Hi cosinus,
ja, das weiß ich. Die Suchmaschine habe ich aber nie installiert. Ahja, Avira funktioniert seitdem auch nicht mehr richtig. Ich kann es weder schließen noch öffnen.
Danke, dass du dir das Ganze anschaust :)
Wenn ich den FRST Log posten möchte, wird folgende Fehlermeldung ausgegeben: "Der Text, den Sie eingegeben haben, besteht aus 538062 Zeichen und ist damit zu lang. Bitte die Logs auf mehrere Beiträge aufspalten mit maximaler Länge von 120000 Zeichen. "
Soll ich den log in mehrere Teile aufspalten oder doch als zip anhängen?
Addition:
[CODE]Additional
FRST Logfile: Code:
scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by ***** at 2015-06-12 13:01:10
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4118197852-1386457393-492245417-500 - Administrator - Disabled)
***** (S-1-5-21-4118197852-1386457393-492245417-1001 - Administrator - Enabled) => C:\Users\*****
Gast (S-1-5-21-4118197852-1386457393-492245417-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ad-Aware Web Companion (x32 Version: 2.0.1025.2130 - Lavasoft) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Arbortext IsoView 7.3 (HKLM-x32\...\{DE52A69A-978A-480A-82F7-E17C50F98EC6}) (Version: 7.3.10.22 - PTC)
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.07021 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.07021 - Cisco Systems, Inc.) Hidden
Creo Direct Version 2.0 Datecode [M120] (HKLM-x32\...\Creo Direct Version 2.0 Datecode [M120]) (Version: 2.0 - PTC)
Creo Layout Version 2.0 Datecode [M120] (HKLM-x32\...\Creo Layout Version 2.0 Datecode [M120]) (Version: 2.0 - PTC)
Creo Parametric Version 2.0 Datecode [M120] (HKLM-x32\...\Creo Parametric Version 2.0 Datecode [M120]) (Version: 2.0 - PTC)
Creo Platform 2.36 (HKLM-x32\...\{BB175478-4D65-42E7-AC13-60F8389E243B}) (Version: 2.36.0 - PTC)
Creo Simulate Version 2.0 Datecode [M120] (HKLM-x32\...\Creo Simulate Version 2.0 Datecode [M120]) (Version: 2.0 - PTC)
Creo Thumbnail Viewer 2.0 (HKLM\...\{F22311A6-0C71-46EE-A501-4C5503CFEFCC}) (Version: 30.14.200 - PTC)
Creo View Express 2.0 (HKLM\...\{03F6002E-A32B-4C68-818F-DEE386463FBC}) (Version: 10.1.40.15 - PTC)
Dropbox (HKU\S-1-5-21-4118197852-1386457393-492245417-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-4118197852-1386457393-492245417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.15 - Lenovo)
Energy Manager (x32 Version: 1.5.0.15 - Lenovo) Hidden
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.4.1000 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b9007812-6a61-4dfc-8a0c-4c726c7dc43f}) (Version: 17.0.1 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Juniper Networks Setup Client (HKU\S-1-5-21-4118197852-1386457393-492245417-1001\...\Juniper_Setup_Client) (Version: 8.0.7.50111 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-4118197852-1386457393-492245417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Juniper_Setup_Client) (Version: 8.0.7.50111 - Juniper Networks)
KeePass Password Safe 1.29 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.29 - Dominik Reichl)
LavasoftTcpService (x32 Version: 2.3.4.7 - Lavasoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10260 - Realtek Semiconductor Corp.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MKS Platform Components 9.x (HKLM\...\{30276636-0000-0905-9ABB-000BDB5CF35D}) (Version: 9.5.0000 - Mortice Kern Systems)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenVPN 2.3.6-I003 (HKLM\...\OpenVPN) (Version: 2.3.6-I003 - )
Opera Stable 30.0.1835.59 (HKLM-x32\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software)
PDF Split And Merge Basic (HKLM-x32\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.4 - Andrea Vacondio)
PTC Portmapper Version 2.0 Datecode [M120] (HKLM-x32\...\PTC Portmapper Version 2.0 Datecode [M120]) (Version: 2.0 - PTC)
PTC Quality Agent (HKLM-x32\...\{CE7DF7C9-82FC-4E33-9E1E-D5C024A0EECE}) (Version: 2.0.0.0 - PTC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.87 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Web Companion (HKLM-x32\...\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3}_WebCompanion) (Version: 2.0.1025.2130 - Lavasoft)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4118197852-1386457393-492245417-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4118197852-1386457393-492245417-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4118197852-1386457393-492245417-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4118197852-1386457393-492245417-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4118197852-1386457393-492245417-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4118197852-1386457393-492245417-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4118197852-1386457393-492245417-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4118197852-1386457393-492245417-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4118197852-1386457393-492245417-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4118197852-1386457393-492245417-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
30-05-2015 21:51:30 Geplanter Prüfpunkt
01-06-2015 14:08:09 Intel® Driver Update Utility
07-06-2015 14:13:03 Windows Update
12-06-2015 09:15:58 Installed PDF Split And Merge Basic
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C33E6B6-0048-4B61-951F-BFC32751A5C5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {2758E58B-3D9D-41AC-B413-B33017F744E2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-30] (Microsoft Corporation)
Task: {4051EF7F-410B-40E6-8C24-A31CAFF12687} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {40B2DA2F-D3CB-4E9C-B23A-A48B380E6FD9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {6F331FE1-282E-4088-94C7-72AD1B696D5B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {78AE1B74-6DC0-48BE-94B2-60885F707833} - System32\Tasks\Opera scheduled Autoupdate 1433258263 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-10] (Opera Software)
Task: {79964C47-A848-444C-8B02-D00566A94464} - System32\Tasks\{7BE646C0-41CF-449F-AF59-4C6239EE5437} => pcalua.exe -a C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_Plugin.exe -c -maintain plugin
Task: {9A0BB2AF-682D-4242-AE21-F3D2FC3B94EE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {C8712A00-616B-45D1-9DA7-F3512999D8CA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {C9546CA3-6139-4799-8F24-569E7CC1871E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {CA7734DC-F635-4007-9199-26AAA0A6CBEF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-02] (Adobe Systems Incorporated)
