Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.09.2013, 00:01   #1
Ardion
 
ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D - Standard

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D



Hallo,
Heute habe ich einmal den ESET Online Scanner laufen lassen.
Dieser hat auch einige Probleme gefunden.

Auslöser dafür, dass ich den Scann überhaupt gemacht habe war, dass ich heute mitten im Betrieb das Windows Abmeldegeräusch hörte.
Außerdem habe ich beim hochfahren seit einiger Zeit immer für ca. 15 Sekunden einen schwarzen Bildschirm vor dem Windows Login / Passworteingabe Bildschirm.

Hier einmal die ESET Ergebnisse:

Code:
ATTFilter
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ApnIC[1].0	a variant of Win32/Bundled.Toolbar.Ask application	
C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll	a variant of Win32/Bundled.Toolbar.Ask application	cleaned by deleting - quarantined
C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe	a variant of Win32/Bundled.Toolbar.Ask application	cleaned by deleting - quarantined
C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe	a variant of Win32/Bundled.Toolbar.Ask.D application	cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\ApnIC[1].0	a variant of Win32/Bundled.Toolbar.Ask application	cleaned by deleting - quarantined
D:\Dropbox\Dennis\N64\setup Project64 2.1.exe	Win32/Adware.Lollipop.D application	cleaned by deleting - quarantined
         
Ich hoffe ihr könnt mir weiter helfen.

PS: Malwarebytes läuft gerade und danach führe ich GMER / FRST aus.

Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.26.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Dennis :: DENNIS-PC [Administrator]

26.09.2013 23:42:22
mbam-log-2013-09-26 (23-42-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 680596
Laufzeit: 1 Stunde(n), 17 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Logfiles sind zu lang. Siehe Anhang

Anhang: GMER / FRST Logs

Geändert von aharonov (27.09.2013 um 12:42 Uhr)

Alt 27.09.2013, 14:00   #2
schrauber
/// the machine
/// TB-Ausbilder
 

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D - Standard

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 27.09.2013, 14:19   #3
Ardion
 
ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D - Standard

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D



Hallo,
leider ging das im letzten Post nicht.
Das Board hat mir immer gesagt das der Text zu lang wäre und ich einen Anhang verwenden soll. Vielleicht habe ich auch etwas falsch gemacht.
Naja so jetzt hier die Logs:

GMER Teil 1:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-27 01:27:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 M4-CT128 rev.000F 119,24GB
Running: r0y4vjh8.exe; Driver: D:\Temp\pwrirpog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544                                                                                  fffff8000360a000 64 bytes [E8, EF, 52, 0A, 80, FA, FF, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 609                                                                                  fffff8000360a041 21 bytes [D0, 52, 0A, 80, FA, FF, FF, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                    00000000779f3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                      00000000779f7ac0 5 bytes JMP 000000016fff05e0
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                         0000000077a213a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000077a21570 8 bytes JMP 000000016fff0308
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                      0000000077a215e0 8 bytes JMP 000000016fff0490
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000077a21620 8 bytes JMP 000000016fff0420
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                         0000000077a216c0 8 bytes JMP 000000016fff04c8
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000077a21750 8 bytes JMP 000000016fff03e8
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000077a21790 8 bytes JMP 000000016fff0228
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000077a217e0 8 bytes JMP 000000016fff0260
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                    0000000077a21800 8 bytes JMP 000000016fff0458
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                               0000000077a219f0 8 bytes JMP 000000016fff05a8
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000077a21b00 8 bytes JMP 000000016fff01f0
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                   0000000077a21bd0 8 bytes JMP 000000016fff0340
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                      0000000077a21d20 8 bytes JMP 000000016fff0500
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000077a21d30 8 bytes JMP 000000016fff0570
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000077a220a0 8 bytes JMP 000000016fff0378
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                           0000000077a22130 8 bytes JMP 000000016fff0538
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000077a229a0 8 bytes JMP 000000016fff03b0
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000077a22a20 8 bytes JMP 000000016fff0298
.text     C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000077a22aa0 8 bytes JMP 000000016fff02d0
.text     C:\Windows\system32\services.exe[616] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                         00000000778ba420 12 bytes JMP 000000016fff01b8
.text     C:\Windows\system32\services.exe[616] C:\Windows\system32\kernel32.dll!CreateProcessW                                                               00000000778d1b50 12 bytes JMP 000000016fff0148
.text     C:\Windows\system32\services.exe[616] C:\Windows\system32\kernel32.dll!CreateProcessA                                                               0000000077948810 7 bytes JMP 000000016fff0180
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                       00000000779f3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                         00000000779f7ac0 5 bytes JMP 000000016fff05e0
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                            0000000077a213a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                 0000000077a21570 8 bytes JMP 000000016fff0308
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                         0000000077a215e0 8 bytes JMP 000000016fff0490
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                      0000000077a21620 8 bytes JMP 000000016fff0420
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                            0000000077a216c0 8 bytes JMP 000000016fff04c8
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                    0000000077a21750 8 bytes JMP 000000016fff03e8
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                     0000000077a21790 8 bytes JMP 000000016fff0228
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                  0000000077a217e0 8 bytes JMP 000000016fff0260
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                       0000000077a21800 8 bytes JMP 000000016fff0458
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                  0000000077a219f0 8 bytes JMP 000000016fff05a8
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                          0000000077a21b00 8 bytes JMP 000000016fff01f0
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                      0000000077a21bd0 8 bytes JMP 000000016fff0340
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                         0000000077a21d20 8 bytes JMP 000000016fff0500
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                   0000000077a21d30 8 bytes JMP 000000016fff0570
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                       0000000077a220a0 8 bytes JMP 000000016fff0378
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                              0000000077a22130 8 bytes JMP 000000016fff0538
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                             0000000077a229a0 8 bytes JMP 000000016fff03b0
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                   0000000077a22a20 8 bytes JMP 000000016fff0298
.text     C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                               0000000077a22aa0 8 bytes JMP 000000016fff02d0
.text     C:\Windows\system32\lsm.exe[672] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                    000007fefdb853c0 7 bytes JMP 000007fffd780148
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                     00000000779f3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                       00000000779f7ac0 5 bytes JMP 000000016fff05e0
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                          0000000077a213a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                               0000000077a21570 8 bytes JMP 000000016fff0308
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                       0000000077a215e0 8 bytes JMP 000000016fff0490
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                    0000000077a21620 8 bytes JMP 000000016fff0420
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                          0000000077a216c0 8 bytes JMP 000000016fff04c8
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                  0000000077a21750 8 bytes JMP 000000016fff03e8
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                   0000000077a21790 8 bytes JMP 000000016fff0228
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                0000000077a217e0 8 bytes JMP 000000016fff0260
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                     0000000077a21800 8 bytes JMP 000000016fff0458
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                0000000077a219f0 8 bytes JMP 000000016fff05a8
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                        0000000077a21b00 8 bytes JMP 000000016fff01f0
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                    0000000077a21bd0 8 bytes JMP 000000016fff0340
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                       0000000077a21d20 8 bytes JMP 000000016fff0500
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                 0000000077a21d30 8 bytes JMP 000000016fff0570
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                     0000000077a220a0 8 bytes JMP 000000016fff0378
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                            0000000077a22130 8 bytes JMP 000000016fff0538
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                           0000000077a229a0 8 bytes JMP 000000016fff03b0
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                 0000000077a22a20 8 bytes JMP 000000016fff0298
.text     C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                             0000000077a22aa0 8 bytes JMP 000000016fff02d0
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                 0000000077bcf9e0 5 bytes JMP 000000011001d120
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                      0000000077bcfcb0 5 bytes JMP 000000011002fc20
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                              0000000077bcfd64 5 bytes JMP 000000011002e100
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                           0000000077bcfdc8 5 bytes JMP 000000011002ed90
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                 0000000077bcfec0 5 bytes JMP 000000011002c3c0
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                         0000000077bcffa4 5 bytes JMP 000000011002e7a0
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                          0000000077bd0004 2 bytes JMP 0000000110030080
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3                                      0000000077bd0007 2 bytes [46, 98]
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                       0000000077bd0084 5 bytes JMP 000000011002fe40
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                            0000000077bd00b4 5 bytes JMP 000000011002e400
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                       0000000077bd03b8 5 bytes JMP 000000011002cde0
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                               0000000077bd0550 5 bytes JMP 000000011002b670
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                           0000000077bd0694 5 bytes JMP 000000011002f8b0
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                              0000000077bd088c 5 bytes JMP 000000011002bfe0
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                        0000000077bd08a4 5 bytes JMP 000000011002ca40
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                            0000000077bd0df4 5 bytes JMP 000000011002f6a0
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                   0000000077bd0ed8 5 bytes JMP 000000011002f220
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                  0000000077bd1be4 5 bytes JMP 000000011002f460
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                        0000000077bd1cb4 5 bytes JMP 000000011002c670
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                    0000000077bd1d8c 5 bytes JMP 000000011002f020
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                              0000000077bec4dd 5 bytes JMP 0000000110027f40
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                            0000000077bf1287 7 bytes JMP 000000011001d240
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                       00000000758e103d 5 bytes JMP 0000000110025070
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                       00000000758e1072 5 bytes JMP 0000000110025c00
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[836] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                 000000007590c965 5 bytes JMP 0000000110023ba0
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                    00000000779f3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                      00000000779f7ac0 5 bytes JMP 000000016fff05e0
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                         0000000077a213a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000077a21570 8 bytes JMP 000000016fff0308
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                      0000000077a215e0 8 bytes JMP 000000016fff0490
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000077a21620 8 bytes JMP 000000016fff0420
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                         0000000077a216c0 8 bytes JMP 000000016fff04c8
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000077a21750 8 bytes JMP 000000016fff03e8
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000077a21790 8 bytes JMP 000000016fff0228
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000077a217e0 8 bytes JMP 000000016fff0260
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                    0000000077a21800 8 bytes JMP 000000016fff0458
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                               0000000077a219f0 8 bytes JMP 000000016fff05a8
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000077a21b00 8 bytes JMP 000000016fff01f0
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                   0000000077a21bd0 8 bytes JMP 000000016fff0340
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                      0000000077a21d20 8 bytes JMP 000000016fff0500
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000077a21d30 8 bytes JMP 000000016fff0570
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000077a220a0 8 bytes JMP 000000016fff0378
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                           0000000077a22130 8 bytes JMP 000000016fff0538
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000077a229a0 8 bytes JMP 000000016fff03b0
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000077a22a20 8 bytes JMP 000000016fff0298
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000077a22aa0 8 bytes JMP 000000016fff02d0
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                         00000000778ba420 12 bytes JMP 000000016fff01b8
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\system32\kernel32.dll!CreateProcessW                                                               00000000778d1b50 12 bytes JMP 000000016fff0148
.text     C:\Windows\system32\svchost.exe[1092] C:\Windows\system32\kernel32.dll!CreateProcessA                                                               0000000077948810 7 bytes JMP 000000016fff0180
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                    00000000779f3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                      00000000779f7ac0 5 bytes JMP 000000016fff05e0
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                         0000000077a213a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000077a21570 8 bytes JMP 000000016fff0308
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                      0000000077a215e0 8 bytes JMP 000000016fff0490
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000077a21620 8 bytes JMP 000000016fff0420
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                         0000000077a216c0 8 bytes JMP 000000016fff04c8
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000077a21750 8 bytes JMP 000000016fff03e8
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000077a21790 8 bytes JMP 000000016fff0228
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000077a217e0 8 bytes JMP 000000016fff0260
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                    0000000077a21800 8 bytes JMP 000000016fff0458
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                               0000000077a219f0 8 bytes JMP 000000016fff05a8
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000077a21b00 8 bytes JMP 000000016fff01f0
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                   0000000077a21bd0 8 bytes JMP 000000016fff0340
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                      0000000077a21d20 8 bytes JMP 000000016fff0500
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000077a21d30 8 bytes JMP 000000016fff0570
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000077a220a0 8 bytes JMP 000000016fff0378
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                           0000000077a22130 8 bytes JMP 000000016fff0538
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000077a229a0 8 bytes JMP 000000016fff03b0
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000077a22a20 8 bytes JMP 000000016fff0298
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000077a22aa0 8 bytes JMP 000000016fff02d0
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                         00000000778ba420 12 bytes JMP 000000016fff01b8
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\kernel32.dll!CreateProcessW                                                               00000000778d1b50 12 bytes JMP 000000016fff0148
.text     C:\Windows\System32\svchost.exe[1136] C:\Windows\system32\kernel32.dll!CreateProcessA                                                               0000000077948810 7 bytes JMP 000000016fff0180
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                    00000000779f3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                      00000000779f7ac0 5 bytes JMP 000000016fff05e0
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                         0000000077a213a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000077a21570 8 bytes JMP 000000016fff0308
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                      0000000077a215e0 8 bytes JMP 000000016fff0490
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000077a21620 8 bytes JMP 000000016fff0420
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                         0000000077a216c0 8 bytes JMP 000000016fff04c8
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000077a21750 8 bytes JMP 000000016fff03e8
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000077a21790 8 bytes JMP 000000016fff0228
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000077a217e0 8 bytes JMP 000000016fff0260
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                    0000000077a21800 8 bytes JMP 000000016fff0458
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                               0000000077a219f0 8 bytes JMP 000000016fff05a8
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000077a21b00 8 bytes JMP 000000016fff01f0
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                   0000000077a21bd0 8 bytes JMP 000000016fff0340
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                      0000000077a21d20 8 bytes JMP 000000016fff0500
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000077a21d30 8 bytes JMP 000000016fff0570
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000077a220a0 8 bytes JMP 000000016fff0378
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                           0000000077a22130 8 bytes JMP 000000016fff0538
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000077a229a0 8 bytes JMP 000000016fff03b0
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000077a22a20 8 bytes JMP 000000016fff0298
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000077a22aa0 8 bytes JMP 000000016fff02d0
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                         00000000778ba420 12 bytes JMP 000000016fff01b8
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\system32\kernel32.dll!CreateProcessW                                                               00000000778d1b50 12 bytes JMP 000000016fff0148
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\system32\kernel32.dll!CreateProcessA                                                               0000000077948810 7 bytes JMP 000000016fff0180
.text     C:\Windows\System32\svchost.exe[1176] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                               000007fefdb853c0 7 bytes JMP 000007fffd780148
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                    00000000779f3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                      00000000779f7ac0 5 bytes JMP 000000016fff05e0
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                         0000000077a213a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000077a21570 8 bytes JMP 000000016fff0308
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                      0000000077a215e0 8 bytes JMP 000000016fff0490
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000077a21620 8 bytes JMP 000000016fff0420
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                         0000000077a216c0 8 bytes JMP 000000016fff04c8
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000077a21750 8 bytes JMP 000000016fff03e8
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000077a21790 8 bytes JMP 000000016fff0228
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000077a217e0 8 bytes JMP 000000016fff0260
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                    0000000077a21800 8 bytes JMP 000000016fff0458
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                               0000000077a219f0 8 bytes JMP 000000016fff05a8
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000077a21b00 8 bytes JMP 000000016fff01f0
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                   0000000077a21bd0 8 bytes JMP 000000016fff0340
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                      0000000077a21d20 8 bytes JMP 000000016fff0500
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000077a21d30 8 bytes JMP 000000016fff0570
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000077a220a0 8 bytes JMP 000000016fff0378
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                           0000000077a22130 8 bytes JMP 000000016fff0538
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000077a229a0 8 bytes JMP 000000016fff03b0
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000077a22a20 8 bytes JMP 000000016fff0298
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000077a22aa0 8 bytes JMP 000000016fff02d0
.text     C:\Windows\system32\svchost.exe[1204] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                               000007fefdb853c0 7 bytes JMP 000007fffd780148
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                    00000000779f3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                      00000000779f7ac0 5 bytes JMP 000000016fff05e0
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                         0000000077a213a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000077a21570 8 bytes JMP 000000016fff0308
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                      0000000077a215e0 8 bytes JMP 000000016fff0490
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000077a21620 8 bytes JMP 000000016fff0420
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                         0000000077a216c0 8 bytes JMP 000000016fff04c8
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000077a21750 8 bytes JMP 000000016fff03e8
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000077a21790 8 bytes JMP 000000016fff0228
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000077a217e0 8 bytes JMP 000000016fff0260
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                    0000000077a21800 8 bytes JMP 000000016fff0458
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                               0000000077a219f0 8 bytes JMP 000000016fff05a8
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000077a21b00 8 bytes JMP 000000016fff01f0
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                   0000000077a21bd0 8 bytes JMP 000000016fff0340
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                      0000000077a21d20 8 bytes JMP 000000016fff0500
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000077a21d30 8 bytes JMP 000000016fff0570
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000077a220a0 8 bytes JMP 000000016fff0378
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                           0000000077a22130 8 bytes JMP 000000016fff0538
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000077a229a0 8 bytes JMP 000000016fff03b0
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000077a22a20 8 bytes JMP 000000016fff0298
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000077a22aa0 8 bytes JMP 000000016fff02d0
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                         00000000778ba420 12 bytes JMP 000000016fff01b8
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\kernel32.dll!CreateProcessW                                                               00000000778d1b50 12 bytes JMP 000000016fff0148
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\kernel32.dll!CreateProcessA                                                               0000000077948810 7 bytes JMP 000000016fff0180
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                               000007fefdb853c0 7 bytes JMP 000007fffd780148
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx                                                          000007fefe2e4750 5 bytes JMP 000007fffd7801b8
.text     C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                         000007fefedda1a0 7 bytes JMP 000007fffd780180
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                           00000000779f3b10 5 bytes JMP 000000016fff0110
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                             00000000779f7ac0 5 bytes JMP 000000016fff05e0
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                0000000077a213a0 8 bytes JMP 000000016fff00d8
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                     0000000077a21570 8 bytes JMP 000000016fff0308
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                             0000000077a215e0 8 bytes JMP 000000016fff0490
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                          0000000077a21620 8 bytes JMP 000000016fff0420
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                0000000077a216c0 8 bytes JMP 000000016fff04c8
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                        0000000077a21750 8 bytes JMP 000000016fff03e8
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                         0000000077a21790 8 bytes JMP 000000016fff0228
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                      0000000077a217e0 8 bytes JMP 000000016fff0260
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                           0000000077a21800 8 bytes JMP 000000016fff0458
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                      0000000077a219f0 8 bytes JMP 000000016fff05a8
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                              0000000077a21b00 8 bytes JMP 000000016fff01f0
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                          0000000077a21bd0 8 bytes JMP 000000016fff0340
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                             0000000077a21d20 8 bytes JMP 000000016fff0500
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                       0000000077a21d30 8 bytes JMP 000000016fff0570
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                           0000000077a220a0 8 bytes JMP 000000016fff0378
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                  0000000077a22130 8 bytes JMP 000000016fff0538
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                 0000000077a229a0 8 bytes JMP 000000016fff03b0
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                       0000000077a22a20 8 bytes JMP 000000016fff0298
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                   0000000077a22aa0 8 bytes JMP 000000016fff02d0
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                00000000778ba420 12 bytes JMP 000000016fff01b8
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\system32\kernel32.dll!CreateProcessW                                      00000000778d1b50 12 bytes JMP 000000016fff0148
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\Windows\system32\kernel32.dll!CreateProcessA                                      0000000077948810 7 bytes JMP 000000016fff0180
.text     C:\Windows\system32\nvvsvc.exe[1616] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                000007fefdb853c0 7 bytes JMP 000007fffd780148
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1892] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                        00000000758e103d 5 bytes JMP 0000000110025070
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1892] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                        00000000758e1072 5 bytes JMP 0000000110025c00
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1892] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                  000000007590c965 5 bytes JMP 0000000110023ba0
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                    00000000779f3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                      00000000779f7ac0 5 bytes JMP 000000016fff05e0
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                         0000000077a213a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000077a21570 8 bytes JMP 000000016fff0308
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                      0000000077a215e0 8 bytes JMP 000000016fff0490
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000077a21620 8 bytes JMP 000000016fff0420
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                         0000000077a216c0 8 bytes JMP 000000016fff04c8
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000077a21750 8 bytes JMP 000000016fff03e8
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000077a21790 8 bytes JMP 000000016fff0228
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000077a217e0 8 bytes JMP 000000016fff0260
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                    0000000077a21800 8 bytes JMP 000000016fff0458
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                               0000000077a219f0 8 bytes JMP 000000016fff05a8
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000077a21b00 8 bytes JMP 000000016fff01f0
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                   0000000077a21bd0 8 bytes JMP 000000016fff0340
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                      0000000077a21d20 8 bytes JMP 000000016fff0500
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000077a21d30 8 bytes JMP 000000016fff0570
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000077a220a0 8 bytes JMP 000000016fff0378
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                           0000000077a22130 8 bytes JMP 000000016fff0538
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000077a229a0 8 bytes JMP 000000016fff03b0
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000077a22a20 8 bytes JMP 000000016fff0298
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000077a22aa0 8 bytes JMP 000000016fff02d0
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                         00000000778ba420 12 bytes JMP 000000016fff01b8
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\system32\kernel32.dll!CreateProcessW                                                               00000000778d1b50 12 bytes JMP 000000016fff0148
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\system32\kernel32.dll!CreateProcessA                                                               0000000077948810 7 bytes JMP 000000016fff0180
.text     C:\Windows\system32\svchost.exe[1912] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                               000007fefdb853c0 7 bytes JMP 000007fffd780148
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                0000000077bcf9e0 5 bytes JMP 000000011001d120
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                     0000000077bcfcb0 5 bytes JMP 000000011002fc20
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                             0000000077bcfd64 5 bytes JMP 000000011002e100
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                          0000000077bcfdc8 5 bytes JMP 000000011002ed90
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                0000000077bcfec0 5 bytes JMP 000000011002c3c0
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                        0000000077bcffa4 5 bytes JMP 000000011002e7a0
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                         0000000077bd0004 2 bytes JMP 0000000110030080
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3                                     0000000077bd0007 2 bytes [46, 98]
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                      0000000077bd0084 5 bytes JMP 000000011002fe40
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                           0000000077bd00b4 5 bytes JMP 000000011002e400
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                      0000000077bd03b8 5 bytes JMP 000000011002cde0
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                              0000000077bd0550 5 bytes JMP 000000011002b670
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                          0000000077bd0694 5 bytes JMP 000000011002f8b0
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                             0000000077bd088c 5 bytes JMP 000000011002bfe0
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                       0000000077bd08a4 5 bytes JMP 000000011002ca40
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                           0000000077bd0df4 5 bytes JMP 000000011002f6a0
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                  0000000077bd0ed8 5 bytes JMP 000000011002f220
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                 0000000077bd1be4 5 bytes JMP 000000011002f460
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                       0000000077bd1cb4 5 bytes JMP 000000011002c670
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                   0000000077bd1d8c 5 bytes JMP 000000011002f020
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                             0000000077bec4dd 5 bytes JMP 0000000110027f40
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                           0000000077bf1287 7 bytes JMP 000000011001d240
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                      00000000758e103d 5 bytes JMP 0000000110025070
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                      00000000758e1072 5 bytes JMP 0000000110025c00
.text     C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe[1480] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                000000007590c965 5 bytes JMP 0000000110023ba0
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                  0000000077bcf9e0 5 bytes JMP 000000011001d120
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                       0000000077bcfcb0 5 bytes JMP 000000011002fc20
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                               0000000077bcfd64 5 bytes JMP 000000011002e100
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                            0000000077bcfdc8 5 bytes JMP 000000011002ed90
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                  0000000077bcfec0 5 bytes JMP 000000011002c3c0
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                          0000000077bcffa4 5 bytes JMP 000000011002e7a0
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                           0000000077bd0004 2 bytes JMP 0000000110030080
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3                                       0000000077bd0007 2 bytes [46, 98]
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                        0000000077bd0084 5 bytes JMP 000000011002fe40
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                             0000000077bd00b4 5 bytes JMP 000000011002e400
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                        0000000077bd03b8 5 bytes JMP 000000011002cde0
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                0000000077bd0550 5 bytes JMP 000000011002b670
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                            0000000077bd0694 5 bytes JMP 000000011002f8b0
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                               0000000077bd088c 5 bytes JMP 000000011002bfe0
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                         0000000077bd08a4 5 bytes JMP 000000011002ca40
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                             0000000077bd0df4 5 bytes JMP 000000011002f6a0
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                    0000000077bd0ed8 5 bytes JMP 000000011002f220
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                   0000000077bd1be4 5 bytes JMP 000000011002f460
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                         0000000077bd1cb4 5 bytes JMP 000000011002c670
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                     0000000077bd1d8c 5 bytes JMP 000000011002f020
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                               0000000077bec4dd 5 bytes JMP 0000000110027f40
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                             0000000077bf1287 7 bytes JMP 000000011001d240
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                        00000000758e103d 5 bytes JMP 0000000110025070
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                        00000000758e1072 5 bytes JMP 0000000110025c00
.text     C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1240] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                  000000007590c965 5 bytes JMP 0000000110023ba0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtClose                                0000000077bcf9e0 5 bytes JMP 000000011001d120
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                     0000000077bcfcb0 5 bytes JMP 000000011002fc20
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                             0000000077bcfd64 5 bytes JMP 000000011002e100
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                          0000000077bcfdc8 5 bytes JMP 000000011002ed90
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                0000000077bcfec0 5 bytes JMP 000000011002c3c0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                        0000000077bcffa4 5 bytes JMP 000000011002e7a0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                         0000000077bd0004 2 bytes JMP 0000000110030080
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3                     0000000077bd0007 2 bytes [46, 98]
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                      0000000077bd0084 5 bytes JMP 000000011002fe40
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                           0000000077bd00b4 5 bytes JMP 000000011002e400
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                      0000000077bd03b8 5 bytes JMP 000000011002cde0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort              0000000077bd0550 5 bytes JMP 000000011002b670
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                          0000000077bd0694 5 bytes JMP 000000011002f8b0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject             0000000077bd088c 5 bytes JMP 000000011002bfe0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                       0000000077bd08a4 5 bytes JMP 000000011002ca40
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                           0000000077bd0df4 5 bytes JMP 000000011002f6a0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                  0000000077bd0ed8 5 bytes JMP 000000011002f220
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                 0000000077bd1be4 5 bytes JMP 000000011002f460
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                       0000000077bd1cb4 5 bytes JMP 000000011002c670
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                   0000000077bd1d8c 5 bytes JMP 000000011002f020
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                             0000000077bec4dd 5 bytes JMP 0000000110027f40
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                           0000000077bf1287 7 bytes JMP 000000011001d240
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\syswow64\kernel32.dll!CreateProcessW                      00000000758e103d 5 bytes JMP 0000000110025070
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\syswow64\kernel32.dll!CreateProcessA                      00000000758e1072 5 bytes JMP 0000000110025c00
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                000000007590c965 5 bytes JMP 0000000110023ba0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2236] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters      00000000759ef776 5 bytes JMP 000000011001d270
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtClose                                         0000000077bcf9e0 5 bytes JMP 000000011001d120
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                              0000000077bcfcb0 5 bytes JMP 000000011002fc20
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                      0000000077bcfd64 5 bytes JMP 000000011002e100
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                   0000000077bcfdc8 5 bytes JMP 000000011002ed90
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                         0000000077bcfec0 5 bytes JMP 000000011002c3c0
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                 0000000077bcffa4 5 bytes JMP 000000011002e7a0
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                  0000000077bd0004 2 bytes JMP 0000000110030080
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3                              0000000077bd0007 2 bytes [46, 98]
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                               0000000077bd0084 5 bytes JMP 000000011002fe40
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                    0000000077bd00b4 5 bytes JMP 000000011002e400
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                               0000000077bd03b8 5 bytes JMP 000000011002cde0
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                       0000000077bd0550 5 bytes JMP 000000011002b670
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                   0000000077bd0694 5 bytes JMP 000000011002f8b0
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                      0000000077bd088c 5 bytes JMP 000000011002bfe0
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                0000000077bd08a4 5 bytes JMP 000000011002ca40
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                    0000000077bd0df4 5 bytes JMP 000000011002f6a0
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                           0000000077bd0ed8 5 bytes JMP 000000011002f220
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                          0000000077bd1be4 5 bytes JMP 000000011002f460
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                0000000077bd1cb4 5 bytes JMP 000000011002c670
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                            0000000077bd1d8c 5 bytes JMP 000000011002f020
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                      0000000077bec4dd 5 bytes JMP 0000000110027f40
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                    0000000077bf1287 7 bytes JMP 000000011001d240
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\syswow64\kernel32.dll!CreateProcessW                               00000000758e103d 5 bytes JMP 0000000110025070
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\syswow64\kernel32.dll!CreateProcessA                               00000000758e1072 5 bytes JMP 0000000110025c00
.text     C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2308] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                         000000007590c965 5 bytes JMP 0000000110023ba0
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtClose                                           0000000077bcf9e0 5 bytes JMP 000000011001d120
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                0000000077bcfcb0 5 bytes JMP 000000011002fc20
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                        0000000077bcfd64 5 bytes JMP 000000011002e100
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                     0000000077bcfdc8 5 bytes JMP 000000011002ed90
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                           0000000077bcfec0 5 bytes JMP 000000011002c3c0
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                   0000000077bcffa4 5 bytes JMP 000000011002e7a0
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                    0000000077bd0004 2 bytes JMP 0000000110030080
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3                                0000000077bd0007 2 bytes [46, 98]
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                 0000000077bd0084 5 bytes JMP 000000011002fe40
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                      0000000077bd00b4 5 bytes JMP 000000011002e400
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                 0000000077bd03b8 5 bytes JMP 000000011002cde0
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                         0000000077bd0550 5 bytes JMP 000000011002b670
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                     0000000077bd0694 5 bytes JMP 000000011002f8b0
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                        0000000077bd088c 5 bytes JMP 000000011002bfe0
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                  0000000077bd08a4 5 bytes JMP 000000011002ca40
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                      0000000077bd0df4 5 bytes JMP 000000011002f6a0
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                             0000000077bd0ed8 5 bytes JMP 000000011002f220
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                            0000000077bd1be4 5 bytes JMP 000000011002f460
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                  0000000077bd1cb4 5 bytes JMP 000000011002c670
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                              0000000077bd1d8c 5 bytes JMP 000000011002f020
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                        0000000077bec4dd 5 bytes JMP 0000000110027f40
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                      0000000077bf1287 7 bytes JMP 000000011001d240
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                 00000000758e103d 5 bytes JMP 0000000110025070
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                 00000000758e1072 5 bytes JMP 0000000110025c00
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2540] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                           000000007590c965 5 bytes JMP 0000000110023ba0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtClose                             0000000077bcf9e0 5 bytes JMP 000000011001d120
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                  0000000077bcfcb0 5 bytes JMP 000000011002fc20
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                          0000000077bcfd64 5 bytes JMP 000000011002e100
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                       0000000077bcfdc8 5 bytes JMP 000000011002ed90
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken             0000000077bcfec0 5 bytes JMP 000000011002c3c0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                     0000000077bcffa4 5 bytes JMP 000000011002e7a0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                      0000000077bd0004 2 bytes JMP 0000000110030080
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3                  0000000077bd0007 2 bytes [46, 98]
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                   0000000077bd0084 5 bytes JMP 000000011002fe40
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                        0000000077bd00b4 5 bytes JMP 000000011002e400
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                   0000000077bd03b8 5 bytes JMP 000000011002cde0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort           0000000077bd0550 5 bytes JMP 000000011002b670
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                       0000000077bd0694 5 bytes JMP 000000011002f8b0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject          0000000077bd088c 5 bytes JMP 000000011002bfe0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                    0000000077bd08a4 5 bytes JMP 000000011002ca40
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                        0000000077bd0df4 5 bytes JMP 000000011002f6a0
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject               0000000077bd0ed8 5 bytes JMP 000000011002f220
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation              0000000077bd1be4 5 bytes JMP 000000011002f460
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                    0000000077bd1cb4 5 bytes JMP 000000011002c670
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                0000000077bd1d8c 5 bytes JMP 000000011002f020
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                          0000000077bec4dd 5 bytes JMP 0000000110027f40
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                        0000000077bf1287 7 bytes JMP 000000011001d240
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\syswow64\kernel32.dll!CreateProcessW                   00000000758e103d 5 bytes JMP 0000000110025070
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\syswow64\kernel32.dll!CreateProcessA                   00000000758e1072 5 bytes JMP 0000000110025c00
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[2556] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW             000000007590c965 5 bytes JMP 0000000110023ba0
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                            00000000779f3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                              00000000779f7ac0 5 bytes JMP 000000016fff05e0
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                 0000000077a213a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                      0000000077a21570 8 bytes JMP 000000016fff0308
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                              0000000077a215e0 8 bytes JMP 000000016fff0490
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                           0000000077a21620 8 bytes JMP 000000016fff0420
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                 0000000077a216c0 8 bytes JMP 000000016fff04c8
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                         0000000077a21750 8 bytes JMP 000000016fff03e8
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                          0000000077a21790 8 bytes JMP 000000016fff0228
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                       0000000077a217e0 8 bytes JMP 000000016fff0260
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                            0000000077a21800 8 bytes JMP 000000016fff0458
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                       0000000077a219f0 8 bytes JMP 000000016fff05a8
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                               0000000077a21b00 8 bytes JMP 000000016fff01f0
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                           0000000077a21bd0 8 bytes JMP 000000016fff0340
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                              0000000077a21d20 8 bytes JMP 000000016fff0500
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                        0000000077a21d30 8 bytes JMP 000000016fff0570
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                            0000000077a220a0 8 bytes JMP 000000016fff0378
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                   0000000077a22130 8 bytes JMP 000000016fff0538
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                  0000000077a229a0 8 bytes JMP 000000016fff03b0
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                        0000000077a22a20 8 bytes JMP 000000016fff0298
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                    0000000077a22aa0 8 bytes JMP 000000016fff02d0
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                 00000000778ba420 12 bytes JMP 000000016fff01b8
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                       00000000778d1b50 12 bytes JMP 000000016fff0148
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                       0000000077948810 7 bytes JMP 000000016fff0180
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                       000007fefdb853c0 7 bytes JMP 000007fffd780148
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                000007fefe0d22cc 5 bytes JMP 000007fffd780260
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\system32\GDI32.dll!CreateDCW                                                                               000007fefe0d8398 9 bytes JMP 000007fffd7801f0
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\system32\GDI32.dll!CreateDCA                                                                               000007fefe0d89c8 9 bytes JMP 000007fffd7801b8
.text     C:\Windows\Explorer.EXE[3004] C:\Windows\system32\GDI32.dll!GetPixel                                                                                000007fefe0d9344 5 bytes JMP 000007fffd780228
         
