Addition.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Jan at 2014-09-16 13:28:18
Running from C:\Users\Jan\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Spybot - Search and Destroy (Disabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.30 - GIGABYTE)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{120EC191-78F8-CA89-3511-7E90C23F5261}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0806.1213.19931 - Ihr Firmenname) Hidden
AMD OverDrive (HKLM-x32\...\{34D5220A-58D0-473C-90E4-15136C3FB0E3}) (Version: 4.3.1.0690 - Advanced Micro Devices, Inc.)
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Avast License by ZeNiX [2014-01-11] (HKLM-x32\...\Avast_2050_ZeNiX [2014-01-11]_is1) (Version: - )
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Catalyst Control Center (x32 Version: 2012.0806.1213.19931 - Ihr Firmenname) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9719DFA1-7CB0-422E-98AE-C77FD3426BE8}) (Version: - Microsoft)
Easy Tune 6 B13.0323.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B13.0323.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (HKLM\...\{3C28BFD4-90C7-3138-87EF-418DC16E9598}) (Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (HKLM\...\{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}) (Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (HKLM-x32\...\{6C772996-BFF3-3C8C-860B-B3D48FF05D65}) (Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (HKLM-x32\...\{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}) (Version: 11.0.51106 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)
Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSI GamingApp (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 1.0.0.3 - MSI)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Ocster Backup Pro (HKLM\...\Ocster Backup) (Version: 7.25 - Ocster GmbH & Co. KG)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.2.8.0 - ParetoLogic, Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.10.21.g22fbdb39 - Spotify AB)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{F1FFD0B3-9F20-4EE7-ACED-5B63DFA018D8}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DF1B7B95-4A86-4605-A628-556394B5580A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0407-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C675FC43-E413-49A7-B3DC-44967B4FE22D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881081) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3BE27413-9FFE-4AB1-9013-344E111E718F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E12997A4-DAEC-4563-B330-F21EB71880D9}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0410-1000-0000000FF1CE}_Office15.PROPLUS_{540B47E7-0F89-4CA1-8BFA-5CF377A963AF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2881011) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{679E6BE6-50D5-4D94-A10E-CB4FE1C5695B}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2881011) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{679E6BE6-50D5-4D94-A10E-CB4FE1C5695B}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0407-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-459530473-2909920543-1138357855-1000_Classes\CLSID\{e1fa179c-2171-4e9b-a9ae-5bc739b10a76}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
==================== Restore Points =========================
14-09-2014 23:23:57 Windows Update
15-09-2014 10:16:01 Windows Update
15-09-2014 13:02:25 Installed SpyHunter
15-09-2014 16:05:51 Removed SpyHunter
15-09-2014 16:08:12 Installed SpyHunter
15-09-2014 16:13:38 Removed SpyHunter
15-09-2014 16:44:25 Windows Update
15-09-2014 16:46:30 Windows Update
15-09-2014 16:54:37 Windows Update
16-09-2014 10:21:51 Installed SpyHunter
16-09-2014 10:29:01 Installed RegHunter
16-09-2014 11:24:52 Removed RegHunter
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-09-15 18:35 - 00450709 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02CEF1E3-C62A-4667-A04E-C5706A148A59} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-15] (Google Inc.)
Task: {05ABF67F-9CE1-4524-BFCB-A78C6876DC63} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-15] (AVAST Software)
Task: {45A50152-B36B-4BEB-AF71-6589D8C114E3} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {4656AFEF-41FB-4E32-8E3D-115C1314B28D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {63724CC6-8A9F-4CED-B5AD-1DB2D69039EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {6C03A069-5EA9-48F9-9F71-53E364308D12} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8ECC11E1-FDCE-472F-B95D-9107BD04054A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-15] (Google Inc.)