Task: {D4FEFA71-9A22-4EBF-9A0C-12B4A0FDB3AF} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {D67BA1AB-AEA3-414F-84AC-0765E8EAE409} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {E96329EE-6603-4C4B-8D6D-74A0E4ECDD37} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2015-05-21 11:13 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-12-23 10:08 - 2015-05-21 10:24 - 00058352 _____ () C:\Program Files (x86)\Lenovo\Energy Manager\kbdhook.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00019816 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-06-08 14:12 - 2015-06-08 14:12 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-06-08 14:12 - 2015-06-08 14:12 - 00034664 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2015-02-19 23:37 - 2015-02-19 23:37 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-06-02 18:55 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-02 18:55 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-02 18:55 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-02 18:55 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-02 18:55 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\de_de\acrotray.deu
2015-05-21 09:31 - 2013-09-04 07:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7868 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4118197852-1386457393-492245417-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\Desktop\58101_165449703467178_5120002_n.jpg
HKU\S-1-5-21-4118197852-1386457393-492245417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\Desktop\58101_165449703467178_5120002_n.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-4118197852-1386457393-492245417-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4118197852-1386457393-492245417-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-4118197852-1386457393-492245417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-4118197852-1386457393-492245417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{C8332D0E-2DB9-4CA8-BABB-F0E4D4367948}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{6ACFC850-7C8B-442A-9FC4-6B30680DF9C6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{FAE105DA-337F-4089-8031-5B6BA40B22C6}C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\nms\nmsd.exe] => (Allow) C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\nms\nmsd.exe
FirewallRules: [UDP Query User{7AA562F1-050B-439F-BBC3-136C8CA3DCEF}C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\nms\nmsd.exe] => (Allow) C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\nms\nmsd.exe
FirewallRules: [TCP Query User{D046758B-A723-42E5-9212-F1434267C09A}C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\xtop.exe] => (Block) C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\xtop.exe
FirewallRules: [UDP Query User{8667B40F-5D5F-4355-B383-708ADB747D36}C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\xtop.exe] => (Block) C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\xtop.exe
FirewallRules: [TCP Query User{8BC6CC3E-644C-43B7-A88E-A22A56F370E1}C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\pro_comm_msg.exe] => (Block) C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\pro_comm_msg.exe
FirewallRules: [UDP Query User{E1B566D8-CF70-4527-990C-C87D9E05B592}C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\pro_comm_msg.exe] => (Block) C:\program files\ptc\creo 2.0\common files\m120\x86e_win64\obj\pro_comm_msg.exe
FirewallRules: [{E293C84E-751A-4871-ABFA-6A550DA5B48B}] => (Allow) C:\Program Files\PTC\Creo 2.0\View Express\i486_nt\obj\productview.exe
FirewallRules: [{0F2F9C0E-DE9F-400A-A88D-FF16083E6D32}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{34FFE060-3B54-40FC-BB17-93566D6A7232}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/12/2015 00:39:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (06/12/2015 00:28:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (06/12/2015 00:27:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Lavasoft.SearchProtect.WinService.exe, Version: 1.0.0.0, Zeitstempel: 0x5575d81f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54505737
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000008b9c
ID des fehlerhaften Prozesses: 0xb58
Startzeit der fehlerhaften Anwendung: 0xLavasoft.SearchProtect.WinService.exe0
Pfad der fehlerhaften Anwendung: Lavasoft.SearchProtect.WinService.exe1
Pfad des fehlerhaften Moduls: Lavasoft.SearchProtect.WinService.exe2
Berichtskennung: Lavasoft.SearchProtect.WinService.exe3
Vollständiger Name des fehlerhaften Pakets: Lavasoft.SearchProtect.WinService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Lavasoft.SearchProtect.WinService.exe5
Error: (06/12/2015 00:27:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Lavasoft.SearchProtect.WinService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.IOException
Stapel:
bei Microsoft.Win32.RegistryKey.Win32Error(Int32, System.String)
bei Microsoft.Win32.RegistryKey.CreateSubKeyInternal(System.String, Microsoft.Win32.RegistryKeyPermissionCheck, System.Object, Microsoft.Win32.RegistryOptions)
bei Microsoft.Win32.RegistryKey.CreateSubKey(System.String, Microsoft.Win32.RegistryKeyPermissionCheck)
bei Microsoft.Win32.Registry.SetValue(System.String, System.String, System.Object, Microsoft.Win32.RegistryValueKind)
bei Lavasoft.SearchProtect.WinService.SearchProtectService.SetTrustedSites()
bei Lavasoft.SearchProtect.WinService.SearchProtectService.<OnStart>b__0()
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Threading.ThreadHelper.ThreadStart()
Error: (06/12/2015 00:25:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.3.9600.17415, Zeitstempel: 0x545045a2
Name des fehlerhaften Moduls: MSI268B.tmp, Version: 1.1.37.30000, Zeitstempel: 0x52974d21
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002cd5
ID des fehlerhaften Prozesses: 0x914
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe0
Pfad der fehlerhaften Anwendung: rundll32.exe1
Pfad des fehlerhaften Moduls: rundll32.exe2
Berichtskennung: rundll32.exe3
Vollständiger Name des fehlerhaften Pakets: rundll32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: rundll32.exe5
Error: (06/12/2015 00:25:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: rundll32.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 73C02CD5