__________________

Alt 27.09.2013, 14:20   #4
Ardion
 
ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D - Standard

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D



GMER Teil 2:
Code:
ATTFilter
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                       00000000779f3b10 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                         00000000779f7ac0 5 bytes JMP 000000016fff05e0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                            0000000077a213a0 8 bytes JMP 000000016fff00d8
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                 0000000077a21570 8 bytes JMP 000000016fff0308
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                         0000000077a215e0 8 bytes JMP 000000016fff0490
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                      0000000077a21620 8 bytes JMP 000000016fff0420
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                            0000000077a216c0 8 bytes JMP 000000016fff04c8
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                    0000000077a21750 8 bytes JMP 000000016fff03e8
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                     0000000077a21790 8 bytes JMP 000000016fff0228
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                  0000000077a217e0 8 bytes JMP 000000016fff0260
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                       0000000077a21800 8 bytes JMP 000000016fff0458
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                  0000000077a219f0 8 bytes JMP 000000016fff05a8
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                          0000000077a21b00 8 bytes JMP 000000016fff01f0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                      0000000077a21bd0 8 bytes JMP 000000016fff0340
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                         0000000077a21d20 8 bytes JMP 000000016fff0500
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                   0000000077a21d30 8 bytes JMP 000000016fff0570
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                       0000000077a220a0 8 bytes JMP 000000016fff0378
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                              0000000077a22130 8 bytes JMP 000000016fff0538
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                             0000000077a229a0 8 bytes JMP 000000016fff03b0
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                   0000000077a22a20 8 bytes JMP 000000016fff0298
.text     C:\Program Files\Windows Sidebar\sidebar.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                               0000000077a22aa0 8 bytes JMP 000000016fff02d0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtClose                           0000000077bcf9e0 5 bytes JMP 000000011001d120
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                0000000077bcfcb0 5 bytes JMP 000000011002fc20
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                        0000000077bcfd64 5 bytes JMP 000000011002e100
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                     0000000077bcfdc8 5 bytes JMP 000000011002ed90
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken           0000000077bcfec0 5 bytes JMP 000000011002c3c0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                   0000000077bcffa4 5 bytes JMP 000000011002e7a0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                    0000000077bd0004 2 bytes JMP 0000000110030080
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3                0000000077bd0007 2 bytes [46, 98]
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                 0000000077bd0084 5 bytes JMP 000000011002fe40
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                      0000000077bd00b4 5 bytes JMP 000000011002e400
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                 0000000077bd03b8 5 bytes JMP 000000011002cde0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort         0000000077bd0550 5 bytes JMP 000000011002b670
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                     0000000077bd0694 5 bytes JMP 000000011002f8b0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject        0000000077bd088c 5 bytes JMP 000000011002bfe0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                  0000000077bd08a4 5 bytes JMP 000000011002ca40
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                      0000000077bd0df4 5 bytes JMP 000000011002f6a0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject             0000000077bd0ed8 5 bytes JMP 000000011002f220
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation            0000000077bd1be4 5 bytes JMP 000000011002f460
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                  0000000077bd1cb4 5 bytes JMP 000000011002c670
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl              0000000077bd1d8c 5 bytes JMP 000000011002f020
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                        0000000077bec4dd 5 bytes JMP 0000000110027f40
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                      0000000077bf1287 7 bytes JMP 000000011001d240
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\syswow64\KERNEL32.dll!CreateProcessW                 00000000758e103d 5 bytes JMP 0000000110025070
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA                 00000000758e1072 5 bytes JMP 0000000110025c00
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4100] C:\Windows\syswow64\KERNEL32.dll!CreateProcessAsUserW           000000007590c965 5 bytes JMP 0000000110023ba0
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                 0000000077bcf9e0 5 bytes JMP 000000010029d120
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                      0000000077bcfcb0 5 bytes JMP 00000001002afc20
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                              0000000077bcfd64 5 bytes JMP 00000001002ae100
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                           0000000077bcfdc8 5 bytes JMP 00000001002aed90
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                 0000000077bcfec0 5 bytes JMP 00000001002ac3c0
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                         0000000077bcffa4 5 bytes JMP 00000001002ae7a0
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                          0000000077bd0004 2 bytes JMP 00000001002b0080
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3                                      0000000077bd0007 2 bytes [6E, 88]
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                       0000000077bd0084 5 bytes JMP 00000001002afe40
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                            0000000077bd00b4 5 bytes JMP 00000001002ae400
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                       0000000077bd03b8 5 bytes JMP 00000001002acde0
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                               0000000077bd0550 5 bytes JMP 00000001002ab670
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                           0000000077bd0694 5 bytes JMP 00000001002af8b0
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                              0000000077bd088c 5 bytes JMP 00000001002abfe0
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                        0000000077bd08a4 5 bytes JMP 00000001002aca40
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                            0000000077bd0df4 5 bytes JMP 00000001002af6a0
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                   0000000077bd0ed8 5 bytes JMP 00000001002af220
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                  0000000077bd1be4 5 bytes JMP 00000001002af460
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                        0000000077bd1cb4 5 bytes JMP 00000001002ac670
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                    0000000077bd1d8c 5 bytes JMP 00000001002af020
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                              0000000077bec4dd 5 bytes JMP 00000001002a7f40
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                            0000000077bf1287 7 bytes JMP 000000010029d240
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                       00000000758e103d 5 bytes JMP 00000001002a5070
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                       00000000758e1072 5 bytes JMP 00000001002a5c00
.text     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe[4148] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                 000000007590c965 5 bytes JMP 00000001002a3ba0
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                  0000000077bcf9e0 5 bytes JMP 000000011001d120
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                       0000000077bcfcb0 5 bytes JMP 000000011002fc20
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                               0000000077bcfd64 5 bytes JMP 000000011002e100
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                            0000000077bcfdc8 5 bytes JMP 000000011002ed90
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                  0000000077bcfec0 5 bytes JMP 000000011002c3c0
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                          0000000077bcffa4 5 bytes JMP 000000011002e7a0
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                           0000000077bd0004 2 bytes JMP 0000000110030080
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3                                       0000000077bd0007 2 bytes [46, 98]
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                        0000000077bd0084 5 bytes JMP 000000011002fe40
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                             0000000077bd00b4 5 bytes JMP 000000011002e400
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                        0000000077bd03b8 5 bytes JMP 000000011002cde0
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                0000000077bd0550 5 bytes JMP 000000011002b670
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                            0000000077bd0694 5 bytes JMP 000000011002f8b0
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                               0000000077bd088c 5 bytes JMP 000000011002bfe0
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                         0000000077bd08a4 5 bytes JMP 000000011002ca40
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                             0000000077bd0df4 5 bytes JMP 000000011002f6a0
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                    0000000077bd0ed8 5 bytes JMP 000000011002f220
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                   0000000077bd1be4 5 bytes JMP 000000011002f460
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                         0000000077bd1cb4 5 bytes JMP 000000011002c670
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                     0000000077bd1d8c 5 bytes JMP 000000011002f020
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                               0000000077bec4dd 5 bytes JMP 0000000110027f40
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                             0000000077bf1287 7 bytes JMP 000000011001d240
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                        00000000758e103d 5 bytes JMP 0000000110025070
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                        00000000758e1072 5 bytes JMP 0000000110025c00
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                  000000007590c965 5 bytes JMP 0000000110023ba0
.text     C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4300] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                        00000000759ef776 5 bytes JMP 000000011001d270
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtClose                     0000000077bcf9e0 5 bytes JMP 000000011001d120
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess          0000000077bcfcb0 5 bytes JMP 000000011002fc20
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                  0000000077bcfd64 5 bytes JMP 000000011002e100
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection               0000000077bcfdc8 5 bytes JMP 000000011002ed90
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken     0000000077bcfec0 5 bytes JMP 000000011002c3c0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection             0000000077bcffa4 5 bytes JMP 000000011002e7a0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread              0000000077bd0004 2 bytes JMP 0000000110030080
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3          0000000077bd0007 2 bytes [46, 98]
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread           0000000077bd0084 5 bytes JMP 000000011002fe40
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                0000000077bd00b4 5 bytes JMP 000000011002e400
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort           0000000077bd03b8 5 bytes JMP 000000011002cde0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort   0000000077bd0550 5 bytes JMP 000000011002b670
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort               0000000077bd0694 5 bytes JMP 000000011002f8b0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject  0000000077bd088c 5 bytes JMP 000000011002bfe0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx            0000000077bd08a4 5 bytes JMP 000000011002ca40
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                0000000077bd0df4 5 bytes JMP 000000011002f6a0
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject       0000000077bd0ed8 5 bytes JMP 000000011002f220
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation      0000000077bd1be4 5 bytes JMP 000000011002f460
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem            0000000077bd1cb4 5 bytes JMP 000000011002c670
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl        0000000077bd1d8c 5 bytes JMP 000000011002f020
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                  0000000077bec4dd 5 bytes JMP 0000000110027f40
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                0000000077bf1287 7 bytes JMP 000000011001d240
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\syswow64\KERNEL32.dll!CreateProcessW           00000000758e103d 5 bytes JMP 0000000110025070
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA           00000000758e1072 5 bytes JMP 0000000110025c00
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5736] C:\Windows\syswow64\KERNEL32.dll!CreateProcessAsUserW     000000007590c965 5 bytes JMP 0000000110023ba0
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                    00000000779f3b10 5 bytes JMP 000000016fff0110
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                      00000000779f7ac0 5 bytes JMP 000000016fff05e0
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                         0000000077a213a0 8 bytes JMP 000000016fff00d8
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000077a21570 8 bytes JMP 000000016fff0308
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                      0000000077a215e0 8 bytes JMP 000000016fff0490
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000077a21620 8 bytes JMP 000000016fff0420
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                         0000000077a216c0 8 bytes JMP 000000016fff04c8
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000077a21750 8 bytes JMP 000000016fff03e8
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000077a21790 8 bytes JMP 000000016fff0228
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000077a217e0 8 bytes JMP 000000016fff0260
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                    0000000077a21800 8 bytes JMP 000000016fff0458
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                               0000000077a219f0 8 bytes JMP 000000016fff05a8
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000077a21b00 8 bytes JMP 000000016fff01f0
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                   0000000077a21bd0 8 bytes JMP 000000016fff0340
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                      0000000077a21d20 8 bytes JMP 000000016fff0500
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000077a21d30 8 bytes JMP 000000016fff0570
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000077a220a0 8 bytes JMP 000000016fff0378
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                           0000000077a22130 8 bytes JMP 000000016fff0538
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000077a229a0 8 bytes JMP 000000016fff03b0
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000077a22a20 8 bytes JMP 000000016fff0298
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000077a22aa0 8 bytes JMP 000000016fff02d0
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\System32\kernel32.dll!CreateProcessAsUserW                                                         00000000778ba420 12 bytes JMP 000000016fff01b8
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\System32\kernel32.dll!CreateProcessW                                                               00000000778d1b50 12 bytes JMP 000000016fff0148
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\System32\kernel32.dll!CreateProcessA                                                               0000000077948810 7 bytes JMP 000000016fff0180
.text     C:\Windows\system32\AUDIODG.EXE[2928] C:\Windows\System32\KERNELBASE.dll!SetProcessShutdownParameters                                               000007fefdb853c0 7 bytes JMP 000007fffd780148
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtClose                                              0000000077bcf9e0 5 bytes JMP 000000011001d120
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                   0000000077bcfcb0 5 bytes JMP 000000011002fc20
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                           0000000077bcfd64 5 bytes JMP 000000011002e100
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                        0000000077bcfdc8 5 bytes JMP 000000011002ed90
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                              0000000077bcfec0 5 bytes JMP 000000011002c3c0
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                      0000000077bcffa4 5 bytes JMP 000000011002e7a0
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                       0000000077bd0004 2 bytes JMP 0000000110030080
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3                                   0000000077bd0007 2 bytes [46, 98]
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                    0000000077bd0084 5 bytes JMP 000000011002fe40
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                         0000000077bd00b4 5 bytes JMP 000000011002e400
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                    0000000077bd03b8 5 bytes JMP 000000011002cde0
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                            0000000077bd0550 5 bytes JMP 000000011002b670
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                        0000000077bd0694 5 bytes JMP 000000011002f8b0
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                           0000000077bd088c 5 bytes JMP 000000011002bfe0
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                     0000000077bd08a4 5 bytes JMP 000000011002ca40
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                         0000000077bd0df4 5 bytes JMP 000000011002f6a0
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                0000000077bd0ed8 5 bytes JMP 000000011002f220
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                               0000000077bd1be4 5 bytes JMP 000000011002f460
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                     0000000077bd1cb4 5 bytes JMP 000000011002c670
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                 0000000077bd1d8c 5 bytes JMP 000000011002f020
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                           0000000077bec4dd 5 bytes JMP 0000000110027f40
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                         0000000077bf1287 7 bytes JMP 000000011001d240
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                    00000000758e103d 5 bytes JMP 0000000110025070
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                    00000000758e1072 5 bytes JMP 0000000110025c00
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                              000000007590c965 5 bytes JMP 0000000110023ba0
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[4040] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                    00000000759ef776 5 bytes JMP 000000011001d270
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                             00000000779f3b10 5 bytes JMP 000000016fff0110
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                               00000000779f7ac0 5 bytes JMP 000000016fff05e0
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                  0000000077a213a0 8 bytes JMP 000000016fff00d8
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                       0000000077a21570 8 bytes JMP 000000016fff0308
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                               0000000077a215e0 8 bytes JMP 000000016fff0490
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                            0000000077a21620 8 bytes JMP 000000016fff0420
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                  0000000077a216c0 8 bytes JMP 000000016fff04c8
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                          0000000077a21750 8 bytes JMP 000000016fff03e8
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                           0000000077a21790 8 bytes JMP 000000016fff0228
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                        0000000077a217e0 8 bytes JMP 000000016fff0260
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                             0000000077a21800 8 bytes JMP 000000016fff0458
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                        0000000077a219f0 8 bytes JMP 000000016fff05a8
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                0000000077a21b00 8 bytes JMP 000000016fff01f0
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                            0000000077a21bd0 8 bytes JMP 000000016fff0340
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                               0000000077a21d20 8 bytes JMP 000000016fff0500
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                         0000000077a21d30 8 bytes JMP 000000016fff0570
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                             0000000077a220a0 8 bytes JMP 000000016fff0378
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                    0000000077a22130 8 bytes JMP 000000016fff0538
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                   0000000077a229a0 8 bytes JMP 000000016fff03b0
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                         0000000077a22a20 8 bytes JMP 000000016fff0298
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                     0000000077a22aa0 8 bytes JMP 000000016fff02d0
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                  00000000778ba420 12 bytes JMP 000000016fff01b8
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\system32\kernel32.dll!CreateProcessW                                        00000000778d1b50 12 bytes JMP 000000016fff0148
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\system32\kernel32.dll!CreateProcessA                                        0000000077948810 7 bytes JMP 000000016fff0180
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                        000007fefdb853c0 7 bytes JMP 000007fffd780148
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\system32\GDI32.dll!DeleteDC                                                 000007fefe0d22cc 5 bytes JMP 000007fffd7802d0
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\system32\GDI32.dll!CreateDCW                                                000007fefe0d8398 9 bytes JMP 000007fffd7801f0
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\system32\GDI32.dll!CreateDCA                                                000007fefe0d89c8 9 bytes JMP 000007fffd7801b8
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6576] C:\Windows\system32\GDI32.dll!GetPixel                                                 000007fefe0d9344 5 bytes JMP 000007fffd780228
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                    0000000077bcf9e0 5 bytes JMP 000000011001d120
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                         0000000077bcfcb0 5 bytes JMP 000000011002fc20
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                 0000000077bcfd64 5 bytes JMP 000000011002e100
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                              0000000077bcfdc8 5 bytes JMP 000000011002ed90
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                    0000000077bcfec0 5 bytes JMP 000000011002c3c0
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                            0000000077bcffa4 5 bytes JMP 000000011002e7a0
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                             0000000077bd0004 2 bytes JMP 0000000110030080
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 3                                                         0000000077bd0007 2 bytes [46, 98]
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                          0000000077bd0084 5 bytes JMP 000000011002fe40
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                               0000000077bd00b4 5 bytes JMP 000000011002e400
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                          0000000077bd03b8 5 bytes JMP 000000011002cde0
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                  0000000077bd0550 5 bytes JMP 000000011002b670
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                              0000000077bd0694 5 bytes JMP 000000011002f8b0
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                 0000000077bd088c 5 bytes JMP 000000011002bfe0
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                           0000000077bd08a4 5 bytes JMP 000000011002ca40
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                               0000000077bd0df4 5 bytes JMP 000000011002f6a0
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                      0000000077bd0ed8 5 bytes JMP 000000011002f220
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                     0000000077bd1be4 5 bytes JMP 000000011002f460
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                           0000000077bd1cb4 5 bytes JMP 000000011002c670
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                       0000000077bd1d8c 5 bytes JMP 000000011002f020
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                 0000000077bec4dd 5 bytes JMP 0000000110027f40
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                               0000000077bf1287 7 bytes JMP 000000011001d240
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                          00000000758e103d 5 bytes JMP 0000000110025070
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                          00000000758e1072 5 bytes JMP 0000000110025c00
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                    000000007590c965 5 bytes JMP 0000000110023ba0
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                          00000000759ef776 5 bytes JMP 000000011001d270
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                   0000000076d258b3 5 bytes JMP 0000000110028d10
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                  0000000076d27bcc 5 bytes JMP 0000000110029e10
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                   0000000076d2cbfb 5 bytes JMP 0000000110028ae0
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                  0000000076d2e743 5 bytes JMP 0000000110029d10
.text     C:\Users\Dennis\Desktop\r0y4vjh8.exe[3032] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                    0000000076952538 5 bytes JMP 00000001100244d0