Task: {BB5FEB2A-E0FD-4B4E-9199-E6DEFAED8DB5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
==================== Loaded Modules (whitelisted) =============
2014-05-03 00:06 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-08-06 12:24 - 2012-08-06 12:24 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 16:03 - 2012-03-05 16:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 14:53 - 2012-02-16 14:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-02-04 15:30 - 2014-02-04 15:30 - 00023896 _____ () e:\Programme\Ocster Backup\bin\backupService-ox.exe
2014-02-04 15:30 - 2014-02-04 15:30 - 00103256 _____ () e:\Programme\Ocster Backup\bin\backupServiceLib.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 11059032 _____ () e:\Programme\Ocster Backup\bin\backupCore.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 00156504 _____ () e:\Programme\Ocster Backup\bin\deemon.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 04862296 _____ () e:\Programme\Ocster Backup\bin\ox.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 00494424 _____ () e:\Programme\Ocster Backup\bin\veem.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 00060248 _____ () e:\Programme\Ocster Backup\bin\minizutil.dll
2014-02-03 20:56 - 2014-02-03 20:56 - 00020992 _____ () e:\Programme\Ocster Backup\bin\zlibutil.dll
2013-09-23 21:24 - 2013-09-23 21:24 - 00076288 _____ () e:\Programme\Ocster Backup\bin\zdll.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 00052568 _____ () e:\Programme\Ocster Backup\bin\lzmaUtil.dll
2014-02-03 15:56 - 2014-02-03 15:56 - 00049664 _____ () e:\Programme\Ocster Backup\bin\lzma.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 00506200 _____ () e:\Programme\Ocster Backup\bin\twirl.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 00343896 _____ () e:\Programme\Ocster Backup\bin\tomb.dll
2014-02-03 20:58 - 2014-02-03 20:58 - 00314880 _____ () e:\Programme\Ocster Backup\bin\party.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 00112984 _____ () e:\Programme\Ocster Backup\bin\scoolite.dll
2014-02-03 15:55 - 2014-02-03 15:55 - 00626688 _____ () e:\Programme\Ocster Backup\bin\sqlite.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 00210264 _____ () e:\Programme\Ocster Backup\bin\netutil.dll
2014-02-03 20:19 - 2014-02-03 20:19 - 00045056 _____ () e:\Programme\Ocster Backup\bin\oxHelper.exe
2012-01-13 14:04 - 2012-01-13 14:04 - 00219760 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
2014-02-04 15:29 - 2014-02-04 15:29 - 00312664 _____ () E:\Programme\Ocster Backup\bin\backupClient-ox.exe
2014-02-04 15:29 - 2014-02-04 15:29 - 06249816 _____ () E:\Programme\Ocster Backup\bin\backupClientLib.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 00389464 _____ () E:\Programme\Ocster Backup\bin\updateman.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 00506200 _____ () E:\Programme\Ocster Backup\bin\twirl.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 00343896 _____ () E:\Programme\Ocster Backup\bin\tomb.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 04862296 _____ () E:\Programme\Ocster Backup\bin\ox.dll
2013-09-23 21:24 - 2013-09-23 21:24 - 00076288 _____ () E:\Programme\Ocster Backup\bin\zdll.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 11059032 _____ () E:\Programme\Ocster Backup\bin\backupCore.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 00156504 _____ () E:\Programme\Ocster Backup\bin\deemon.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 00494424 _____ () E:\Programme\Ocster Backup\bin\veem.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 00060248 _____ () E:\Programme\Ocster Backup\bin\minizutil.dll
2014-02-03 20:56 - 2014-02-03 20:56 - 00020992 _____ () E:\Programme\Ocster Backup\bin\zlibutil.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 00052568 _____ () E:\Programme\Ocster Backup\bin\lzmaUtil.dll
2014-02-03 15:56 - 2014-02-03 15:56 - 00049664 _____ () E:\Programme\Ocster Backup\bin\lzma.dll
2014-02-03 20:58 - 2014-02-03 20:58 - 00314880 _____ () E:\Programme\Ocster Backup\bin\party.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 00112984 _____ () E:\Programme\Ocster Backup\bin\scoolite.dll
2014-02-03 15:55 - 2014-02-03 15:55 - 00626688 _____ () E:\Programme\Ocster Backup\bin\sqlite.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 00210264 _____ () E:\Programme\Ocster Backup\bin\netutil.dll
2014-02-04 15:29 - 2014-02-04 15:29 - 00147288 _____ () E:\Programme\Ocster Backup\bin\featback.dll
2014-02-03 20:19 - 2014-02-03 20:19 - 00045056 _____ () E:\Programme\Ocster Backup\bin\oxHelper.exe
2014-05-01 17:57 - 2012-08-09 12:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-05-01 17:57 - 2012-08-09 12:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-05-04 16:44 - 2014-01-14 11:10 - 00692224 _____ () C:\Program Files\AVAST Software\Avast\VERSION.dll
2014-07-15 06:57 - 2014-07-15 06:57 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-03 20:30 - 2014-08-03 20:30 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080301\algo.dll
2013-03-23 10:19 - 2013-03-23 10:19 - 02883651 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll
2013-01-25 17:43 - 2013-01-25 17:43 - 00651331 _____ () C:\Program Files (x86)\GIGABYTE\ET6\work.dll
2013-02-01 13:26 - 2013-02-01 13:26 - 01331266 _____ () C:\Program Files (x86)\GIGABYTE\ET6\SF.dll
2008-05-07 15:22 - 2008-05-07 15:22 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll
2012-05-08 15:01 - 2012-05-08 15:01 - 00069632 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll
2012-11-27 15:03 - 2012-11-27 15:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll
2010-06-24 15:50 - 2010-06-24 15:50 - 00094208 _____ () C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll
2011-03-01 19:00 - 2011-03-01 19:00 - 00126976 _____ () C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll
2011-10-18 09:26 - 2011-10-18 09:26 - 00024576 _____ () C:\Program Files (x86)\GIGABYTE\ET6\STT.dll
2013-02-01 13:23 - 2013-02-01 13:23 - 01499204 _____ () C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll
2013-03-05 18:45 - 2013-03-05 18:45 - 01335362 _____ () C:\Program Files (x86)\GIGABYTE\ET6\HM.dll
2013-03-23 10:59 - 2013-03-23 10:59 - 01433674 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll
2003-02-14 14:11 - 2003-02-14 14:11 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll
2012-12-25 15:14 - 2012-12-25 15:14 - 01318988 _____ () C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll
2012-09-24 01:49 - 2012-09-24 01:49 - 03854336 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Platform.dll
2012-09-24 01:49 - 2012-09-24 01:49 - 00573440 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Device.dll
2013-01-09 17:26 - 2013-01-09 17:26 - 00307200 _____ () C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.DLL
2014-07-15 06:57 - 2014-07-15 06:57 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-04 16:44 - 2014-01-14 11:10 - 00692224 _____ () C:\Program Files\AVAST Software\Avast\version.DLL
2014-09-13 14:32 - 2014-09-12 04:42 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Jan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/16/2014 01:23:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/16/2014 01:23:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x501fefb5
Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000033c1
ID des fehlerhaften Prozesses: 0x658
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3
Error: (09/16/2014 01:07:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/16/2014 01:06:59 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (09/16/2014 01:06:59 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (09/16/2014 01:06:59 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (09/16/2014 01:06:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x501fefb5
Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0, Zeitstempel: 0x4f55e10b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000033c1
ID des fehlerhaften Prozesses: 0x774
Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0
Pfad der fehlerhaften Anwendung: Fuel.Service.exe1
Pfad des fehlerhaften Moduls: Fuel.Service.exe2
Berichtskennung: Fuel.Service.exe3
Error: (09/16/2014 00:31:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.1.5367, Zeitstempel: 0x541259dd
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.1.5367, Zeitstempel: 0x541225d2
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1a00
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (09/16/2014 00:26:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SpyHunter4.exe, Version 4.17.6.4336 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1f4c
Startzeit: 01cfd19839e9680f
Endzeit: 5
Anwendungspfad: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
Berichts-ID:
Error: (09/16/2014 00:22:53 PM) (Source: MsiInstaller) (EventID: 11721) (User: Jan-PC)
Description: Produkt: SpyHunter -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: , Pfad: WiseCustomCall, Befehl: g5
System errors:
=============
Error: (09/16/2014 01:23:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/16/2014 01:06:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/15/2014 08:07:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/15/2014 07:05:10 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005
Error: (09/15/2014 07:05:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (09/15/2014 07:02:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/15/2014 06:46:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 SP1 für x64-basierte Systeme (KB2943357)
Error: (09/15/2014 06:19:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/15/2014 00:17:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/15/2014 00:17:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 SP1 für x64-basierte Systeme (KB2943357)
Microsoft Office Sessions:
=========================
Error: (09/16/2014 01:23:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/16/2014 01:23:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c165801cfd19e53ae9db6C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dlld305b498-3d93-11e4-a1b7-74d4350daf3d
Error: (09/16/2014 01:07:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/16/2014 01:06:59 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (09/16/2014 01:06:59 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (09/16/2014 01:06:59 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (09/16/2014 01:06:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c177401cfd18147a138acC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll7b6bec0b-3d91-11e4-8f47-74d4350daf3d
Error: (09/16/2014 00:31:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.1.5367541259ddmozalloc.dll32.0.1.5367541225d2800000030000141b1a0001cfd18c24f03adfC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla9994034-3d8c-11e4-8f47-74d4350daf3d
Error: (09/16/2014 00:26:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SpyHunter4.exe4.17.6.43361f4c01cfd19839e9680f5C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
Error: (09/16/2014 00:22:53 PM) (Source: MsiInstaller) (EventID: 11721) (User: Jan-PC)
Description: Produkt: SpyHunter -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: , Pfad: WiseCustomCall, Befehl: g5 (NULL)(NULL)(NULL)(NULL)(NULL)
CodeIntegrity Errors:
===================================
Date: 2014-09-16 13:21:56.300
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-16 13:14:31.201
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-16 13:05:59.518
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-16 10:55:48.689
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-16 10:43:27.450
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-16 10:20:00.964
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-16 09:53:19.849
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-16 09:44:19.169
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-15 20:04:58.004
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-15 19:48:35.330
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD FX(tm)-8320 Eight-Core Processor
Percentage of memory in use: 24%
Total physical RAM: 8156.63 MB
Available physical RAM: 6156.88 MB
Total Pagefile: 16311.43 MB
Available Pagefile: 14147.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Windows und Spiele) (Fixed) (Total:111.69 GB) (Free:31.65 GB) NTFS
Drive d: (Medien und Spiele) (Fixed) (Total:488.28 GB) (Free:453.59 GB) NTFS
Drive e: (Programme) (Fixed) (Total:247.92 GB) (Free:173.46 GB) NTFS
Drive g: (Backup) (Fixed) (Total:195.31 GB) (Free:100.71 GB) NTFS
Drive h: (FINAL_FANTASY_X) (CDROM) (Total:4.28 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 672EB1DF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 672EB1CD)
Partition 1: (Not Active) - (Size=390.6 GB) - (Type=42)
Partition 2: (Active) - (Size=247.9 GB) - (Type=42)
Partition 3: (Not Active) - (Size=293 GB) - (Type=42)
==================== End Of Log ============================