Stapel:
Error: (06/12/2015 00:25:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (06/12/2015 00:20:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (06/12/2015 11:59:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (06/12/2015 11:53:22 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
System errors:
=============
Error: (06/12/2015 00:27:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IE Search Set" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/12/2015 00:26:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Error: (06/12/2015 00:18:22 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "V:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (06/11/2015 09:09:14 PM) (Source: DCOM) (EventID: 10010) (User: *****-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (06/11/2015 09:08:38 PM) (Source: DCOM) (EventID: 10010) (User: *****-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (06/11/2015 03:00:41 PM) (Source: DCOM) (EventID: 10010) (User: *****-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (06/11/2015 03:00:08 PM) (Source: DCOM) (EventID: 10010) (User: *****-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (06/11/2015 02:51:31 PM) (Source: DCOM) (EventID: 10010) (User: *****-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (06/11/2015 02:51:01 PM) (Source: DCOM) (EventID: 10010) (User: *****-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (06/11/2015 02:39:47 PM) (Source: DCOM) (EventID: 10010) (User: *****-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Microsoft Office:
=========================
Error: (06/12/2015 00:39:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Error: (06/12/2015 00:28:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Error: (06/12/2015 00:27:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Lavasoft.SearchProtect.WinService.exe1.0.0.05575d81fKERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9cb5801d0a4fa4ecb40f1C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exeC:\Windows\system32\KERNELBASE.dll9797a0f8-10ed-11e5-9c12-f4066970d2a2
Error: (06/12/2015 00:27:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Lavasoft.SearchProtect.WinService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.IOException
Stapel:
bei Microsoft.Win32.RegistryKey.Win32Error(Int32, System.String)
bei Microsoft.Win32.RegistryKey.CreateSubKeyInternal(System.String, Microsoft.Win32.RegistryKeyPermissionCheck, System.Object, Microsoft.Win32.RegistryOptions)
bei Microsoft.Win32.RegistryKey.CreateSubKey(System.String, Microsoft.Win32.RegistryKeyPermissionCheck)
bei Microsoft.Win32.Registry.SetValue(System.String, System.String, System.Object, Microsoft.Win32.RegistryValueKind)
bei Lavasoft.SearchProtect.WinService.SearchProtectService.SetTrustedSites()
bei Lavasoft.SearchProtect.WinService.SearchProtectService.<OnStart>b__0()
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Threading.ThreadHelper.ThreadStart()
Error: (06/12/2015 00:25:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.3.9600.17415545045a2MSI268B.tmp1.1.37.3000052974d21c000000500002cd591401d0a4fa25901c82C:\Windows\SysWOW64\rundll32.exeC:\Windows\Installer\MSI268B.tmp63cbb5f8-10ed-11e5-9c11-f4066970d2a2
Error: (06/12/2015 00:25:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: rundll32.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 73C02CD5
Stapel:
Error: (06/12/2015 00:25:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Error: (06/12/2015 00:20:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Error: (06/12/2015 11:59:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Error: (06/12/2015 11:53:22 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 27%
Total physical RAM: 8100.01 MB
Available physical RAM: 5841 MB
Total Pagefile: 16292.01 MB
Available Pagefile: 13541.08 MB
Total Virtual: 131072 MB
Available Virtual: 131071.76 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.82 GB) (Free:406.16 GB) NTFS
Drive g: (Daten) (Fixed) (Total:464.72 GB) (Free:306.21 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=1000 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=464.7 GB) - (Type=07 NTFS)
==================== End of log ============================
--- --- ---
Defogger: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:58 on 12/06/2015 (*****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
GMER: Code:
GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-12 13:24:02
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000030 WDC_WD10S21X-24R1BT0-SSHD-8GB rev.03.01A02 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Daisy\AppData\Local\Temp\fglcapoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff839fc3e10 7 bytes JMP 00007ff939290260
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff839fc3e20 7 bytes JMP 00007ff939290298
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff83a0739b0 7 bytes JMP 00007ff939290340
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff83a073ef0 7 bytes JMP 00007ff9392902d0
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff83a073fe0 7 bytes JMP 00007ff939290308
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff83a0a06c0 7 bytes JMP 00007ff9392901f0
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff83a0a0730 7 bytes JMP 00007ff939290228
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8392a21d0 5 bytes JMP 00007ff939290180
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8392a29d0 7 bytes JMP 00007ff9392900d8
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8392a4310 5 bytes JMP 00007ff939290110
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8392a8d80 5 bytes JMP 00007ff939290148
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff83931f0b0 5 bytes JMP 00007ff9392901b8
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ff839b46d90 1 byte JMP 00007ff939290420
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ff839b46d92 8 bytes {JMP 0xffffffffff749690}
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff839b574a0 5 bytes JMP 00007ff9392903e8
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff839b57560 9 bytes JMP 00007ff939290378
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff839b57730 5 bytes JMP 00007ff939290458
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff839b66b10 5 bytes JMP 00007ff9392903b0
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff83b9f1500 1 byte JMP 00007ff939290490
