-61213A4A418B} - System32\Tasks\{B91C1A3D-A84A-452F-856F-5A4EB14FC9B7} => pcalua.exe -a C:\Users\Media\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=squadm1 <==== ATTENTION
Task: {C39E57FF-15FB-448B-8E2A-BD7405A88339} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {EA15F128-0938-463A-977B-7A2A428E1EF2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {ED65322F-0578-4494-AD93-6646AE814878} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {EEFC2AEF-1F28-42F0-B62C-21387DD20B36} - System32\Tasks\avastBCLRestartS-1-5-21-1350562663-2882368536-1752455160-1000 => Chrome.exe 
Task: {F96294EB-1329-4F0C-80EA-2A6A93601E37} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-17] (Avast Software s.r.o.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-07-24 19:42 - 2008-10-09 07:07 - 00107912 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2012-01-02 19:27 - 2012-01-02 19:27 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-01-02 19:27 - 2012-01-02 19:27 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2011-06-22 19:10 - 2010-05-13 07:23 - 00244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2010-08-04 14:40 - 2010-08-04 14:40 - 00611872 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2011-04-19 22:16 - 2011-04-19 22:16 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-04-17 16:42 - 2015-04-17 16:42 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-17 16:41 - 2015-04-17 16:41 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-17 16:38 - 2015-04-17 16:38 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15041700\algo.dll
2010-08-04 11:47 - 2010-08-04 11:47 - 00144896 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2015-04-17 16:34 - 2015-04-17 16:34 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-17 01:56 - 2015-04-13 23:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-17 01:56 - 2015-04-13 23:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-04-17 01:56 - 2015-04-13 23:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:43C9D140
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1350562663-2882368536-1752455160-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Media\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1350562663-2882368536-1752455160-500 - Administrator - Disabled)
Ben (S-1-5-21-1350562663-2882368536-1752455160-1003 - Limited - Enabled) => C:\Users\Ben
Gast (S-1-5-21-1350562663-2882368536-1752455160-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1350562663-2882368536-1752455160-1002 - Limited - Enabled)
Media (S-1-5-21-1350562663-2882368536-1752455160-1000 - Administrator - Enabled) => C:\Users\Media

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: USB Device(VID_1f3a_PID_efe8)
Description: USB Device(VID_1f3a_PID_efe8)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: USB Devices
Service: usbUDisc
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2015 05:07:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service secure_hash_algorithm since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/17/2015 05:06:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service secure_hash_algorithm since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/17/2015 04:40:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary afwqbmgj.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/17/2015 04:37:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary afwqbmgj.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/17/2015 04:35:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary afwqbmgj.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/17/2015 04:33:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary afwqbmgj.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/17/2015 01:33:49 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (04/17/2015 01:32:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ShareAnything,processorArchitecture="x86",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "ShareAnything,processorArchitecture="x86",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/17/2015 01:32:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "ShareAnything,processorArchitecture="x86",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "ShareAnything,processorArchitecture="x86",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/16/2015 07:30:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17728 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1488

Startzeit: 01d0786ab54bb26f

Endzeit: 34

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID: 4e5c911d-e45e-11e4-b779-90fba685f47e


System errors:
=============
Error: (04/17/2015 07:22:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (04/17/2015 07:14:07 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (04/17/2015 07:06:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sptd

Error: (04/17/2015 07:05:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (04/17/2015 07:05:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (04/17/2015 07:03:41 PM) (Source: ps7anmub) (EventID: 1) (User: )
Description: Protection Synchronization Driver detected an internal error, contact the customer support service.

Error: (04/17/2015 07:01:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (04/17/2015 07:01:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (04/17/2015 07:01:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (04/17/2015 07:00:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (04/10/2013 01:26:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/23/2011 09:13:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/23/2011 07:55:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/23/2011 07:13:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/23/2011 06:37:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/23/2011 06:13:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/23/2011 05:13:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/23/2011 04:13:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/23/2011 03:13:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/23/2011 02:14:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-04-17 19:05:42.194
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-17 19:05:42.084
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-17 19:05:38.668
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-17 19:05:38.543
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-17 17:01:55.084
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-17 17:01:54.959
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-17 17:01:52.479
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-17 17:01:52.339
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-17 16:19:31.300
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-17 16:19:31.222
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 46%
Total physical RAM: 6103.09 MB
Available physical RAM: 3278.03 MB
Total Pagefile: 12204.38 MB
Available Pagefile: 8362.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:456.26 GB) (Free:116.75 GB) NTFS
Drive d: (DATA) (Fixed) (Total:456.6 GB) (Free:383.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A25F96F6)
Partition 1: (Not Active) - (Size=18.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=456.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 18.04.2015, 19:49

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Ihr Zugriff wurde als unberechtigt eingestuft

Log-Analyse und Auswertung: Ihr Zugriff wurde als unberechtigt eingestuft