---- Threads - GMER 2.1 ----

Thread    C:\Windows\system32\svchost.exe [1092:2144]                                                                                                         000007fef8edbd88
Thread    C:\Windows\system32\svchost.exe [1092:3704]                                                                                                         000007fef89c5124
Thread    C:\Windows\system32\svchost.exe [1092:5636]                                                                                                         000007fef6205170
Thread    C:\Windows\System32\spoolsv.exe [1864:3196]                                                                                                         000007fef5e510c8
Thread    C:\Windows\System32\spoolsv.exe [1864:3260]                                                                                                         000007fef5cd6144
Thread    C:\Windows\System32\spoolsv.exe [1864:3268]                                                                                                         000007fef5b65fd0
Thread    C:\Windows\System32\spoolsv.exe [1864:3284]                                                                                                         000007fef5ac3438
Thread    C:\Windows\System32\spoolsv.exe [1864:3288]                                                                                                         000007fef5b663ec
Thread    C:\Windows\System32\spoolsv.exe [1864:3304]                                                                                                         000007fef5fc5e5c
Thread    C:\Windows\System32\spoolsv.exe [1864:3308]                                                                                                         000007fef5015074
Thread    C:\Windows\system32\svchost.exe [1912:2124]                                                                                                         000007fef8f235c0
Thread    C:\Windows\system32\svchost.exe [1912:2128]                                                                                                         000007fef8f25600
Thread    C:\Windows\system32\svchost.exe [1912:3500]                                                                                                         000007fef5472940
Thread    C:\Windows\system32\svchost.exe [1912:3512]                                                                                                         000007fef5452888
Thread    C:\Windows\Explorer.EXE [3004:3720]                                                                                                                 000007fef52d2154
Thread    C:\Windows\Explorer.EXE [3004:4492]                                                                                                                 000007fefb196204
Thread    C:\Windows\Explorer.EXE [3004:4616]                                                                                                                 000007feee162f9c
Thread    C:\Windows\Explorer.EXE [3004:5020]                                                                                                                 000007feedb22118
Thread    C:\Windows\Explorer.EXE [3004:844]                                                                                                                  000007fefc1c1010
Thread    C:\Windows\Explorer.EXE [3004:5852]                                                                                                                 000007feec390b38
Thread    C:\Windows\Explorer.EXE [3004:6140]                                                                                                                 000007feee47a3f8
Thread    C:\Windows\Explorer.EXE [3004:3924]                                                                                                                 000007feee162f9c
Thread    C:\Windows\Explorer.EXE [3004:4396]                                                                                                                 000007feee162f9c
Thread    C:\Program Files\Windows Sidebar\sidebar.exe [3428:3296]                                                                                            000007fefb196204
Thread    C:\Program Files\Windows Sidebar\sidebar.exe [3428:4112]                                                                                            000007fefa66f5a0
Thread    C:\Program Files\Windows Sidebar\sidebar.exe [3428:4128]                                                                                            000007fef7d99fe4
Thread    C:\Program Files\Windows Sidebar\sidebar.exe [3428:4132]                                                                                            000007fef7d998ac
Thread    C:\Program Files\Windows Sidebar\sidebar.exe [3428:2860]                                                                                            000007fefce9ea40
Thread    C:\Windows\system32\DllHost.exe [5556:5608]                                                                                                         000007feed4eae60

---- EOF - GMER 2.1 ----
         
FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013
Ran by Dennis (administrator) on DENNIS-PC on 27-09-2013 01:36:29
Running from C:\Users\Dennis\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
() C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAX] - C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Remote Control Editor] - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1844296 2011-11-09] (Elgato Systems)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875944 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {39394298-ff4b-11e2-a3a8-00040eca0934} - F:\pushinst.exe
MountPoints2: {a16c2d73-2e9a-11e1-b7b6-85ee572cd654} - E:\pushinst.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [QFan Help] - C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [601088 2009-07-01] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x94F89B5CD223CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll No File
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKCU -  No Name - {AD6E6555-FB2C-47D4-8339-3E2965509877} -  No File
Toolbar: HKCU -  No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: GFACE Experience Plugin - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\cryenginebrowserplugin@crytek.com
FF Extension: longurlplease - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\longurlplease@darragh.curran.xpi
FF Extension: No Name - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-04] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] ()
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-08] (COMODO)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-18] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-25] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-08] (COMODO)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-08] (COMODO)
S3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [15488 2008-12-11] (ROCCAT Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [181040 2011-02-09] (Marvell Semiconductor, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-07-04] (Oracle Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-27 01:36 - 2013-09-27 01:36 - 00000000 ____D C:\FRST
2013-09-27 01:34 - 2013-09-27 01:35 - 01953854 _____ (Farbar) C:\Users\Dennis\Desktop\FRST64.exe
2013-09-27 01:27 - 2013-09-27 01:27 - 00145207 _____ C:\Users\Dennis\Desktop\GMER.log
2013-09-26 23:53 - 2013-09-26 23:53 - 00377856 _____ C:\Users\Dennis\Desktop\r0y4vjh8.exe
2013-09-26 21:00 - 2013-09-26 21:00 - 02347384 _____ (ESET) C:\Users\Dennis\Downloads\esetsmartinstaller_enu.exe
2013-09-26 21:00 - 2013-09-26 21:00 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-17 20:15 - 2013-09-17 20:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-17 20:14 - 2013-09-17 20:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-13 17:06 - 2013-09-14 00:40 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\FreeFileSync
2013-09-13 17:06 - 2013-09-13 17:06 - 00000863 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2013-09-13 17:06 - 2013-09-13 17:06 - 00000000 ____D C:\Program Files\FreeFileSync
2013-09-13 13:51 - 2013-09-13 13:51 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-09-13 12:29 - 2013-09-13 12:29 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-09-12 13:11 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 13:11 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 13:11 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 13:11 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 13:11 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 13:11 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 13:11 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 13:11 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 13:11 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 13:11 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 13:11 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 13:11 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 12:16 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 12:16 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 12:16 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 12:16 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 12:16 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 12:16 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 12:16 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 12:16 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 12:16 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 12:16 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 12:16 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 12:16 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 12:16 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 12:16 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 12:16 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 12:16 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 12:16 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 12:16 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 12:16 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 12:16 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 12:16 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 12:16 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 12:16 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 12:16 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 12:16 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 12:16 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-06 02:39 - 2013-09-07 12:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-06 02:39 - 2013-09-07 12:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-04 13:38 - 2013-09-04 13:38 - 00000000 ____D C:\ProgramData\VS
2013-08-30 20:35 - 2013-08-31 12:48 - 00000000 ____D C:\ProgramData\GFACE
2013-08-29 00:41 - 2013-09-25 18:23 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\vlc