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff83b9f1502 6 bytes {JMP 0xfffffffffd89ef90}
.text C:\Windows\system32\dwm.exe[872] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff83b9f1750 8 bytes JMP 00007ff9392904c8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff839fc3e10 7 bytes JMP 00007ff939290260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff839fc3e20 7 bytes JMP 00007ff939290298
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff83a0739b0 7 bytes JMP 00007ff939290340
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff83a073ef0 7 bytes JMP 00007ff9392902d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff83a073fe0 7 bytes JMP 00007ff939290308
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff83a0a06c0 7 bytes JMP 00007ff9392901f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff83a0a0730 7 bytes JMP 00007ff939290228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8392a21d0 5 bytes JMP 00007ff939290180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8392a29d0 7 bytes JMP 00007ff9392900d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8392a4310 5 bytes JMP 00007ff939290110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8392a8d80 5 bytes JMP 00007ff939290148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff83931f0b0 5 bytes JMP 00007ff9392901b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ff83965d050 7 bytes JMP 00007ff939290500
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff83968b170 5 bytes JMP 00007ff939290538
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ff839b46d90 1 byte JMP 00007ff939290420
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ff839b46d92 8 bytes {JMP 0xffffffffff749690}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff839b574a0 5 bytes JMP 00007ff9392903e8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff839b57560 9 bytes JMP 00007ff939290378
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff839b57730 5 bytes JMP 00007ff939290458
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff839b66b10 5 bytes JMP 00007ff9392903b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff83b9f1500 1 byte JMP 00007ff939290490
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff83b9f1502 6 bytes {JMP 0xfffffffffd89ef90}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[924] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff83b9f1750 8 bytes JMP 00007ff9392904c8
.text C:\Windows\system32\dashost.exe[1808] C:\Windows\system32\KERNEL32.DLL!SetFileCompletionNotificationModes 00007ff839fdfc50 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff839fc3e10 7 bytes JMP 00007ff939290260
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff839fc3e20 7 bytes JMP 00007ff939290298
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff83a0739b0 7 bytes JMP 00007ff939290340
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff83a073ef0 7 bytes JMP 00007ff9392902d0
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff83a073fe0 7 bytes JMP 00007ff939290308
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff83a0a06c0 7 bytes JMP 00007ff9392901f0
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff83a0a0730 7 bytes JMP 00007ff939290228
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8392a21d0 5 bytes JMP 00007ff939290180
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8392a29d0 7 bytes JMP 00007ff9392900d8
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8392a4310 5 bytes JMP 00007ff939290110
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8392a8d80 5 bytes JMP 00007ff939290148
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff83931f0b0 5 bytes JMP 00007ff9392901b8
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ff839b46d90 1 byte JMP 00007ff939290420
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 2 00007ff839b46d92 8 bytes {JMP 0xffffffffff749690}
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ff839b574a0 5 bytes JMP 00007ff9392903e8
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ff839b57560 9 bytes JMP 00007ff939290378
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ff839b57730 5 bytes JMP 00007ff939290458
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ff839b66b10 5 bytes JMP 00007ff9392903b0
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff83b9f1500 1 byte JMP 00007ff939290490
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff83b9f1502 6 bytes {JMP 0xfffffffffd89ef90}
.text C:\Windows\system32\taskhostex.exe[3716] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff83b9f1750 8 bytes JMP 00007ff9392904c8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff839fc3e10 7 bytes JMP 00007ff939290260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff839fc3e20 7 bytes JMP 00007ff939290298
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff83a0739b0 7 bytes JMP 00007ff939290340
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff83a073ef0 7 bytes JMP 00007ff9392902d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff83a073fe0 7 bytes JMP 00007ff939290308
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff83a0a06c0 7 bytes JMP 00007ff9392901f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff83a0a0730 7 bytes JMP 00007ff939290228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8392a21d0 5 bytes JMP 00007ff939290180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8392a29d0 7 bytes JMP 00007ff9392900d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8392a4310 5 bytes JMP 00007ff939290110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8392a8d80 5 bytes JMP 00007ff939290148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff83931f0b0 5 bytes JMP 00007ff9392901b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ff839b46d90 1 byte JMP 00007ff939290420
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ff839b46d92 8 bytes {JMP 0xffffffffff749690}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff839b574a0 5 bytes JMP 00007ff9392903e8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff839b57560 9 bytes JMP 00007ff939290378
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff839b57730 5 bytes JMP 00007ff939290458
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff839b66b10 5 bytes JMP 00007ff9392903b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff83b9f1500 1 byte JMP 00007ff939290490