Gmer.txt Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-16 13:46:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006d Samsung_ rev.EXT0 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Jan\AppData\Local\Temp\pxldypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[672] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Windows\system32\wininit.exe[672] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Windows\system32\wininit.exe[672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Windows\system32\wininit.exe[672] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text C:\Windows\system32\wininit.exe[672] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\winlogon.exe[748] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Windows\system32\winlogon.exe[748] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Windows\system32\winlogon.exe[748] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Windows\system32\winlogon.exe[748] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text C:\Windows\system32\winlogon.exe[748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\services.exe[760] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Windows\system32\services.exe[760] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Windows\system32\services.exe[760] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Windows\system32\services.exe[760] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text C:\Windows\system32\services.exe[760] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\lsass.exe[784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 08]
.text C:\Windows\system32\lsass.exe[784] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd4f0c10 6 bytes {JMP QWORD [RIP+0x8f420]}
.text C:\Windows\system32\lsm.exe[792] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 0C]
.text C:\Windows\system32\nvvsvc.exe[976] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Windows\system32\nvvsvc.exe[976] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Windows\system32\nvvsvc.exe[976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[976] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text C:\Windows\system32\nvvsvc.exe[976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes CALL 0
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1000] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007699103d 6 bytes JMP 71a7000a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1000] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076991072 6 bytes JMP 71ae000a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1000] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1000] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 00000000769bc9b5 6 bytes JMP 71a4000a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1000] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000074b52c9e 4 bytes CALL 71ab0000
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1000] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076355429 6 bytes JMP 71a1000a
.text C:\Windows\system32\svchost.exe[132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes CALL 9000027
.text C:\Windows\system32\svchost.exe[132] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd4f0c10 6 bytes {JMP QWORD [RIP+0x8f420]}
.text C:\Windows\System32\svchost.exe[388] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Windows\System32\svchost.exe[388] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Windows\System32\svchost.exe[388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[388] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text C:\Windows\System32\svchost.exe[388] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes CALL 9000027
.text C:\Windows\System32\svchost.exe[388] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd4f0c10 6 bytes {JMP QWORD [RIP+0x8f420]}
.text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 0C]
.text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd4f0c10 6 bytes {JMP QWORD [RIP+0x8f420]}
.text C:\Windows\system32\svchost.exe[600] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes CALL 9000027
.text C:\Windows\system32\svchost.exe[728] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Windows\system32\svchost.exe[728] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Windows\system32\svchost.exe[728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[728] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text C:\Windows\system32\svchost.exe[728] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 10]
.text C:\Windows\system32\svchost.exe[728] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd4f0c10 6 bytes {JMP QWORD [RIP+0xe1f420]}
.text C:\Windows\system32\svchost.exe[1108] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes CALL 9000027
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 0C]
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd4f0c10 6 bytes {JMP QWORD [RIP+0x8f420]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 10]
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 0C]
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 10]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1776] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076998791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1776] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076901465 2 bytes [90, 76]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769014bb 2 bytes [90, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1884] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007699103d 6 bytes JMP 71a7000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1884] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076991072 6 bytes JMP 71ae000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1884] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1884] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 00000000769bc9b5 6 bytes JMP 71a4000a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1884] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000074b52c9e 4 bytes CALL 71ab0000
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1884] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076355429 6 bytes JMP 71a1000a
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1908] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 0C]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1416] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007699103d 6 bytes JMP 71a7000a