==================== One Month Modified Files and Folders =======

2013-09-27 01:36 - 2013-09-27 01:36 - 00000000 ____D C:\FRST
2013-09-27 01:36 - 2012-01-03 12:43 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-27 01:35 - 2013-09-27 01:34 - 01953854 _____ (Farbar) C:\Users\Dennis\Desktop\FRST64.exe
2013-09-27 01:35 - 2011-12-25 13:46 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Skype
2013-09-27 01:35 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-27 01:35 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-27 01:31 - 2011-12-25 03:38 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Dropbox
2013-09-27 01:30 - 2012-04-04 21:25 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-27 01:30 - 2012-01-03 12:43 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-27 01:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-27 01:30 - 2009-07-14 06:51 - 00104544 _____ C:\Windows\setupact.log
2013-09-27 01:29 - 2011-12-25 02:01 - 01071937 _____ C:\Windows\WindowsUpdate.log
2013-09-27 01:27 - 2013-09-27 01:27 - 00145207 _____ C:\Users\Dennis\Desktop\GMER.log
2013-09-26 23:53 - 2013-09-26 23:53 - 00377856 _____ C:\Users\Dennis\Desktop\r0y4vjh8.exe
2013-09-26 21:00 - 2013-09-26 21:00 - 02347384 _____ (ESET) C:\Users\Dennis\Downloads\esetsmartinstaller_enu.exe
2013-09-26 21:00 - 2013-09-26 21:00 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-26 20:50 - 2009-07-14 19:58 - 00696848 _____ C:\Windows\system32\perfh007.dat
2013-09-26 20:50 - 2009-07-14 19:58 - 00148144 _____ C:\Windows\system32\perfc007.dat
2013-09-26 20:50 - 2009-07-14 07:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-26 12:07 - 2012-02-12 14:51 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-09-26 12:07 - 2011-12-25 02:02 - 00000000 ___RD C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-26 00:13 - 2011-12-25 13:12 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-25 19:52 - 2011-12-25 03:55 - 00000000 ____D C:\Windows\System32\Tasks\TerraTec
2013-09-25 18:23 - 2013-08-29 00:41 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\vlc
2013-09-23 22:08 - 2012-06-23 23:36 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\TS3Client
2013-09-23 20:18 - 2013-01-14 15:42 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\.mclauncher
2013-09-23 11:39 - 2012-04-03 12:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-23 11:39 - 2011-12-25 14:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-22 19:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-20 17:07 - 2013-08-16 16:18 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-20 17:07 - 2013-08-16 16:13 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-20 17:06 - 2013-08-16 16:13 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-18 12:37 - 2012-04-27 19:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-18 12:37 - 2011-12-25 02:23 - 00303998 _____ C:\Windows\PFRO.log
2013-09-17 20:15 - 2013-09-17 20:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-17 20:14 - 2013-09-17 20:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-14 00:40 - 2013-09-13 17:06 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\FreeFileSync
2013-09-13 17:06 - 2013-09-13 17:06 - 00000863 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2013-09-13 17:06 - 2013-09-13 17:06 - 00000000 ____D C:\Program Files\FreeFileSync
2013-09-13 13:51 - 2013-09-13 13:51 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-09-13 12:29 - 2013-09-13 12:29 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-09-12 14:51 - 2011-12-25 02:02 - 00000000 ___RD C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 14:50 - 2009-07-14 06:45 - 04855984 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 13:23 - 2012-03-22 20:36 - 00000000 ____D C:\Windows\Minidump
2013-09-12 13:11 - 2013-07-19 16:48 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 13:09 - 2011-12-25 13:20 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 16:17 - 2013-05-15 20:49 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-09-10 16:16 - 2011-12-31 14:49 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\DVDVideoSoft
2013-09-10 12:27 - 2011-12-25 02:01 - 00000000 ____D C:\Users\Dennis
2013-09-09 16:28 - 2012-06-23 23:36 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-09-07 13:11 - 2012-03-30 20:37 - 00000000 ___RD C:\Users\Dennis\Desktop\Spiele
2013-09-07 12:02 - 2013-09-06 02:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-07 12:02 - 2013-09-06 02:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-06 17:40 - 2011-12-31 14:49 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers
2013-09-05 22:44 - 2013-05-07 21:43 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-05 22:44 - 2013-03-30 21:17 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-05 22:44 - 2013-03-30 21:17 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 13:39 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-04 13:38 - 2013-09-04 13:38 - 00000000 ____D C:\ProgramData\VS
2013-09-04 13:30 - 2012-10-23 20:36 - 00000000 ____D C:\Users\Dennis\Documents\Visual Studio 2010
2013-08-31 12:48 - 2013-08-30 20:35 - 00000000 ____D C:\ProgramData\GFACE
2013-08-30 20:29 - 2012-01-04 17:45 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-30 00:33 - 2011-12-25 03:41 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\ICQ
2013-08-30 00:26 - 2011-12-25 02:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-30 00:21 - 2011-12-25 03:45 - 00001267 _____ C:\Users\Dennis\Desktop\Revo Uninstaller.lnk
2013-08-30 00:04 - 2011-12-27 15:15 - 00392475 _____ C:\Windows\DirectX.log
2013-08-28 21:45 - 2013-04-08 14:26 - 00000132 _____ C:\Users\Dennis\AppData\Roaming\Adobe GIF Format CS5 Prefs

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 15:22

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 27.09.2013, 14:22   #5
Ardion
 
ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D - Standard

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D



Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013
Ran by Dennis at 2013-09-27 01:36:53
Running from C:\Users\Dennis\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Defense+ (Enabled - Up to date) {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall (Enabled) {7DB03214-694B-060B-1600-BD4715C36DBB}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212)
Adobe AIR (x32 Version: 1.5.3.9120)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Creative Suite 5 Master Collection (x32 Version: 5.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Media Player (x32 Version: 1.8)
Adobe Reader X (10.1.4) - Deutsch (x32 Version: 10.1.4)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
AI Suite (x32 Version: 1.05.33)
AIDA64 Extreme Edition v2.00 (x32 Version: 2.00)
AION Free-to-Play (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
AVM FRITZ!WLAN (x32)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
Bonjour (Version: 3.0.0.10)
Cinergy T-Stick Dual V9.06.3.01 (x32 Version: 9.06.3.01)
COMODO Internet Security (Version: 5.8.16726.2131)
Counter-Strike (x32)
Counter-Strike: Condition Zero (x32)
Counter-Strike: Global Offensive (x32)
CrystalDiskInfo 4.1.4 (x32 Version: 4.1.4)
D3DX10 (x32 Version: 15.4.2368.0902)
Desktop Icon für Amazon (Version: 1.0.1 (de))
DivX-Setup (x32 Version: 2.6.1.3)
Dropbox (HKCU Version: 2.3.31)
Epson Copy Utility 3.5 (x32 Version: 3.5.0.0)
Epson Event Manager (x32 Version: 2.40.0002)
EPSON Scan (x32)
EPU-6 Engine (x32 Version: 1.01.17)
eReg (x32 Version: 1.20.138.34)
ESET Online Scanner v3 (x32)
ESN Sonar (x32 Version: 0.70.4)
EVGA Precision X 3.0.2 (x32 Version: 3.0.2)
FileZilla Client 3.7.1.1 (x32 Version: 3.7.1.1)
Fotogalerie (x32 Version: 16.4.3508.0205)
Free Audio Dub version 1.7.9.908 (x32 Version: 1.7.9.908)
Free AVI Video Converter version 5.0.28.827 (x32 Version: 5.0.28.827)
Free YouTube Download version 3.2.12.827 (x32 Version: 3.2.12.827)
Free YouTube to MP3 Converter version 3.12.12.827 (x32 Version: 3.12.12.827)
FreeFileSync 5.21 (x32 Version: 5.21)
Gameforge Live 1.8.1 "Legend" (x32 Version: 1.8.1)
Geeks3D.com FurMark 1.10.0 (x32)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
HiJackThis (x32 Version: 1.0.0)
Host OpenAL (ADI) (x32)
Hotfix für Microsoft Visual C++ 2010 Express - DEU (KB2635973) (x32 Version: 1)
ICQ7.7 (x32 Version: 7.7)
ImgBurn (x32 Version: 2.5.6.0)
Intel(R) Rapid Storage Technology (x32 Version: 10.8.0.1003)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java SE Development Kit 7 Update 6 (64-bit) (Version: 1.7.0.60)
LinuxLive USB Creator (x32 Version: 2.8)
Logitech SetPoint 6.32 (Version: 6.32.20)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
marvell 61xx (x32 Version: 1.2.0.69)
Marvell Miniport Driver (x32 Version: 11.45.1.3)
MechWarrior Online (HKCU Version: 1.2.0.0)
MechWarrior Online (x32 Version: 1.2.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0)
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010 Express - DEU (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
Mozilla Thunderbird 24.0 (x86 de) (x32 Version: 24.0)
Mp3tag v2.53 (x32 Version: v2.53)
MPC-HC 1.6.8 (64-bit) (Version: 1.6.8.7417)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyFreeCodec (HKCU)
NC Launcher (GameForge) (x32)
No23 Recorder (x32 Version: 2.1.0.3)
NVIDIA 3D Vision Controller-Treiber 314.22 (Version: 314.22)
NVIDIA 3D Vision Treiber 314.22 (Version: 314.22)
NVIDIA GeForce Experience 1.6 (Version: 1.6)
NVIDIA Grafiktreiber 314.22 (Version: 314.22)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.131.854)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422)
NVIDIA Systemsteuerung 314.22 (Version: 314.22)
NVIDIA Update 7.2.17 (Version: 7.2.17)
NVIDIA Update Components (Version: 7.2.17)
NVIDIA Virtual Audio 1.2.1 (Version: 1.2.1)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Origin (x32 Version: 9.3.1.4482)
PDF Settings CS5 (x32 Version: 10.0)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
PlanetSide 2 (x32)
Project 64 version 2.1.0.1 (x32 Version: 2.1.0.1)
PunkBuster Services (x32 Version: 0.991)
QuickTime (x32 Version: 7.74.80.86)
Revo Uninstaller 1.95 (x32 Version: 1.95)
Samsung Kies (x32 Version: 2.5.0.12104_15)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0)
Screen Recording Suite V2.5.0 (x32 Version: 2.5.0)
SeaTools for Windows (x32 Version: 1.2.0.7)
SHIELD Streaming (Version: 1.05.19)
Skype Click to Call (x32 Version: 6.4.11328)
Skype™ 6.6 (x32 Version: 6.6.106)
SockshareDownloader (x32 Version: 2.1 Build 26473)
SoundMAX (x32 Version: 6.10.2.6585)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Steam (x32 Version: 1.0.0.0)
Steam Trading Card Beta Access (x32)
swMSM (x32 Version: 12.0.0.1)
TeamSpeak 3 Client (Version: 3.0.12)
TerraTec Home Cinema (x32 Version: 6.25.6)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.0.8 (Version: 2.0.8)
VoiceOver Kit (x32 Version: 1.42.128.0)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
World of Tanks (x32)
XBMC (HKCU)
Zattoo4 4.0.5 (x32 Version: 4.0.5)

==================== Restore Points  =========================

22-09-2013 17:06:35 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-09-10 15:11 - 00450636 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	www.123fporn.info
127.0.0.1	123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0E753848-F932-4AC4-B9BE-4282D84650D3} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.91\AsLoader.exe [2008-07-02] ()
Task: {4A05F204-8056-4C07-9775-20E9C39E925B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-03] (Google Inc.)
Task: {4EB9940A-7301-4C86-9224-CA6DB06F6AAB} - System32\Tasks\ASUS\Cpu Level Up Hook Lanunch => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe [2007-10-11] ()
Task: {5400614C-8932-4F65-B601-EB0DC9683122} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {88B720E2-C3AE-43B0-B555-11116C4FFDD6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-03] (Google Inc.)
Task: {8920E8AA-3C5B-48BD-9CE5-90B99EA24EAE} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe [2009-06-26] ()
Task: {A963C81C-AFB0-423D-A686-15C8A1AF8F13} - System32\Tasks\{80FACCFC-F4D3-42E8-B0DF-017B3952D3C8} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.6.59.110/de/abandoninstall?source=lightinstaller&amp;page=tsProblems&amp;LastError=12007&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {D6B9461E-6F37-43AB-898A-AE40722FBAB9} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () D:\Programme\FileZilla FTP Client\fzshellext_64.dll
2012-10-22 17:44 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-25 18:52 - 2010-06-30 03:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Dennis\AppData\Roaming\Dropbox\bin\libcef.dll
2013-08-15 13:54 - 2013-08-15 13:54 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\35e0ed91cf25ee1aa403a25cd3b53fa2\IsdiInterop.ni.dll
2011-12-25 02:24 - 2011-10-17 16:08 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Dennis\Lokale Einstellungen:H0xUoJOs4w9w18mZYGJMb9o4
AlternateDataStreams: C:\Users\Dennis\AppData\Local:H0xUoJOs4w9w18mZYGJMb9o4

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2013 01:30:58 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (09/27/2013 01:30:47 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (09/26/2013 09:00:48 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/26/2013 09:00:12 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/26/2013 08:43:32 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (09/26/2013 08:43:26 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (09/26/2013 08:38:36 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (09/26/2013 08:38:27 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (09/26/2013 01:43:02 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/26/2013 00:04:55 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]


System errors:
=============
Error: (09/27/2013 01:29:10 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/22/2013 01:50:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/22/2013 01:50:58 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (09/22/2013 02:05:52 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/19/2013 02:01:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/19/2013 02:01:32 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (09/15/2013 01:54:25 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/14/2013 03:43:30 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LEPPI",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{5A148A5B-5829-454E-89E5-F7B78DD92F2C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/14/2013 01:01:52 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/13/2013 01:09:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (09/27/2013 01:30:58 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (09/27/2013 01:30:47 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (09/26/2013 09:00:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dennis\Downloads\esetsmartinstaller_enu.exe

Error: (09/26/2013 09:00:12 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dennis\Downloads\esetsmartinstaller_enu.exe

Error: (09/26/2013 08:43:32 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (09/26/2013 08:43:26 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (09/26/2013 08:38:36 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (09/26/2013 08:38:27 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (09/26/2013 01:43:02 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (09/26/2013 00:04:55 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]


CodeIntegrity Errors:
===================================
  Date: 2013-02-19 13:40:32.329
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-19 13:40:32.261
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-19 13:40:30.185
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-19 13:40:30.113
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-19 13:40:28.035
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-19 13:40:27.966
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-19 13:40:25.887
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-19 13:40:25.820
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-19 13:40:23.743
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-19 13:40:23.677
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 50%
Total physical RAM: 4095.05 MB
Available physical RAM: 2035.52 MB
Total Pagefile: 8188.29 MB
Available Pagefile: 5868.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:119.14 GB) (Free:43 GB) NTFS
Drive d: () (Fixed) (Total:232.88 GB) (Free:112.73 GB) NTFS
Drive f: (Lokaler Datenträger) (Fixed) (Total:1863.01 GB) (Free:984.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: AAA3CE44)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: FCEEE0A9)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: D793D793)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         


Alt 28.09.2013, 08:50   #6
schrauber
/// the machine
/// TB-Ausbilder
 

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D - Standard

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D

Alt 28.09.2013, 12:50   #7
Ardion
 
ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D - Standard

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D



AdwCleaner:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.005 - Bericht erstellt am 28/09/2013 um 13:24:25
# Updated 22/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Dennis - DENNIS-PC
# Gestartet von : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\dvdvideosoftiehelpers

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_minecraft-skinedit_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_minecraft-skinedit_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\prefs.js ]


[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\e1ccx8lb.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4916 octets] - [28/09/2013 13:23:11]
AdwCleaner[S0].txt - [4720 octets] - [28/09/2013 13:24:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4780 octets] ##########
         
--- --- ---

[/CODE]

JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Professional x64
Ran by Dennis on 28.09.2013 at 13:29:16,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Emptied folder: C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\a13e088j.default\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.09.2013 at 13:35:08,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Dennis (administrator) on DENNIS-PC on 28-09-2013 13:47:34
Running from C:\Users\Dennis\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
() C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAX] - C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Remote Control Editor] - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1844296 2011-11-09] (Elgato Systems)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875944 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {39394298-ff4b-11e2-a3a8-00040eca0934} - F:\pushinst.exe
MountPoints2: {a16c2d73-2e9a-11e1-b7b6-85ee572cd654} - E:\pushinst.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [QFan Help] - C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [601088 2009-07-01] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x94F89B5CD223CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKCU -  No Name - {AD6E6555-FB2C-47D4-8339-3E2965509877} -  No File
Toolbar: HKCU -  No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: GFACE Experience Plugin - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\cryenginebrowserplugin@crytek.com
FF Extension: longurlplease - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\longurlplease@darragh.curran.xpi
FF Extension: No Name - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