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff83b9f1502 6 bytes {JMP 0xfffffffffd89ef90}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff83b9f1750 8 bytes JMP 00007ff9392904c8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ff83965d050 7 bytes JMP 00007ff939290500
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff83968b170 5 bytes JMP 00007ff939290538
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff839fc3e10 7 bytes JMP 00007ff939290260
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff839fc3e20 7 bytes JMP 00007ff939290298
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff83a0739b0 7 bytes JMP 00007ff939290340
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff83a073ef0 7 bytes JMP 00007ff9392902d0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff83a073fe0 7 bytes JMP 00007ff939290308
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff83a0a06c0 7 bytes JMP 00007ff9392901f0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff83a0a0730 7 bytes JMP 00007ff939290228
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8392a21d0 5 bytes JMP 00007ff939290180
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8392a29d0 7 bytes JMP 00007ff9392900d8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8392a4310 5 bytes JMP 00007ff939290110
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8392a8d80 5 bytes JMP 00007ff939290148
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff83931f0b0 5 bytes JMP 00007ff9392901b8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ff839b46d90 1 byte JMP 00007ff939290420
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ff839b46d92 8 bytes {JMP 0xffffffffff749690}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff839b574a0 5 bytes JMP 00007ff9392903e8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff839b57560 9 bytes JMP 00007ff939290378
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff839b57730 5 bytes JMP 00007ff939290458
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff839b66b10 5 bytes JMP 00007ff9392903b0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff83b9f1500 1 byte JMP 00007ff939290490
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff83b9f1502 6 bytes {JMP 0xfffffffffd89ef90}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2016] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff83b9f1750 8 bytes JMP 00007ff9392904c8
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff839fc3e10 7 bytes JMP 00007ff939290260
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff839fc3e20 7 bytes JMP 00007ff939290298
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff83a0739b0 7 bytes JMP 00007ff939290340
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff83a073ef0 7 bytes JMP 00007ff9392902d0
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff83a073fe0 7 bytes JMP 00007ff939290308
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff83a0a06c0 7 bytes JMP 00007ff9392901f0
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff83a0a0730 7 bytes JMP 00007ff939290228
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8392a21d0 5 bytes JMP 00007ff939290180
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8392a29d0 7 bytes JMP 00007ff9392900d8
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8392a4310 5 bytes JMP 00007ff939290110
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8392a8d80 5 bytes JMP 00007ff939290148
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff83931f0b0 5 bytes JMP 00007ff9392901b8
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ff839b46d90 1 byte JMP 00007ff939290420
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ff839b46d92 8 bytes {JMP 0xffffffffff749690}
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff839b574a0 5 bytes JMP 00007ff9392903e8
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff839b57560 9 bytes JMP 00007ff939290378
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff839b57730 5 bytes JMP 00007ff939290458
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff839b66b10 5 bytes JMP 00007ff9392903b0
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff83b9f1500 1 byte JMP 00007ff939290490
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff83b9f1502 6 bytes {JMP 0xfffffffffd89ef90}
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4344] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff83b9f1750 8 bytes JMP 00007ff9392904c8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff839fc3e10 7 bytes JMP 00007ff939290260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff839fc3e20 7 bytes JMP 00007ff939290298
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\KERNEL32.DLL!SetFileCompletionNotificationModes 00007ff839fdfc50 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff83a0739b0 7 bytes JMP 00007ff939290340
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff83a073ef0 7 bytes JMP 00007ff9392902d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff83a073fe0 7 bytes JMP 00007ff939290308
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff83a0a06c0 7 bytes JMP 00007ff9392901f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff83a0a0730 7 bytes JMP 00007ff939290228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8392a21d0 5 bytes JMP 00007ff939290180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8392a29d0 7 bytes JMP 00007ff9392900d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8392a4310 5 bytes JMP 00007ff939290110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8392a8d80 5 bytes JMP 00007ff939290148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff83931f0b0 5 bytes JMP 00007ff9392901b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ff839b46d90 1 byte JMP 00007ff939290420
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ff839b46d92 8 bytes {JMP 0xffffffffff749690}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff839b574a0 5 bytes JMP 00007ff9392903e8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff839b57560 9 bytes JMP 00007ff939290378
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff839b57730 5 bytes JMP 00007ff939290458
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff839b66b10 5 bytes JMP 00007ff9392903b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff83b9f1500 1 byte JMP 00007ff939290490
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff83b9f1502 6 bytes {JMP 0xfffffffffd89ef90}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff83b9f1750 8 bytes JMP 00007ff9392904c8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ff83965d050 7 bytes JMP 00007ff939290500