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1416] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076991072 6 bytes JMP 71ae000a
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1416] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1416] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 00000000769bc9b5 6 bytes JMP 71a4000a
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1416] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000074b52c9e 4 bytes CALL 71ab0000
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1416] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076355429 6 bytes JMP 71a1000a
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1832] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1832] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1832] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1832] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1832] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 10]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1832] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd4f0c10 6 bytes {JMP QWORD [RIP+0xe1f420]}
.text e:\Programme\Ocster Backup\bin\backupService-ox.exe[2136] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text e:\Programme\Ocster Backup\bin\backupService-ox.exe[2136] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text e:\Programme\Ocster Backup\bin\backupService-ox.exe[2136] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text e:\Programme\Ocster Backup\bin\backupService-ox.exe[2136] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text e:\Programme\Ocster Backup\bin\backupService-ox.exe[2136] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 0C]
.text e:\Programme\Ocster Backup\bin\oxHelper.exe[2456] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text e:\Programme\Ocster Backup\bin\oxHelper.exe[2456] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text e:\Programme\Ocster Backup\bin\oxHelper.exe[2456] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text e:\Programme\Ocster Backup\bin\oxHelper.exe[2456] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text e:\Programme\Ocster Backup\bin\oxHelper.exe[2456] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes CALL 0
.text C:\Windows\system32\taskhost.exe[2492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 08]
.text C:\Windows\system32\taskhost.exe[2492] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd4f0c10 6 bytes {JMP QWORD [RIP+0x10cf420]}
.text C:\Windows\system32\Dwm.exe[2632] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes CALL 9000027
.text C:\Windows\Explorer.EXE[2760] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Windows\Explorer.EXE[2760] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Windows\Explorer.EXE[2760] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Windows\Explorer.EXE[2760] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text C:\Windows\Explorer.EXE[2760] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes CALL 9000027
.text C:\Windows\system32\viakaraokesrv.exe[3180] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes CALL 77000026
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3828] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3828] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3828] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3828] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 0C]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3828] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd4f0c10 6 bytes {JMP QWORD [RIP+0xe1f420]}
.text C:\Windows\system32\conhost.exe[3836] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 06]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3860] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3860] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3860] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3860] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 0C]
.text C:\Windows\system32\conhost.exe[3872] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Windows\system32\conhost.exe[3872] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Windows\system32\conhost.exe[3872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Windows\system32\conhost.exe[3872] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text C:\Windows\system32\conhost.exe[3872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 06]
.text C:\Windows\System32\rundll32.exe[4016] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Windows\System32\rundll32.exe[4016] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Windows\System32\rundll32.exe[4016] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Windows\System32\rundll32.exe[4016] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text C:\Windows\System32\rundll32.exe[4016] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\svchost.exe[4056] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes CALL 9000027
.text C:\Windows\system32\wbem\wmiprvse.exe[4268] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes CALL 9000027
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4692] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007699103d 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4692] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076991072 6 bytes JMP 71af000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4692] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4692] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 00000000769bc9b5 6 bytes JMP 71a5000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4692] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000074b52c9e 4 bytes CALL 71ac0000
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4692] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076355429 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4008] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007699103d 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4008] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076991072 6 bytes JMP 71af000a
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4008] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4008] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 00000000769bc9b5 6 bytes JMP 71a5000a
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4008] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000074b52c9e 4 bytes CALL 71ac0000
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4008] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076355429 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076901465 2 bytes [90, 76]
.text C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769014bb 2 bytes [90, 76]
.text ... * 2
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3140] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3140] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3140] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3140] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 08]
.text C:\Windows\system32\SearchIndexer.exe[4628] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Windows\system32\SearchIndexer.exe[4628] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Windows\system32\SearchIndexer.exe[4628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[4628] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text C:\Windows\system32\SearchIndexer.exe[4628] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes CALL 9000027
.text E:\Programme\Ocster Backup\bin\backupClient-ox.exe[308] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text E:\Programme\Ocster Backup\bin\backupClient-ox.exe[308] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text E:\Programme\Ocster Backup\bin\backupClient-ox.exe[308] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text E:\Programme\Ocster Backup\bin\backupClient-ox.exe[308] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text E:\Programme\Ocster Backup\bin\backupClient-ox.exe[308] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 0C]
.text C:\Windows\System32\svchost.exe[4592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes CALL 9000027
.text C:\Windows\System32\svchost.exe[4592] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefd4f0c10 6 bytes {JMP QWORD [RIP+0x8f420]}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5288] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5288] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5288] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5288] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text E:\Programme\Ocster Backup\bin\oxHelper.exe[5628] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076a998e0 6 bytes {JMP QWORD [RIP+0x95c6750]}
.text E:\Programme\Ocster Backup\bin\oxHelper.exe[5628] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076ab0650 6 bytes {JMP QWORD [RIP+0x958f9e0]}
.text E:\Programme\Ocster Backup\bin\oxHelper.exe[5628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076aeef8d 1 byte [62]
.text E:\Programme\Ocster Backup\bin\oxHelper.exe[5628] C:\Windows\system32\kernel32.dll!CreateProcessA 0000000076b2acf0 6 bytes {JMP QWORD [RIP+0x94f5340]}
.text E:\Programme\Ocster Backup\bin\oxHelper.exe[5628] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes [B5, 6F, 0C]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[384] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007699103d 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text C:\Program Files\AVAST Software\Avast\avastui.exe[384] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076991072 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text C:\Program Files\AVAST Software\Avast\avastui.exe[384] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076998791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[384] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[384] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 00000000769bc9b5 6 bytes {JMP QWORD [RIP+0x71a4001e]}
.text C:\Program Files\AVAST Software\Avast\avastui.exe[384] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000074b52c9e 4 bytes CALL 71ac0000
.text C:\Program Files\AVAST Software\Avast\avastui.exe[384] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076355429 6 bytes {JMP QWORD [RIP+0x71a1001e]}
.text C:\Program Files\AVAST Software\Avast\avastui.exe[384] C:\Program Files\AVAST Software\Avast\version.DLL!VerQueryValueW + 15 00000000744619ff 10 bytes [E0, 46, 74, 75, 02, F3, C3, ...]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[384] C:\Program Files\AVAST Software\Avast\version.DLL!VerQueryValueW + 27 0000000074461a0b 10 bytes [6A, 08, 68, A0, CE, 46, 74, ...]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[384] C:\Program Files\AVAST Software\Avast\version.DLL!VerQueryValueW + 100 0000000074461a54 8 bytes [A3, C4, FD, 46, 74, E8, 5A, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[6048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes CALL 9000027
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5428] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007699103d 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5428] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076991072 6 bytes JMP 71af000a
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5428] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5428] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 00000000769bc9b5 6 bytes JMP 71a5000a
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5428] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000074b52c9e 4 bytes CALL 71ac0000
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5428] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076355429 6 bytes JMP 71a2000a
.text C:\Windows\System32\svchost.exe[6036] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcd49055 3 bytes CALL 9000027
.text C:\Users\Jan\Downloads\Gmer-19357.exe[2884] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007699103d 6 bytes JMP 71a8000a
.text C:\Users\Jan\Downloads\Gmer-19357.exe[2884] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076991072 6 bytes JMP 71af000a
.text C:\Users\Jan\Downloads\Gmer-19357.exe[2884] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000769ba2fd 1 byte [62]
.text C:\Users\Jan\Downloads\Gmer-19357.exe[2884] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 00000000769bc9b5 6 bytes JMP 71a5000a
.text C:\Users\Jan\Downloads\Gmer-19357.exe[2884] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000074b52c9e 4 bytes CALL 71ac0000
.text C:\Users\Jan\Downloads\Gmer-19357.exe[2884] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000076355429 6 bytes JMP 71a2000a
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [6036:3816] 000007fef35f9688
---- EOF - GMER 2.1 ----
|
So funktioniert es:
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