==================== Services (Whitelisted) =================

S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-04] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] ()
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-08] (COMODO)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-18] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-25] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-08] (COMODO)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-08] (COMODO)
S3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [15488 2008-12-11] (ROCCAT Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [181040 2011-02-09] (Marvell Semiconductor, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-07-04] (Oracle Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-28 13:46 - 2013-09-28 13:47 - 01953880 _____ (Farbar) C:\Users\Dennis\Desktop\FRST64.exe
2013-09-28 13:35 - 2013-09-28 13:35 - 00000830 _____ C:\Users\Dennis\Desktop\JRT.txt
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Windows\ERUNT
2013-09-28 13:26 - 2013-09-28 13:26 - 00004884 _____ C:\Users\Dennis\Desktop\AdwCleaner[S0].txt
2013-09-28 13:23 - 2013-09-28 13:24 - 00000000 ____D C:\AdwCleaner
2013-09-28 13:08 - 2013-09-28 13:08 - 01042066 _____ C:\Users\Dennis\Desktop\adwcleaner.exe
2013-09-28 13:08 - 2013-09-28 13:08 - 01030305 _____ (Thisisu) C:\Users\Dennis\Desktop\JRT.exe
2013-09-27 13:14 - 2013-09-27 13:14 - 00000000 ____D C:\Users\Dennis\Desktop\arduino-1.0.5-windows
2013-09-27 01:38 - 2013-09-27 01:38 - 00023189 _____ C:\Users\Dennis\Desktop\Logfiles.zip
2013-09-27 01:36 - 2013-09-27 01:36 - 00000000 ____D C:\FRST
2013-09-26 23:53 - 2013-09-26 23:53 - 00377856 _____ C:\Users\Dennis\Desktop\r0y4vjh8.exe
2013-09-26 21:00 - 2013-09-26 21:00 - 02347384 _____ (ESET) C:\Users\Dennis\Downloads\esetsmartinstaller_enu.exe
2013-09-26 21:00 - 2013-09-26 21:00 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-17 20:15 - 2013-09-17 20:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-17 20:14 - 2013-09-17 20:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-13 17:06 - 2013-09-28 13:37 - 00001028 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2013-09-13 17:06 - 2013-09-14 00:40 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\FreeFileSync
2013-09-13 17:06 - 2013-09-13 17:06 - 00000000 ____D C:\Program Files\FreeFileSync
2013-09-13 13:51 - 2013-09-13 13:51 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-09-13 12:29 - 2013-09-13 12:29 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-09-12 13:11 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 13:11 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 13:11 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 13:11 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 13:11 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 13:11 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 13:11 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 13:11 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 13:11 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 13:11 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 13:11 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 13:11 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 12:16 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 12:16 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 12:16 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 12:16 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 12:16 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 12:16 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 12:16 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 12:16 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 12:16 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 12:16 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 12:16 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 12:16 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 12:16 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 12:16 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 12:16 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 12:16 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 12:16 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 12:16 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 12:16 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 12:16 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 12:16 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 12:16 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 12:16 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 12:16 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 12:16 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 12:16 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-06 02:39 - 2013-09-07 12:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-06 02:39 - 2013-09-07 12:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-04 13:38 - 2013-09-04 13:38 - 00000000 ____D C:\ProgramData\VS
2013-08-30 20:35 - 2013-08-31 12:48 - 00000000 ____D C:\ProgramData\GFACE
2013-08-29 00:41 - 2013-09-27 23:43 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\vlc

==================== One Month Modified Files and Folders =======

2013-09-28 13:47 - 2013-09-28 13:46 - 01953880 _____ (Farbar) C:\Users\Dennis\Desktop\FRST64.exe
2013-09-28 13:46 - 2011-12-25 13:46 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Skype
2013-09-28 13:46 - 2011-12-25 03:38 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Dropbox
2013-09-28 13:45 - 2012-04-04 21:25 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-28 13:45 - 2012-01-03 12:43 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-28 13:45 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-28 13:45 - 2009-07-14 06:51 - 00105216 _____ C:\Windows\setupact.log
2013-09-28 13:44 - 2011-12-25 02:01 - 01121439 _____ C:\Windows\WindowsUpdate.log
2013-09-28 13:37 - 2013-09-13 17:06 - 00001028 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2013-09-28 13:36 - 2012-01-03 12:43 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-28 13:35 - 2013-09-28 13:35 - 00000830 _____ C:\Users\Dennis\Desktop\JRT.txt
2013-09-28 13:33 - 2009-07-14 19:58 - 00696848 _____ C:\Windows\system32\perfh007.dat
2013-09-28 13:33 - 2009-07-14 19:58 - 00148144 _____ C:\Windows\system32\perfc007.dat
2013-09-28 13:33 - 2009-07-14 07:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-28 13:31 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-28 13:31 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Windows\ERUNT
2013-09-28 13:26 - 2013-09-28 13:26 - 00004884 _____ C:\Users\Dennis\Desktop\AdwCleaner[S0].txt
2013-09-28 13:24 - 2013-09-28 13:23 - 00000000 ____D C:\AdwCleaner
2013-09-28 13:08 - 2013-09-28 13:08 - 01042066 _____ C:\Users\Dennis\Desktop\adwcleaner.exe
2013-09-28 13:08 - 2013-09-28 13:08 - 01030305 _____ (Thisisu) C:\Users\Dennis\Desktop\JRT.exe
2013-09-27 23:43 - 2013-08-29 00:41 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\vlc
2013-09-27 13:14 - 2013-09-27 13:14 - 00000000 ____D C:\Users\Dennis\Desktop\arduino-1.0.5-windows
2013-09-27 01:38 - 2013-09-27 01:38 - 00023189 _____ C:\Users\Dennis\Desktop\Logfiles.zip
2013-09-27 01:36 - 2013-09-27 01:36 - 00000000 ____D C:\FRST
2013-09-26 23:53 - 2013-09-26 23:53 - 00377856 _____ C:\Users\Dennis\Desktop\r0y4vjh8.exe
2013-09-26 21:00 - 2013-09-26 21:00 - 02347384 _____ (ESET) C:\Users\Dennis\Downloads\esetsmartinstaller_enu.exe
2013-09-26 21:00 - 2013-09-26 21:00 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-26 12:07 - 2012-02-12 14:51 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-09-26 12:07 - 2011-12-25 02:02 - 00000000 ___RD C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-26 00:13 - 2011-12-25 13:12 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-25 19:52 - 2011-12-25 03:55 - 00000000 ____D C:\Windows\System32\Tasks\TerraTec
2013-09-23 22:08 - 2012-06-23 23:36 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\TS3Client
2013-09-23 20:18 - 2013-01-14 15:42 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\.mclauncher
2013-09-23 11:39 - 2012-04-03 12:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-23 11:39 - 2011-12-25 14:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-22 19:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-20 17:07 - 2013-08-16 16:18 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-20 17:07 - 2013-08-16 16:13 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-20 17:06 - 2013-08-16 16:13 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-18 12:37 - 2012-04-27 19:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-18 12:37 - 2011-12-25 02:23 - 00303998 _____ C:\Windows\PFRO.log
2013-09-17 20:15 - 2013-09-17 20:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-17 20:14 - 2013-09-17 20:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-14 00:40 - 2013-09-13 17:06 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\FreeFileSync
2013-09-13 17:06 - 2013-09-13 17:06 - 00000000 ____D C:\Program Files\FreeFileSync
2013-09-13 13:51 - 2013-09-13 13:51 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-09-13 12:29 - 2013-09-13 12:29 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-09-12 14:51 - 2011-12-25 02:02 - 00000000 ___RD C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 14:50 - 2009-07-14 06:45 - 04855984 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 13:23 - 2012-03-22 20:36 - 00000000 ____D C:\Windows\Minidump
2013-09-12 13:11 - 2013-07-19 16:48 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 13:09 - 2011-12-25 13:20 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 16:17 - 2013-05-15 20:49 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-09-10 16:16 - 2011-12-31 14:49 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\DVDVideoSoft
2013-09-10 12:27 - 2011-12-25 02:01 - 00000000 ____D C:\Users\Dennis
2013-09-09 16:28 - 2012-06-23 23:36 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-09-07 13:11 - 2012-03-30 20:37 - 00000000 ___RD C:\Users\Dennis\Desktop\Spiele
2013-09-07 12:02 - 2013-09-06 02:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-07 12:02 - 2013-09-06 02:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-05 22:44 - 2013-05-07 21:43 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-05 22:44 - 2013-03-30 21:17 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-05 22:44 - 2013-03-30 21:17 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 13:39 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-04 13:38 - 2013-09-04 13:38 - 00000000 ____D C:\ProgramData\VS
2013-09-04 13:30 - 2012-10-23 20:36 - 00000000 ____D C:\Users\Dennis\Documents\Visual Studio 2010
2013-08-31 12:48 - 2013-08-30 20:35 - 00000000 ____D C:\ProgramData\GFACE
2013-08-30 20:29 - 2012-01-04 17:45 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-30 00:33 - 2011-12-25 03:41 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\ICQ
2013-08-30 00:26 - 2011-12-25 02:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-30 00:21 - 2011-12-25 03:45 - 00001267 _____ C:\Users\Dennis\Desktop\Revo Uninstaller.lnk
2013-08-30 00:04 - 2011-12-27 15:15 - 00392475 _____ C:\Windows\DirectX.log

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 15:22

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 29.09.2013, 05:46   #8
schrauber
/// the machine
/// TB-Ausbilder
 

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D - Standard

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.09.2013, 13:05   #9
Ardion
 
ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D - Standard

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D



ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9451601e9c903f4396e2f997b5be1076
# engine=15296
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-29 11:45:46
# local_time=2013-09-29 01:45:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 95 54132 245878436 46916 0
# compatibility_mode=3074 16777213 100 100 27913663 70299226 0 0
# compatibility_mode=5893 16776574 100 94 7043795 132084996 0 0
# scanned=462712
# found=0
# cleaned=0
# scan_time=8420
         
Security Check:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox (24.0) 
 Mozilla Thunderbird (24.0.) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Comodo Firewall cmdagent.exe 
 Comodo Firewall cfp.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Dennis (administrator) on DENNIS-PC on 29-09-2013 13:57:17
Running from C:\Users\Dennis\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAX] - C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Remote Control Editor] - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1844296 2011-11-09] (Elgato Systems)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875944 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {39394298-ff4b-11e2-a3a8-00040eca0934} - F:\pushinst.exe
MountPoints2: {a16c2d73-2e9a-11e1-b7b6-85ee572cd654} - E:\pushinst.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [QFan Help] - C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [601088 2009-07-01] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x94F89B5CD223CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKCU -  No Name - {AD6E6555-FB2C-47D4-8339-3E2965509877} -  No File
Toolbar: HKCU -  No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: GFACE Experience Plugin - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\cryenginebrowserplugin@crytek.com
FF Extension: longurlplease - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\longurlplease@darragh.curran.xpi
FF Extension: No Name - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-04] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] ()
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-08] (COMODO)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-18] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-25] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-08] (COMODO)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-08] (COMODO)
S3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [15488 2008-12-11] (ROCCAT Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [181040 2011-02-09] (Marvell Semiconductor, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-07-04] (Oracle Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-29 13:56 - 2013-09-29 13:56 - 00001067 _____ C:\Users\Dennis\Desktop\checkup.txt
2013-09-29 13:48 - 2013-09-29 13:48 - 00891144 _____ C:\Users\Dennis\Desktop\SecurityCheck.exe
2013-09-29 13:47 - 2013-09-29 13:47 - 00000785 _____ C:\Users\Dennis\Desktop\ESET.txt
2013-09-28 21:05 - 2013-09-28 21:09 - 00000000 ___RD C:\Users\Dennis\Desktop\Arduino Stuff
2013-09-28 13:46 - 2013-09-28 13:47 - 01953880 _____ (Farbar) C:\Users\Dennis\Desktop\FRST64.exe
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Windows\ERUNT
2013-09-28 13:23 - 2013-09-28 13:24 - 00000000 ____D C:\AdwCleaner
2013-09-28 13:08 - 2013-09-28 13:08 - 01042066 _____ C:\Users\Dennis\Desktop\adwcleaner.exe
2013-09-28 13:08 - 2013-09-28 13:08 - 01030305 _____ (Thisisu) C:\Users\Dennis\Desktop\JRT.exe
2013-09-27 01:36 - 2013-09-27 01:36 - 00000000 ____D C:\FRST
2013-09-26 23:53 - 2013-09-26 23:53 - 00377856 _____ C:\Users\Dennis\Desktop\r0y4vjh8.exe
2013-09-26 21:00 - 2013-09-26 21:00 - 02347384 _____ (ESET) C:\Users\Dennis\Downloads\esetsmartinstaller_enu.exe
2013-09-26 21:00 - 2013-09-26 21:00 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-17 20:15 - 2013-09-17 20:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-17 20:14 - 2013-09-17 20:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-13 17:06 - 2013-09-28 13:37 - 00001028 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2013-09-13 17:06 - 2013-09-14 00:40 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\FreeFileSync
2013-09-13 17:06 - 2013-09-13 17:06 - 00000000 ____D C:\Program Files\FreeFileSync
2013-09-13 13:51 - 2013-09-13 13:51 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-09-13 12:29 - 2013-09-13 12:29 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-09-12 13:11 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 13:11 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 13:11 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 13:11 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 13:11 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 13:11 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 13:11 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 13:11 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 13:11 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 13:11 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 13:11 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 13:11 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 12:16 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 12:16 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 12:16 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 12:16 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 12:16 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 12:16 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 12:16 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 12:16 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 12:16 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 12:16 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 12:16 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 12:16 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 12:16 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 12:16 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 12:16 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 12:16 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 12:16 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 12:16 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 12:16 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 12:16 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 12:16 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 12:16 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 12:16 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 12:16 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 12:16 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 12:16 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-06 02:39 - 2013-09-07 12:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-06 02:39 - 2013-09-07 12:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-04 13:38 - 2013-09-04 13:38 - 00000000 ____D C:\ProgramData\VS
2013-08-30 20:35 - 2013-08-31 12:48 - 00000000 ____D C:\ProgramData\GFACE

==================== One Month Modified Files and Folders =======

2013-09-29 13:57 - 2009-07-14 19:58 - 00696848 _____ C:\Windows\system32\perfh007.dat
2013-09-29 13:57 - 2009-07-14 19:58 - 00148144 _____ C:\Windows\system32\perfc007.dat
2013-09-29 13:57 - 2009-07-14 07:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-29 13:56 - 2013-09-29 13:56 - 00001067 _____ C:\Users\Dennis\Desktop\checkup.txt
2013-09-29 13:55 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-29 13:55 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-29 13:51 - 2011-12-25 13:46 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Skype
2013-09-29 13:50 - 2012-04-04 21:25 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-29 13:50 - 2012-01-03 12:43 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-29 13:50 - 2011-12-25 03:38 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Dropbox
2013-09-29 13:50 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-29 13:50 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-29 13:50 - 2009-07-14 06:51 - 00105720 _____ C:\Windows\setupact.log
2013-09-29 13:48 - 2013-09-29 13:48 - 00891144 _____ C:\Users\Dennis\Desktop\SecurityCheck.exe
2013-09-29 13:48 - 2011-12-25 02:01 - 01146039 _____ C:\Windows\WindowsUpdate.log
2013-09-29 13:47 - 2013-09-29 13:47 - 00000785 _____ C:\Users\Dennis\Desktop\ESET.txt
2013-09-29 13:36 - 2012-01-03 12:43 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-28 21:09 - 2013-09-28 21:05 - 00000000 ___RD C:\Users\Dennis\Desktop\Arduino Stuff
2013-09-28 15:18 - 2013-08-29 00:41 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\vlc
2013-09-28 13:47 - 2013-09-28 13:46 - 01953880 _____ (Farbar) C:\Users\Dennis\Desktop\FRST64.exe
2013-09-28 13:37 - 2013-09-13 17:06 - 00001028 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Windows\ERUNT
2013-09-28 13:24 - 2013-09-28 13:23 - 00000000 ____D C:\AdwCleaner
2013-09-28 13:08 - 2013-09-28 13:08 - 01042066 _____ C:\Users\Dennis\Desktop\adwcleaner.exe
2013-09-28 13:08 - 2013-09-28 13:08 - 01030305 _____ (Thisisu) C:\Users\Dennis\Desktop\JRT.exe
2013-09-27 01:36 - 2013-09-27 01:36 - 00000000 ____D C:\FRST
2013-09-26 23:53 - 2013-09-26 23:53 - 00377856 _____ C:\Users\Dennis\Desktop\r0y4vjh8.exe
2013-09-26 21:00 - 2013-09-26 21:00 - 02347384 _____ (ESET) C:\Users\Dennis\Downloads\esetsmartinstaller_enu.exe
2013-09-26 21:00 - 2013-09-26 21:00 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-26 12:07 - 2012-02-12 14:51 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-09-26 12:07 - 2011-12-25 02:02 - 00000000 ___RD C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-26 00:13 - 2011-12-25 13:12 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-25 19:52 - 2011-12-25 03:55 - 00000000 ____D C:\Windows\System32\Tasks\TerraTec
2013-09-23 22:08 - 2012-06-23 23:36 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\TS3Client
2013-09-23 20:18 - 2013-01-14 15:42 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\.mclauncher
2013-09-23 11:39 - 2012-04-03 12:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-23 11:39 - 2011-12-25 14:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-22 19:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-20 17:07 - 2013-08-16 16:18 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-20 17:07 - 2013-08-16 16:13 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-20 17:06 - 2013-08-16 16:13 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-18 12:37 - 2012-04-27 19:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-18 12:37 - 2011-12-25 02:23 - 00303998 _____ C:\Windows\PFRO.log
2013-09-17 20:15 - 2013-09-17 20:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-17 20:14 - 2013-09-17 20:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-14 00:40 - 2013-09-13 17:06 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\FreeFileSync
2013-09-13 17:06 - 2013-09-13 17:06 - 00000000 ____D C:\Program Files\FreeFileSync
2013-09-13 13:51 - 2013-09-13 13:51 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-09-13 12:29 - 2013-09-13 12:29 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-09-12 14:51 - 2011-12-25 02:02 - 00000000 ___RD C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 14:50 - 2009-07-14 06:45 - 04855984 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 13:23 - 2012-03-22 20:36 - 00000000 ____D C:\Windows\Minidump
2013-09-12 13:11 - 2013-07-19 16:48 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 13:09 - 2011-12-25 13:20 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 16:17 - 2013-05-15 20:49 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-09-10 16:16 - 2011-12-31 14:49 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\DVDVideoSoft
2013-09-10 12:27 - 2011-12-25 02:01 - 00000000 ____D C:\Users\Dennis
2013-09-09 16:28 - 2012-06-23 23:36 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-09-07 13:11 - 2012-03-30 20:37 - 00000000 ___RD C:\Users\Dennis\Desktop\Spiele
2013-09-07 12:02 - 2013-09-06 02:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-07 12:02 - 2013-09-06 02:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-05 22:44 - 2013-05-07 21:43 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-05 22:44 - 2013-03-30 21:17 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-05 22:44 - 2013-03-30 21:17 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 13:39 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-04 13:38 - 2013-09-04 13:38 - 00000000 ____D C:\ProgramData\VS
2013-09-04 13:30 - 2012-10-23 20:36 - 00000000 ____D C:\Users\Dennis\Documents\Visual Studio 2010
2013-08-31 12:48 - 2013-08-30 20:35 - 00000000 ____D C:\ProgramData\GFACE
2013-08-30 20:29 - 2012-01-04 17:45 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-30 00:33 - 2011-12-25 03:41 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\ICQ
2013-08-30 00:26 - 2011-12-25 02:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-30 00:21 - 2011-12-25 03:45 - 00001267 _____ C:\Users\Dennis\Desktop\Revo Uninstaller.lnk
2013-08-30 00:04 - 2011-12-27 15:15 - 00392475 _____ C:\Windows\DirectX.log

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 15:22

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Adobe Reader habe ich gerade geupdatet.
Das sollte jetzt behoben sein.

Das Problem mit dem schwarzen Bildschirm vor dem Windows Login Bildschirm tritt zwar immer noch auf, liegt aber wahrscheinlich an etwas anderem oder?

Geändert von Ardion (29.09.2013 um 13:22 Uhr)

Alt 29.09.2013, 18:28   #10
schrauber
/// the machine
/// TB-Ausbilder
 

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D - Standard

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D



Beschreib den mal bitte oder mach en Handybild.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.09.2013, 19:12   #11
Ardion
 
ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D - Standard

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D



PC Anschalten -> Bios Infos etc -> Windows Logo -> Ca. 20 Sekunden Komplett schwarzer Bildschirm nur die Maus ist da -> Login Bildschirm

Während diesem, ich nenne es einmal Ladebildschrim, gibt es keine Festplattenaktivität.

Geändert von Ardion (29.09.2013 um 19:19 Uhr)

Alt 30.09.2013, 08:51   #12
schrauber
/// the machine
/// TB-Ausbilder
 

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D - Standard

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D



Öffne mal bitte FRST, setz nen Haken bei Additional und scanne, poste beide Logfiles.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.09.2013, 12:19   #13
Ardion
 
ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D - Standard

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Dennis (administrator) on DENNIS-PC on 30-09-2013 13:15:23
Running from C:\Users\Dennis\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
() C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAX] - C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Remote Control Editor] - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1844296 2011-11-09] (Elgato Systems)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875944 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {39394298-ff4b-11e2-a3a8-00040eca0934} - F:\pushinst.exe
MountPoints2: {a16c2d73-2e9a-11e1-b7b6-85ee572cd654} - E:\pushinst.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [QFan Help] - C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [601088 2009-07-01] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x94F89B5CD223CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKCU -  No Name - {AD6E6555-FB2C-47D4-8339-3E2965509877} -  No File
Toolbar: HKCU -  No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: GFACE Experience Plugin - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\cryenginebrowserplugin@crytek.com
FF Extension: longurlplease - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\longurlplease@darragh.curran.xpi
FF Extension: No Name - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\a13e088j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-04] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] ()
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-08] (COMODO)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-18] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-25] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-08] (COMODO)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-08] (COMODO)
S3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [15488 2008-12-11] (ROCCAT Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [181040 2011-02-09] (Marvell Semiconductor, Inc.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-07-04] (Oracle Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-30 00:17 - 2013-09-30 00:17 - 00131966 _____ C:\Users\Dennis\Desktop\OTL.Txt
2013-09-30 00:17 - 2013-09-30 00:17 - 00090580 _____ C:\Users\Dennis\Desktop\Extras.Txt
2013-09-30 00:02 - 2013-09-30 00:02 - 00602112 _____ (OldTimer Tools) C:\Users\Dennis\Desktop\OTL.exe
2013-09-29 14:28 - 2013-09-29 14:28 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-29 14:26 - 2013-09-12 10:58 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-29 14:26 - 2013-09-12 10:58 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 02630304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-29 14:26 - 2013-09-12 10:58 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-29 14:26 - 2013-06-16 14:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-09-29 14:26 - 2013-06-16 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-09-29 13:56 - 2013-09-29 13:56 - 00001067 _____ C:\Users\Dennis\Desktop\checkup.txt
2013-09-29 13:48 - 2013-09-29 13:48 - 00891144 _____ C:\Users\Dennis\Desktop\SecurityCheck.exe
2013-09-29 13:47 - 2013-09-29 13:47 - 00000785 _____ C:\Users\Dennis\Desktop\ESET.txt
2013-09-28 21:05 - 2013-09-28 21:09 - 00000000 ___RD C:\Users\Dennis\Desktop\Arduino Stuff
2013-09-28 13:46 - 2013-09-28 13:47 - 01953880 _____ (Farbar) C:\Users\Dennis\Desktop\FRST64.exe
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Windows\ERUNT
2013-09-28 13:23 - 2013-09-28 13:24 - 00000000 ____D C:\AdwCleaner
2013-09-28 13:08 - 2013-09-28 13:08 - 01042066 _____ C:\Users\Dennis\Desktop\adwcleaner.exe
2013-09-28 13:08 - 2013-09-28 13:08 - 01030305 _____ (Thisisu) C:\Users\Dennis\Desktop\JRT.exe
2013-09-27 01:36 - 2013-09-27 01:36 - 00000000 ____D C:\FRST
2013-09-26 23:53 - 2013-09-26 23:53 - 00377856 _____ C:\Users\Dennis\Desktop\r0y4vjh8.exe
2013-09-26 21:00 - 2013-09-26 21:00 - 02347384 _____ (ESET) C:\Users\Dennis\Downloads\esetsmartinstaller_enu.exe
2013-09-17 20:15 - 2013-09-17 20:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-17 20:14 - 2013-09-17 20:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-13 17:06 - 2013-09-28 13:37 - 00001028 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2013-09-13 17:06 - 2013-09-14 00:40 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\FreeFileSync
2013-09-13 17:06 - 2013-09-13 17:06 - 00000000 ____D C:\Program Files\FreeFileSync
2013-09-13 13:51 - 2013-09-13 13:51 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-09-13 12:29 - 2013-09-13 12:29 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-09-12 13:11 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 13:11 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 13:11 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 13:11 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 13:11 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 13:11 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 13:11 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 13:11 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 13:11 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 13:11 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 13:11 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 13:11 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 13:11 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 13:11 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 12:16 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 12:16 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 12:16 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 12:16 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 12:16 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 12:16 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 12:16 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 12:16 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 12:16 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 12:16 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 12:16 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 12:16 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 12:16 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 12:16 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 12:16 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 12:16 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 12:16 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 12:16 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 12:16 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 12:16 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 12:16 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 12:16 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 12:16 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 12:16 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 12:16 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 12:16 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 12:16 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-12 01:17 - 2013-09-12 01:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-09-06 02:39 - 2013-09-07 12:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-06 02:39 - 2013-09-07 12:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-04 13:38 - 2013-09-04 13:38 - 00000000 ____D C:\ProgramData\VS

==================== One Month Modified Files and Folders =======

2013-09-30 13:09 - 2011-12-25 13:46 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Skype
2013-09-30 12:55 - 2009-07-14 19:58 - 00696848 _____ C:\Windows\system32\perfh007.dat
2013-09-30 12:55 - 2009-07-14 19:58 - 00148144 _____ C:\Windows\system32\perfc007.dat
2013-09-30 12:55 - 2009-07-14 07:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-30 12:54 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-30 12:54 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-30 12:49 - 2012-04-04 21:25 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-30 12:49 - 2012-01-03 12:43 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-30 12:49 - 2011-12-25 03:38 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Dropbox
2013-09-30 12:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-30 12:49 - 2009-07-14 06:51 - 00106300 _____ C:\Windows\setupact.log
2013-09-30 00:30 - 2011-12-25 02:01 - 01208598 _____ C:\Windows\WindowsUpdate.log
2013-09-30 00:17 - 2013-09-30 00:17 - 00131966 _____ C:\Users\Dennis\Desktop\OTL.Txt
2013-09-30 00:17 - 2013-09-30 00:17 - 00090580 _____ C:\Users\Dennis\Desktop\Extras.Txt
2013-09-30 00:02 - 2013-09-30 00:02 - 00602112 _____ (OldTimer Tools) C:\Users\Dennis\Desktop\OTL.exe
2013-09-29 23:36 - 2012-01-03 12:43 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-29 18:05 - 2011-12-25 02:23 - 00304824 _____ C:\Windows\PFRO.log
2013-09-29 14:28 - 2013-09-29 14:28 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-29 14:28 - 2011-12-25 02:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-29 14:26 - 2012-04-04 21:24 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-09-29 14:26 - 2011-12-25 02:21 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-29 13:56 - 2013-09-29 13:56 - 00001067 _____ C:\Users\Dennis\Desktop\checkup.txt
2013-09-29 13:50 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-29 13:48 - 2013-09-29 13:48 - 00891144 _____ C:\Users\Dennis\Desktop\SecurityCheck.exe
2013-09-29 13:47 - 2013-09-29 13:47 - 00000785 _____ C:\Users\Dennis\Desktop\ESET.txt
2013-09-28 21:09 - 2013-09-28 21:05 - 00000000 ___RD C:\Users\Dennis\Desktop\Arduino Stuff
2013-09-28 15:18 - 2013-08-29 00:41 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\vlc
2013-09-28 13:47 - 2013-09-28 13:46 - 01953880 _____ (Farbar) C:\Users\Dennis\Desktop\FRST64.exe
2013-09-28 13:37 - 2013-09-13 17:06 - 00001028 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2013-09-28 13:29 - 2013-09-28 13:29 - 00000000 ____D C:\Windows\ERUNT
2013-09-28 13:24 - 2013-09-28 13:23 - 00000000 ____D C:\AdwCleaner
2013-09-28 13:08 - 2013-09-28 13:08 - 01042066 _____ C:\Users\Dennis\Desktop\adwcleaner.exe
2013-09-28 13:08 - 2013-09-28 13:08 - 01030305 _____ (Thisisu) C:\Users\Dennis\Desktop\JRT.exe
2013-09-27 01:36 - 2013-09-27 01:36 - 00000000 ____D C:\FRST
2013-09-26 23:53 - 2013-09-26 23:53 - 00377856 _____ C:\Users\Dennis\Desktop\r0y4vjh8.exe
2013-09-26 21:00 - 2013-09-26 21:00 - 02347384 _____ (ESET) C:\Users\Dennis\Downloads\esetsmartinstaller_enu.exe
2013-09-26 12:07 - 2012-02-12 14:51 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-09-26 12:07 - 2011-12-25 02:02 - 00000000 ___RD C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-26 00:13 - 2011-12-25 13:12 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-25 19:52 - 2011-12-25 03:55 - 00000000 ____D C:\Windows\System32\Tasks\TerraTec
2013-09-23 22:08 - 2012-06-23 23:36 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\TS3Client
2013-09-23 20:18 - 2013-01-14 15:42 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\.mclauncher
2013-09-23 11:39 - 2012-04-03 12:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-23 11:39 - 2011-12-25 14:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-22 19:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-20 17:07 - 2013-08-16 16:18 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-20 17:07 - 2013-08-16 16:13 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-20 17:06 - 2013-08-16 16:13 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-18 12:37 - 2012-04-27 19:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-17 20:15 - 2013-09-17 20:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-17 20:14 - 2013-09-17 20:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-14 00:40 - 2013-09-13 17:06 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\FreeFileSync
2013-09-13 17:06 - 2013-09-13 17:06 - 00000000 ____D C:\Program Files\FreeFileSync
2013-09-13 13:51 - 2013-09-13 13:51 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-09-13 12:29 - 2013-09-13 12:29 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-09-12 14:51 - 2011-12-25 02:02 - 00000000 ___RD C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 14:50 - 2009-07-14 06:45 - 04855984 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 13:23 - 2012-03-22 20:36 - 00000000 ____D C:\Windows\Minidump
2013-09-12 13:11 - 2013-07-19 16:48 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 13:09 - 2011-12-25 13:20 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 10:58 - 2013-09-29 14:26 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-12 10:58 - 2013-09-29 14:26 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 02630304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-12 10:58 - 2013-09-29 14:26 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-12 10:58 - 2013-08-20 22:47 - 15901448 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-12 10:58 - 2013-08-20 22:47 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-12 10:58 - 2013-08-20 22:47 - 12947360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-12 10:58 - 2013-08-20 22:47 - 02986672 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-09-12 10:58 - 2013-08-20 22:47 - 01412832 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-09-12 10:58 - 2013-08-20 22:47 - 00022814 _____ C:\Windows\system32\nvinfo.pb
2013-09-12 10:58 - 2012-04-04 21:26 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-09-12 10:58 - 2012-04-04 21:26 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-09-12 09:25 - 2013-08-20 22:48 - 06599968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-12 09:25 - 2013-08-20 22:48 - 03452192 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-09-12 09:25 - 2013-08-20 22:48 - 00920864 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-12 09:25 - 2013-08-20 22:48 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-12 09:25 - 2013-08-20 22:48 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-12 01:17 - 2013-09-12 01:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-09-12 00:06 - 2013-08-20 22:48 - 03361114 _____ C:\Windows\system32\nvcoproc.bin
2013-09-10 16:17 - 2013-05-15 20:49 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-09-10 16:16 - 2011-12-31 14:49 - 00000000 ____D C:\Users\Dennis\AppData\Roaming\DVDVideoSoft
2013-09-10 12:27 - 2011-12-25 02:01 - 00000000 ____D C:\Users\Dennis
2013-09-09 16:28 - 2012-06-23 23:36 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-09-07 13:11 - 2012-03-30 20:37 - 00000000 ___RD C:\Users\Dennis\Desktop\Spiele
2013-09-07 12:02 - 2013-09-06 02:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-07 12:02 - 2013-09-06 02:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-05 22:44 - 2013-05-07 21:43 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-05 22:44 - 2013-03-30 21:17 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-05 22:44 - 2013-03-30 21:17 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 13:39 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-04 13:38 - 2013-09-04 13:38 - 00000000 ____D C:\ProgramData\VS
2013-09-04 13:30 - 2012-10-23 20:36 - 00000000 ____D C:\Users\Dennis\Documents\Visual Studio 2010
2013-08-31 12:48 - 2013-08-30 20:35 - 00000000 ____D C:\ProgramData\GFACE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 15:22

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013 02
Ran by Dennis at 2013-09-30 13:15:47
Running from C:\Users\Dennis\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Defense+ (Enabled - Up to date) {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall (Enabled) {7DB03214-694B-060B-1600-BD4715C36DBB}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212)
Adobe AIR (x32 Version: 1.5.3.9120)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Creative Suite 5 Master Collection (x32 Version: 5.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Media Player (x32 Version: 1.8)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
AI Suite (x32 Version: 1.05.33)
AIDA64 Extreme Edition v2.00 (x32 Version: 2.00)
AION Free-to-Play (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
AVM FRITZ!WLAN (x32)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
Bonjour (Version: 3.0.0.10)
Cinergy T-Stick Dual V9.06.3.01 (x32 Version: 9.06.3.01)
COMODO Internet Security (Version: 5.8.16726.2131)
Counter-Strike (x32)
Counter-Strike: Condition Zero (x32)
Counter-Strike: Global Offensive (x32)
CrystalDiskInfo 4.1.4 (x32 Version: 4.1.4)
D3DX10 (x32 Version: 15.4.2368.0902)
DivX-Setup (x32 Version: 2.6.1.3)
Dropbox (HKCU Version: 2.3.31)
Epson Copy Utility 3.5 (x32 Version: 3.5.0.0)
Epson Event Manager (x32 Version: 2.40.0002)
EPSON Scan (x32)
EPU-6 Engine (x32 Version: 1.01.17)
eReg (x32 Version: 1.20.138.34)
ESN Sonar (x32 Version: 0.70.4)
EVGA Precision X 3.0.2 (x32 Version: 3.0.2)
FileZilla Client 3.7.1.1 (x32 Version: 3.7.1.1)
Fotogalerie (x32 Version: 16.4.3508.0205)
Free Audio Dub version 1.7.9.908 (x32 Version: 1.7.9.908)
Free AVI Video Converter version 5.0.28.827 (x32 Version: 5.0.28.827)
Free YouTube Download version 3.2.12.827 (x32 Version: 3.2.12.827)
Free YouTube to MP3 Converter version 3.12.12.827 (x32 Version: 3.12.12.827)
FreeFileSync 5.21 (x32 Version: 5.21)
Gameforge Live 1.8.1 "Legend" (x32 Version: 1.8.1)
Geeks3D.com FurMark 1.10.0 (x32)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
HiJackThis (x32 Version: 1.0.0)
Host OpenAL (ADI) (x32)
Hotfix für Microsoft Visual C++ 2010 Express - DEU (KB2635973) (x32 Version: 1)
ICQ7.7 (x32 Version: 7.7)
ImgBurn (x32 Version: 2.5.6.0)
Intel(R) Rapid Storage Technology (x32 Version: 10.8.0.1003)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java SE Development Kit 7 Update 6 (64-bit) (Version: 1.7.0.60)
LinuxLive USB Creator (x32 Version: 2.8)
Logitech SetPoint 6.32 (Version: 6.32.20)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
marvell 61xx (x32 Version: 1.2.0.69)
Marvell Miniport Driver (x32 Version: 11.45.1.3)
MechWarrior Online (HKCU Version: 1.2.0.0)
MechWarrior Online (x32 Version: 1.2.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0)
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010 Express - DEU (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
Mozilla Thunderbird 24.0 (x86 de) (x32 Version: 24.0)
Mp3tag v2.53 (x32 Version: v2.53)
MPC-HC 1.6.8 (64-bit) (Version: 1.6.8.7417)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyFreeCodec (HKCU)
NC Launcher (GameForge) (x32)
No23 Recorder (x32 Version: 2.1.0.3)
NVIDIA 3D Vision Controller-Treiber 326.01 (Version: 326.01)
NVIDIA 3D Vision Treiber 327.23 (Version: 327.23)
NVIDIA Grafiktreiber 327.23 (Version: 327.23)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.133.889)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723)
NVIDIA Systemsteuerung 327.23 (Version: 327.23)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Origin (x32 Version: 9.3.1.4482)
PDF Settings CS5 (x32 Version: 10.0)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
PlanetSide 2 (x32)
Project 64 version 2.1.0.1 (x32 Version: 2.1.0.1)
PunkBuster Services (x32 Version: 0.991)
QuickTime (x32 Version: 7.74.80.86)
Revo Uninstaller 1.95 (x32 Version: 1.95)
Samsung Kies (x32 Version: 2.5.0.12104_15)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0)
Screen Recording Suite V2.5.0 (x32 Version: 2.5.0)
SeaTools for Windows (x32 Version: 1.2.0.7)
Skype Click to Call (x32 Version: 6.4.11328)
Skype™ 6.6 (x32 Version: 6.6.106)
SoundMAX (x32 Version: 6.10.2.6585)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Steam (x32 Version: 1.0.0.0)
Steam Trading Card Beta Access (x32)
swMSM (x32 Version: 12.0.0.1)
TeamSpeak 3 Client (Version: 3.0.12)
TerraTec Home Cinema (x32 Version: 6.25.6)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.0.8 (Version: 2.0.8)
VoiceOver Kit (x32 Version: 1.42.128.0)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
World of Tanks (x32)
XBMC (HKCU)
Zattoo4 4.0.5 (x32 Version: 4.0.5)

==================== Restore Points  =========================

22-09-2013 17:06:35 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-09-10 15:11 - 00450636 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	www.123fporn.info
127.0.0.1	123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0E753848-F932-4AC4-B9BE-4282D84650D3} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.91\AsLoader.exe [2008-07-02] ()
Task: {4A05F204-8056-4C07-9775-20E9C39E925B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-03] (Google Inc.)
Task: {4EB9940A-7301-4C86-9224-CA6DB06F6AAB} - System32\Tasks\ASUS\Cpu Level Up Hook Lanunch => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe [2007-10-11] ()
Task: {5400614C-8932-4F65-B601-EB0DC9683122} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {88B720E2-C3AE-43B0-B555-11116C4FFDD6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-03] (Google Inc.)
Task: {8920E8AA-3C5B-48BD-9CE5-90B99EA24EAE} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe [2009-06-26] ()
Task: {A963C81C-AFB0-423D-A686-15C8A1AF8F13} - System32\Tasks\{80FACCFC-F4D3-42E8-B0DF-017B3952D3C8} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.6.59.110/de/abandoninstall?source=lightinstaller&amp;page=tsProblems&amp;LastError=12007&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {D6B9461E-6F37-43AB-898A-AE40722FBAB9} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () D:\Programme\FileZilla FTP Client\fzshellext_64.dll
2012-10-22 17:44 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-25 18:52 - 2010-06-30 03:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll
2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Dennis\AppData\Roaming\Dropbox\bin\libcef.dll
2013-08-15 13:54 - 2013-08-15 13:54 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\35e0ed91cf25ee1aa403a25cd3b53fa2\IsdiInterop.ni.dll
2011-12-25 02:24 - 2011-10-17 16:08 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-17 20:14 - 2013-09-17 20:14 - 03007384 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-09-17 20:14 - 2013-09-17 20:14 - 00158104 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-09-17 20:14 - 2013-09-17 20:14 - 00022424 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Dennis\Lokale Einstellungen:H0xUoJOs4w9w18mZYGJMb9o4
AlternateDataStreams: C:\Users\Dennis\AppData\Local:H0xUoJOs4w9w18mZYGJMb9o4

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/30/2013 00:02:49 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2013 01:50:20 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (09/29/2013 01:50:09 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (09/29/2013 01:46:27 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2013 11:25:07 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2013 11:25:03 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2013 11:23:46 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2013 11:23:40 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2013 11:22:34 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2013 11:22:28 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (09/29/2013 02:37:17 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{5A148A5B-5829-454E-89E5-F7B78DD92F2C}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (09/29/2013 02:13:40 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{5A148A5B-5829-454E-89E5-F7B78DD92F2C}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.


Microsoft Office Sessions:
=========================
Error: (09/30/2013 00:02:49 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dennis\Downloads\esetsmartinstaller_enu.exe

Error: (09/29/2013 01:50:20 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (09/29/2013 01:50:09 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (09/29/2013 01:46:27 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/29/2013 11:25:07 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79OJ0W3R\esetsmartinstaller_enu.exe

Error: (09/29/2013 11:25:03 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79OJ0W3R\esetsmartinstaller_enu.exe

Error: (09/29/2013 11:23:46 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79OJ0W3R\esetsmartinstaller_enu (1).exe

Error: (09/29/2013 11:23:40 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79OJ0W3R\esetsmartinstaller_enu (1).exe

Error: (09/29/2013 11:22:34 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79OJ0W3R\esetsmartinstaller_enu.exe

Error: (09/29/2013 11:22:28 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79OJ0W3R\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
  Date: 2013-02-19 13:40:32.329
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-19 13:40:32.261
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-19 13:40:30.185
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-19 13:40:30.113
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-19 13:40:28.035
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-19 13:40:27.966
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-19 13:40:25.887
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-19 13:40:25.820
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-19 13:40:23.743
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-19 13:40:23.677
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 4095.05 MB
Available physical RAM: 2224.24 MB
Total Pagefile: 8188.29 MB
Available Pagefile: 5914.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:119.14 GB) (Free:40.27 GB) NTFS
Drive d: () (Fixed) (Total:232.88 GB) (Free:112.71 GB) NTFS
Drive f: (Lokaler Datenträger) (Fixed) (Total:1863.01 GB) (Free:974.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: AAA3CE44)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: FCEEE0A9)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: D793D793)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 30.09.2013, 17:22   #14
schrauber
/// the machine
/// TB-Ausbilder
 

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D - Standard

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D



Kommt das auch wenn Du in den Safe Mode bootest?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.09.2013, 19:34   #15
Ardion
 
ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D - Standard

ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D



Nein, im abgesicherten Modus tritt das Problem nicht auf.

Antwort

Themen zu ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D
antivir, appdata, avira, betrieb, bildschirm, code, desktop, ergebnisse, eset, hochfahren, internet, microsoft, online, scanner, sekunden, system32, temporary, variant, win, win32/adware.lollipop.d, win32/bundled.toolbar.ask.d, windows



Ähnliche Themen: ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D


  1. Win32:Malware-gen, Win32:Adware-gen, Win32:rookit-gen können nicht gelöscht werden
    Log-Analyse und Auswertung - 17.11.2015 (16)
  2. Windows Vista Home Premium Service Pack 2 Win32/Bundled.Toolbar.Google.D und Variante von Win32/OpenCandy.C mit eset online scanner gefunden
    Log-Analyse und Auswertung - 16.10.2015 (9)
  3. Eset findet "Win32/Bundled.Toolbar.Google.D" und "Win32/OpenCandy.C"
    Plagegeister aller Art und deren Bekämpfung - 22.09.2015 (10)
  4. Windows 7; langsames Hochfahren // Win32/Toolbar.Visicom.A, Win32/DownloadSponsor.C, Win32/Toolbar.Visicom.E
    Log-Analyse und Auswertung - 01.08.2015 (9)
  5. Eset Online Scanner findet Win32/Bundled. Toolbar Google
    Plagegeister aller Art und deren Bekämpfung - 28.08.2014 (3)
  6. Variante von Win32/Bundled.Toolbar.Ask.F
    Log-Analyse und Auswertung - 08.07.2014 (13)
  7. Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung und andere...
    Log-Analyse und Auswertung - 05.06.2014 (9)
  8. Schon wieder 3 Funde mit Emsisoft (Adware.Win32.Adlop)
    Log-Analyse und Auswertung - 17.02.2014 (7)
  9. Variante von Win32/Bundled.Toolbar.Ask Anwendung - von Eset erkannte "Bedrohungen"
    Plagegeister aller Art und deren Bekämpfung - 02.11.2013 (3)
  10. Win32/Bundled.Toolbar.Ask
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (5)
  11. Windows 7 "PUP Babylon Toolbar" und "a variant of Win32/Bundled.Toolbar.Ask.D" gefunden
    Log-Analyse und Auswertung - 26.09.2013 (9)
  12. ESETLog:Win32/OpenCandy Anwendung; Win32/Toolbar.Zugo Anwendung; Var. von: Win32/Bundled.Toolbar.Ask Anwendung; Win32/Injector.AIBG Trojaner
    Log-Analyse und Auswertung - 17.06.2013 (7)
  13. BKA Trojaner, Win32/Bundled.Toolbar.Ask
    Log-Analyse und Auswertung - 02.06.2013 (15)
  14. Nach Neuaufsetzen Spyware/Toolbars u.a. Win32/Adware.Toolbar.Dealio ... wie schlimm?
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (2)
  15. Eset findet Win32/Adware Toolbar Dealio+35 funde von mbam
    Log-Analyse und Auswertung - 01.03.2012 (11)
  16. Win32/Adware.Toolbar.Dealio gemeldet von ESET Scanner
    Log-Analyse und Auswertung - 23.01.2012 (4)
  17. 70 ausgehende Verbindungen lt. Comodo o. Aktivität, div.Funde:Win32/Adware.ADON, Adware.F1 Organizer
    Plagegeister aller Art und deren Bekämpfung - 31.08.2010 (5)

Zum Thema ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D - Hallo, Heute habe ich einmal den ESET Online Scanner laufen lassen. Dieser hat auch einige Probleme gefunden. Auslöser dafür, dass ich den Scann überhaupt gemacht habe war, dass ich heute - ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D...
Archiv
Du betrachtest: ESET Funde: Win32/Adware.Lollipop.D , Win32/Bundled.Toolbar.Ask.D auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.