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4496] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff83968b170 5 bytes JMP 00007ff939290538
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff839fc3e10 7 bytes JMP 00007ff939290260
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff839fc3e20 7 bytes JMP 00007ff939290298
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff83a0739b0 7 bytes JMP 00007ff939290340
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff83a073ef0 7 bytes JMP 00007ff9392902d0
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff83a073fe0 7 bytes JMP 00007ff939290308
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff83a0a06c0 7 bytes JMP 00007ff9392901f0
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff83a0a0730 7 bytes JMP 00007ff939290228
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8392a21d0 5 bytes JMP 00007ff939290180
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8392a29d0 7 bytes JMP 00007ff9392900d8
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8392a4310 5 bytes JMP 00007ff939290110
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8392a8d80 5 bytes JMP 00007ff939290148
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff83931f0b0 5 bytes JMP 00007ff9392901b8
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ff839b46d90 1 byte JMP 00007ff939290420
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ff839b46d92 8 bytes {JMP 0xffffffffff749690}
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff839b574a0 5 bytes JMP 00007ff9392903e8
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff839b57560 9 bytes JMP 00007ff939290378
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff839b57730 5 bytes JMP 00007ff939290458
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff839b66b10 5 bytes JMP 00007ff9392903b0
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff83b9f1500 1 byte JMP 00007ff939290490
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff83b9f1502 6 bytes {JMP 0xfffffffffd89ef90}
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff83b9f1750 8 bytes JMP 00007ff9392904c8
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ff83965d050 7 bytes JMP 00007ff939290500
.text C:\Windows\RTFTrack.exe[5004] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff83968b170 5 bytes JMP 00007ff939290538
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff839fc3e10 7 bytes JMP 00007ff939290260
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff839fc3e20 7 bytes JMP 00007ff939290298
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff83a0739b0 7 bytes JMP 00007ff939290340
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff83a073ef0 7 bytes JMP 00007ff9392902d0
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff83a073fe0 7 bytes JMP 00007ff939290308
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff83a0a06c0 7 bytes JMP 00007ff9392901f0
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff83a0a0730 7 bytes JMP 00007ff939290228
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8392a21d0 5 bytes JMP 00007ff939290180
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8392a29d0 7 bytes JMP 00007ff9392900d8
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8392a4310 5 bytes JMP 00007ff939290110
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8392a8d80 5 bytes JMP 00007ff939290148
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff83931f0b0 5 bytes JMP 00007ff9392901b8
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ff839b46d90 1 byte JMP 00007ff939290420
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ff839b46d92 8 bytes {JMP 0xffffffffff749690}
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff839b574a0 5 bytes JMP 00007ff9392903e8
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff839b57560 9 bytes JMP 00007ff939290378
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff839b57730 5 bytes JMP 00007ff939290458
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff839b66b10 5 bytes JMP 00007ff9392903b0
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff83b9f1500 1 byte JMP 00007ff939290490
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff83b9f1502 6 bytes {JMP 0xfffffffffd89ef90}
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff83b9f1750 8 bytes JMP 00007ff9392904c8
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ff83965d050 7 bytes JMP 00007ff939290500
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[5060] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff83968b170 5 bytes JMP 00007ff939290538
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff839fc3e10 7 bytes JMP 00007ff939290260
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff839fc3e20 7 bytes JMP 00007ff939290298
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff83a0739b0 7 bytes JMP 00007ff939290340
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff83a073ef0 7 bytes JMP 00007ff9392902d0
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff83a073fe0 7 bytes JMP 00007ff939290308
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff83a0a06c0 7 bytes JMP 00007ff9392901f0
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff83a0a0730 7 bytes JMP 00007ff939290228
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8392a21d0 5 bytes JMP 00007ff939290180
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8392a29d0 7 bytes JMP 00007ff9392900d8
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8392a4310 5 bytes JMP 00007ff939290110
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8392a8d80 5 bytes JMP 00007ff939290148
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff83931f0b0 5 bytes JMP 00007ff9392901b8
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ff839b46d90 1 byte JMP 00007ff939290420
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ff839b46d92 8 bytes {JMP 0xffffffffff749690}
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff839b574a0 5 bytes JMP 00007ff9392903e8
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff839b57560 9 bytes JMP 00007ff939290378
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff839b57730 5 bytes JMP 00007ff939290458
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff839b66b10 5 bytes JMP 00007ff9392903b0
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff83b9f1500 1 byte JMP 00007ff939290490
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff83b9f1502 6 bytes {JMP 0xfffffffffd89ef90}
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff83b9f1750 8 bytes JMP 00007ff9392904c8
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ff83965d050 7 bytes JMP 00007ff939290500
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[5068] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff83968b170 5 bytes JMP 00007ff939290538
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff839fc3e10 7 bytes JMP 00007ff939290260
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff839fc3e20 7 bytes JMP 00007ff939290298
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff83a0739b0 7 bytes JMP 00007ff939290340
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff83a073ef0 7 bytes JMP 00007ff9392902d0
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff83a073fe0 7 bytes JMP 00007ff939290308
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff83a0a06c0 7 bytes JMP 00007ff9392901f0
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff83a0a0730 7 bytes JMP 00007ff939290228
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8392a21d0 5 bytes JMP 00007ff939290180
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8392a29d0 7 bytes JMP 00007ff9392900d8
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8392a4310 5 bytes JMP 00007ff939290110
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8392a8d80 5 bytes JMP 00007ff939290148
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff83931f0b0 5 bytes JMP 00007ff9392901b8
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ff839b46d90 1 byte JMP 00007ff939290420
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ff839b46d92 8 bytes {JMP 0xffffffffff749690}
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff839b574a0 5 bytes JMP 00007ff9392903e8
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff839b57560 9 bytes JMP 00007ff939290378
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ff839b57730 5 bytes JMP 00007ff939290458
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff839b66b10 5 bytes JMP 00007ff9392903b0
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff83b9f1500 1 byte JMP 00007ff939290490
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff83b9f1502 6 bytes {JMP 0xfffffffffd89ef90}
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff83b9f1750 8 bytes JMP 00007ff9392904c8
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ff83965d050 7 bytes JMP 00007ff939290500
.text C:\Windows\System32\igfxpers.exe[3956] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff83968b170 5 bytes JMP 00007ff939290538
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff839fc3e10 7 bytes JMP 00007ff939290260
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff839fc3e20 7 bytes JMP 00007ff939290298
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff83a0739b0 7 bytes JMP 00007ff939290340
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff83a073ef0 7 bytes JMP 00007ff9392902d0
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff83a073fe0 7 bytes JMP 00007ff939290308
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff83a0a06c0 7 bytes JMP 00007ff9392901f0
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff83a0a0730 7 bytes JMP 00007ff939290228
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8392a21d0 5 bytes JMP 00007ff939290180
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8392a29d0 7 bytes JMP 00007ff9392900d8
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8392a4310 5 bytes JMP 00007ff939290110
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8392a8d80 5 bytes JMP 00007ff939290148
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ff83931f0b0 5 bytes JMP 00007ff9392901b8
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ff839b46d90 1 byte JMP 00007ff939290420
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 2 00007ff839b46d92 8 bytes {JMP 0xffffffffff749690}
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ff839b574a0 5 bytes JMP 00007ff9392903e8
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ff839b57560 9 bytes JMP 00007ff939290378
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ff839b57730 5 bytes JMP 00007ff939290458
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ff839b66b10 5 bytes JMP 00007ff9392903b0
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff83b9f1500 1 byte JMP 00007ff939290490
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ff83b9f1502 6 bytes {JMP 0xfffffffffd89ef90}
.text C:\Windows\system32\DllHost.exe[6724] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff83b9f1750 8 bytes JMP 00007ff9392904c8
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [528:552] fffff960009972d0
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xAF 0x4E 0x82 0x3B ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xAB 0x51 0x4E 0xC3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x0F 0xB1 0x84 0x3B ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x0F 0xB4 0x50 0xC3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@de-DE 27
Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\LGD044F0_00_07DE_13^675D668B1431BA2633AE082B2D11E21C@Timestamp 0x7B 0x80 0x3A 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 640
Reg HKLM\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings@StringCacheGeneration 317
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\ProgramData\Avira\Antivirus\TEMP\SELFUPDATE\CommonTextRc.dll??\??\C:\ProgramData\Avira\Antivirus\TEMP\SELFUPDATE\mfc120u.dll??\??\C:\ProgramData\Avira\Antivirus\TEMP\SELFUPDATE??\??\C:\ProgramData\Avira\Antivirus\TEMP\SELFUPDATE\CommonTextRc.dll??\??\C:\ProgramData\Avira\Antivirus\TEMP\SELFUPDATE\mfc120u.dll??\??\C:\ProgramData\Avira\Antivirus\TEMP\SELFUPDATE??\??\C:\ProgramData\Avira\Antivirus\TEMP??\??\C:\Program Files (x86)\Avira\Antivirus\150\product.config??\??\C:\Program Files (x86)\Avira\Antivirus\150??\??\C:\Program Files (x86)\Avira\Antivirus\207\Product.Config??\??\C:\Program Files (x86)\Avira\Antivirus\207??\??\C:\Program Files (x86)\Avira\Antivirus\208\product.config??\??\C:\Program Files (x86)\Avira\Antivirus\208??\??\C:\Program Files (x86)\Avira\Antivirus\210\Product.Config??\??\C:\Program Files (x86)\Avira\Antivirus\210??\??\C:\Program Files (x86)\Avira\Antivirus\57\product.config??\??\C:\Program Files (x86)\Avira\Antivirus\57??\??\C:\Program Files (x86)\Avira\Antivirus\avrestart.exe??\
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3873809
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1717277518
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 32
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 445114399
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 6085
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 5643
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 3f7778b7-6585-4f1f-a1c9-388e88c
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\avgntflt@Start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\avgntflt@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\avgntflt@DeleteFlag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\avgntflt
Reg HKLM\SYSTEM\CurrentControlSet\Services\avkmgr@Start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\avkmgr@DeleteFlag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\avkmgr
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\f4066970d2a2
Reg HKLM\SYSTEM\CurrentControlSet\Services\bthserv\Parameters\BluetoothControlPanelTasks@State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{5afaaaf6-21d1-43c3-8ce4-49c1d13d092f}@LastProbeTime 1434111640
Reg HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{8BBAD164-BE84-4B6F-B589-A6728EA1DA17}@DefunctTimestamp 0x14 0xB3 0x7A 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@ImagePath \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@DisplayName MBAMSwissArmy
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances@DefaultInstance MBAMSwissArmy Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances\MBAMSwissArmy Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances\MBAMSwissArmy Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy
Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?Fr?, ?Jun ?12 ?15, 11:55:03??????(???????(???????????????(????
Reg HKLM\SYSTEM\CurrentControlSet\Services\SDScannerService@ServiceWebPortFileScannerActive 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SDScannerService@ServiceWebPortFirewallActive 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SDUpdateService@ServiceWebPortActive 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 3009
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 903
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile@EnableFirewall 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile@EnableFirewall 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 29
Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 294
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4130637F-770C-4D9C-8D97-B772EFA02DA7}@LeaseObtainedTime 1434104386
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4130637F-770C-4D9C-8D97-B772EFA02DA7}@T1 1434406786
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4130637F-770C-4D9C-8D97-B772EFA02DA7}@T2 1434633586
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4130637F-770C-4D9C-8D97-B772EFA02DA7}@LeaseTerminatesTime 1434709186
Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband@FavoritesRemovedChanges 4
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE7CD045-E861-484F-8273-0445EE161910}\iexplore@Count 2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime 0x84 0x2E 0x95 0x1A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Logo100 %USERPROFILE%\AppData\Local\Microsoft\Windows\Explorer\TileCacheLogo-85284718_100.dat
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting@LastQueueNoPesterTime 0xC5 0xEE 0x5D 0x68 ...
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Windows Installe_78ea319954c0f9d9f5a0af2422c161e5e83f9c38_3c3d17c0_cab_26f097e6
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@FirstLevelConsentDialog 0xE8 0x02 0x02 0x00 ...
---- EOF - GMER 2.1 ----
--- --- ---
SPYBOT: Code:
Search results from Spybot - Search & Destroy
12.06.2015 11:50:32
Scan took 00:25:24.
24 items found.
DownloadSponsor: [SBI $CC437C6B] Settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4118197852-1386457393-492245417-1001\Software\OCS\lastPID
DownloadSponsor: [SBI $980DE8E4] Settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4118197852-1386457393-492245417-1001\Software\OCS\PID
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Internet Explorer (Benutzer): *****) (Browser: Cookie, nothing done)
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Internet Explorer (Benutzer): *****) (Browser: Cookie, nothing done)
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4118197852-1386457393-492245417-1001\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4118197852-1386457393-492245417-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4118197852-1386457393-492245417-1001\Software\Microsoft\Microsoft Management Console\Recent File List
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4118197852-1386457393-492245417-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4118197852-1386457393-492245417-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4118197852-1386457393-492245417-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4118197852-1386457393-492245417-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4118197852-1386457393-492245417-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Cookie: [SBI $49804B54] Browser: Cookie (70) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (383) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (254) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---
2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2015-03-25 spybotsd2-translation-hrx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2015-06-02 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2015-03-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2015-04-22 Includes\Adware-000.sbi (*)
2015-02-27 Includes\Adware-001.sbi (*)
2015-06-10 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-11-14 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2014-11-14 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2015-06-10 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2015-06-10 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-11-14 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2015-05-27 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2015-05-27 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
|
Lesestoff: