| |
| |||||||
Log-Analyse und Auswertung: PC Optimizer Pro eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.02.2014, 18:43
| #1 |
| |  PC Optimizer Pro eingefangen Hallo, leider habe ich mir irgendwie den PC Optimizer Pro eingefangen  . Er hat sich von alleine installiert und gestartet. Ich habe versucht, ihn über den CC - Cleaner zu löschen, das sah aber nicht sehr vertrauenswürdig aus. Nun möchte ich gerne sicher gehen, ob mein Laptop clean ist.Betriebssystem ist Windows8 und Kaspersky auf dem neusten Stand, das hat aber weder gewarnt noch etwas gefunden bei der kompletten Untersuchung. Ich habe Eure Anleitung ausgeführt mit folgenden Ergebnissen: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Jutta (administrator) on JUTTA on 02-02-2014 18:14:41
Running from C:\Users\Jutta\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Users\Jutta\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Bandoo Media, inc) C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DATAMNGR] - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe [1890744 2012-09-02] (Bandoo Media, inc)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Runonce: [extractnow] - [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3859018946-3778628707-202508750-1002\...\Run: [Spotify] - C:\Users\Jutta\AppData\Roaming\Spotify\Spotify.exe [4736000 2013-10-07] (Spotify Ltd)
HKU\S-1-5-21-3859018946-3778628707-202508750-1002\...\Run: [Spotify Web Helper] - C:\Users\Jutta\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-07] (Spotify Ltd)
HKU\S-1-5-21-3859018946-3778628707-202508750-1002\...\Run: [SkyDrive] - C:\Users\Jutta\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKU\S-1-5-21-3859018946-3778628707-202508750-1002\...\Run: [Power2GoExpress] - C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649816 2012-12-25] (CyberLink Corp.)
AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll [2300344 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll [1528760 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~2\wia6eb~1\datamngr\datamngr.dll => C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll [1723320 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs-x32: c:\progra~2\wia6eb~1\datamngr\iebho.dll => C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll [1185208 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391356744&from=smt&uid=HitachiXHTS545050A7E380_TE8512L505KHKM05KHKMX&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO-x32: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Jutta\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-3859018946-3778628707-202508750-1002\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-29]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-29]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-03]
CHR Extension: (Google-Suche) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-03]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-07-03]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-07-03]
CHR Extension: (Modul für das Blockieren gefährlicher Webseiten) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-07-03]
CHR Extension: (Virtuelle Tastatur) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-07-03]
CHR Extension: (Google Mail) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-03]
CHR Extension: (Anti-Banner) - C:\Users\Jutta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-07-03]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]
==================== Services (Whitelisted) =================
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-02-02] (Cherished Technololgy LIMITED)
==================== Drivers (Whitelisted) ====================
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-29] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-12-29] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [623712 2013-12-29] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [64608 2013-05-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2013-12-29] (Kaspersky Lab ZAO)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [13696 2012-10-04] (ASUSTek Computer Inc.)
R3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1119232 2012-06-30] (Realtek Semiconductor Corporation )
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-02-12] (Microsoft Corporation)
S0 msahci;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-02 18:13 - 2014-02-02 18:13 - 00043252 _____ () C:\Users\Jutta\Documents\FRST.txt
2014-02-02 18:12 - 2014-02-02 18:14 - 00016145 _____ () C:\Users\Jutta\Documents\Addition.txt
2014-02-02 18:11 - 2014-02-02 18:14 - 00016145 _____ () C:\Users\Jutta\Downloads\Addition.txt
2014-02-02 18:10 - 2014-02-02 18:14 - 00026316 _____ () C:\Users\Jutta\Downloads\FRST.txt
2014-02-02 18:10 - 2014-02-02 18:14 - 00000000 ____D () C:\FRST
2014-02-02 18:08 - 2014-02-02 18:09 - 02080256 _____ (Farbar) C:\Users\Jutta\Downloads\FRST64.exe
2014-02-02 18:08 - 2014-02-02 18:08 - 00000472 _____ () C:\Users\Jutta\Downloads\defogger_disable.log
2014-02-02 18:08 - 2014-02-02 18:08 - 00000000 _____ () C:\Users\Jutta\defogger_reenable
2014-02-02 18:07 - 2014-02-02 18:07 - 00050477 _____ () C:\Users\Jutta\Downloads\Defogger.exe
2014-02-02 17:47 - 2014-02-02 17:47 - 00000000 ____D () C:\Users\Jutta\Documents\Add-in Express
2014-02-02 17:05 - 2014-02-02 17:05 - 00000000 ____D () C:\Users\Jutta\Documents\Optimizer Pro
2014-02-02 17:01 - 2014-02-02 17:02 - 00000000 ___RD () C:\Users\Jutta\Downloads\AFF540DC.Unpacker_v7353qx4kg3sa!App
2014-02-02 16:59 - 2014-02-02 17:17 - 00000000 ____D () C:\Users\Jutta\AppData\Roaming\awesomehp
2014-02-02 16:59 - 2014-02-02 17:16 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-02-02 16:59 - 2014-02-02 16:59 - 00000000 ____D () C:\ProgramData\WPM
2014-02-02 16:59 - 2014-02-02 16:59 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-02 16:59 - 2014-02-02 16:59 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-02 16:58 - 2014-02-02 17:17 - 00000000 ____D () C:\Program Files (x86)\ExtractNow
2014-02-02 16:58 - 2014-02-02 16:58 - 00001033 _____ () C:\Users\Jutta\Desktop\ExtractNow.lnk
2014-02-02 16:58 - 2014-02-02 16:58 - 00000000 ____D () C:\Users\Jutta\AppData\Local\ExtractNow
2014-02-02 16:57 - 2014-02-02 16:57 - 02025752 _____ (Nathan Moinvaziri) C:\Users\Jutta\Downloads\extractnow_4.8.1.0.exe
2014-02-02 16:54 - 2014-02-02 16:54 - 00486926 _____ () C:\Users\Jutta\Downloads\doenerschlumpf_brakefins.zip
2014-02-02 16:17 - 2014-02-02 16:17 - 00001971 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-02-02 16:01 - 2014-02-02 16:44 - 00000000 ____D () C:\Users\Jutta\Documents\SelfMV
2014-02-02 15:54 - 2013-10-30 12:06 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2014-02-02 15:52 - 2014-02-02 15:53 - 70015304 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Jutta\Downloads\KiesSetup_2.6.1.13105_7.exe
2014-02-02 15:43 - 2014-02-02 16:05 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-02-02 15:29 - 2014-02-02 16:21 - 00000000 ____D () C:\Users\Jutta\Documents\samsung
2014-02-02 15:29 - 2014-02-02 16:17 - 00000000 ____D () C:\Users\Jutta\AppData\Roaming\Samsung
2014-02-02 15:29 - 2014-02-02 15:55 - 00000000 ____D () C:\Users\Jutta\AppData\Local\Samsung
2014-02-02 15:29 - 2014-02-02 15:29 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-02 15:27 - 2013-10-30 12:13 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-02-02 15:26 - 2014-02-02 15:54 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-02 15:24 - 2014-02-02 16:17 - 00000000 ____D () C:\Users\Jutta\AppData\Local\Downloaded Installations
2014-02-02 15:23 - 2014-02-02 15:23 - 70015304 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Jutta\Downloads\KiesSetup.exe
2014-01-27 09:19 - 2014-02-02 16:17 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-01-27 09:19 - 2014-01-27 09:19 - 00000000 ____D () C:\Windows\twain_64
2014-01-27 09:19 - 2013-10-04 06:31 - 00579072 _____ () C:\Windows\system32\SNWIAUI.dll
2014-01-27 09:19 - 2013-10-04 05:53 - 00734720 _____ () C:\Windows\system32\SnMinDrv.dll
2014-01-27 09:19 - 2013-10-04 05:53 - 00155136 _____ () C:\Windows\system32\SnImgFlt.dll
2014-01-27 09:19 - 2013-10-04 05:52 - 00068096 _____ () C:\Windows\system32\SnErHdlr.dll
2014-01-27 09:19 - 2013-09-02 03:57 - 00155696 _____ () C:\Windows\wiainst64.exe
2014-01-27 09:19 - 2013-06-01 06:13 - 01571160 ____N () C:\Windows\TotalUninstaller.exe
2014-01-27 09:19 - 2012-12-10 03:09 - 00120846 _____ () C:\Windows\system32\WIAEXSTR.loc
2014-01-27 09:19 - 2012-03-14 00:58 - 00166640 _____ (TWAIN Working Group) C:\Windows\system32\TWAINDSM.dll
2014-01-27 09:19 - 2012-03-14 00:58 - 00148728 _____ (TWAIN Working Group) C:\Windows\SysWOW64\TWAINDSM.dll
2014-01-27 09:19 - 2012-02-09 08:20 - 00355840 _____ (Samsung Electronics) C:\Windows\system32\snWIAMUI.dll
2014-01-27 09:17 - 2014-01-27 09:18 - 23580208 _____ () C:\Users\Jutta\Downloads\UniversalScanDriver_V1.02.19.exe
2014-01-20 21:09 - 2014-01-20 21:10 - 00128000 ___SH () C:\Users\Jutta\Thumbs.db
2014-01-15 22:55 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 22:55 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 22:55 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-15 22:55 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-13 15:43 - 2014-01-13 15:43 - 00440136 _____ () C:\Users\Jutta\Documents\Gutschrift Wehner Groma.oxps
2014-01-09 17:23 - 2014-01-09 17:23 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-01-09 17:23 - 2014-01-09 17:23 - 00000000 ____D () C:\Windows\system32\NV
2014-01-09 16:22 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-01-09 16:22 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-01-09 16:22 - 2013-12-19 21:33 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
==================== One Month Modified Files and Folders =======
2014-02-02 18:14 - 2014-02-02 18:12 - 00016145 _____ () C:\Users\Jutta\Documents\Addition.txt
2014-02-02 18:14 - 2014-02-02 18:11 - 00016145 _____ () C:\Users\Jutta\Downloads\Addition.txt
2014-02-02 18:14 - 2014-02-02 18:10 - 00026316 _____ () C:\Users\Jutta\Downloads\FRST.txt
2014-02-02 18:14 - 2014-02-02 18:10 - 00000000 ____D () C:\FRST
2014-02-02 18:13 - 2014-02-02 18:13 - 00043252 _____ () C:\Users\Jutta\Documents\FRST.txt
2014-02-02 18:09 - 2014-02-02 18:08 - 02080256 _____ (Farbar) C:\Users\Jutta\Downloads\FRST64.exe
2014-02-02 18:08 - 2014-02-02 18:08 - 00000472 _____ () C:\Users\Jutta\Downloads\defogger_disable.log
2014-02-02 18:08 - 2014-02-02 18:08 - 00000000 _____ () C:\Users\Jutta\defogger_reenable
2014-02-02 18:08 - 2013-07-01 11:22 - 00000000 ____D () C:\Users\Jutta
2014-02-02 18:07 - 2014-02-02 18:07 - 00050477 _____ () C:\Users\Jutta\Downloads\Defogger.exe
2014-02-02 18:01 - 2013-07-01 12:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-02 18:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-02-02 17:47 - 2014-02-02 17:47 - 00000000 ____D () C:\Users\Jutta\Documents\Add-in Express
2014-02-02 17:25 - 2013-07-01 11:34 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3859018946-3778628707-202508750-1002
2014-02-02 17:18 - 2013-07-03 20:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-02 17:17 - 2014-02-02 16:59 - 00000000 ____D () C:\Users\Jutta\AppData\Roaming\awesomehp
2014-02-02 17:17 - 2014-02-02 16:58 - 00000000 ____D () C:\Program Files (x86)\ExtractNow
2014-02-02 17:17 - 2013-07-03 19:16 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-02 17:17 - 2013-07-01 11:26 - 00001440 _____ () C:\Users\Jutta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-02 17:16 - 2014-02-02 16:59 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-02-02 17:05 - 2014-02-02 17:05 - 00000000 ____D () C:\Users\Jutta\Documents\Optimizer Pro
2014-02-02 17:05 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-02-02 17:04 - 2013-07-04 13:55 - 00005122 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JUTTA-Jutta Jutta
2014-02-02 17:02 - 2014-02-02 17:01 - 00000000 ___RD () C:\Users\Jutta\Downloads\AFF540DC.Unpacker_v7353qx4kg3sa!App
2014-02-02 17:00 - 2013-07-01 11:23 - 00000000 ____D () C:\Users\Jutta\AppData\Local\Packages
2014-02-02 16:59 - 2014-02-02 16:59 - 00000000 ____D () C:\ProgramData\WPM
2014-02-02 16:59 - 2014-02-02 16:59 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-02 16:59 - 2014-02-02 16:59 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-02 16:58 - 2014-02-02 16:58 - 00001033 _____ () C:\Users\Jutta\Desktop\ExtractNow.lnk
2014-02-02 16:58 - 2014-02-02 16:58 - 00000000 ____D () C:\Users\Jutta\AppData\Local\ExtractNow
2014-02-02 16:57 - 2014-02-02 16:57 - 02025752 _____ (Nathan Moinvaziri) C:\Users\Jutta\Downloads\extractnow_4.8.1.0.exe
2014-02-02 16:54 - 2014-02-02 16:54 - 00486926 _____ () C:\Users\Jutta\Downloads\doenerschlumpf_brakefins.zip
2014-02-02 16:54 - 2013-07-04 15:32 - 00634368 ___SH () C:\Users\Jutta\Downloads\Thumbs.db
2014-02-02 16:47 - 2012-08-03 00:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-02-02 16:47 - 2012-08-03 00:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-02-02 16:47 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-02 16:44 - 2014-02-02 16:01 - 00000000 ____D () C:\Users\Jutta\Documents\SelfMV
2014-02-02 16:44 - 2013-07-01 14:38 - 00000000 ___RD () C:\Users\Jutta\SkyDrive
2014-02-02 16:43 - 2013-07-01 11:27 - 00000416 _____ () C:\Users\Jutta\AppData\Roaming\sp_data.sys
2014-02-02 16:41 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-02 16:40 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-02-02 16:21 - 2014-02-02 15:29 - 00000000 ____D () C:\Users\Jutta\Documents\samsung
2014-02-02 16:17 - 2014-02-02 16:17 - 00001971 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-02-02 16:17 - 2014-02-02 15:29 - 00000000 ____D () C:\Users\Jutta\AppData\Roaming\Samsung
2014-02-02 16:17 - 2014-02-02 15:24 - 00000000 ____D () C:\Users\Jutta\AppData\Local\Downloaded Installations
2014-02-02 16:17 - 2014-01-27 09:19 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-02-02 16:17 - 2013-04-13 04:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-02 16:05 - 2014-02-02 15:43 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-02-02 15:55 - 2014-02-02 15:29 - 00000000 ____D () C:\Users\Jutta\AppData\Local\Samsung
2014-02-02 15:54 - 2014-02-02 15:26 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-02 15:53 - 2014-02-02 15:52 - 70015304 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Jutta\Downloads\KiesSetup_2.6.1.13105_7.exe
2014-02-02 15:29 - 2014-02-02 15:29 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-02 15:23 - 2014-02-02 15:23 - 70015304 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Jutta\Downloads\KiesSetup.exe
2014-01-30 14:03 - 2013-07-01 13:15 - 00000000 ____D () C:\Users\Public\CyberLink
2014-01-29 09:51 - 2013-07-04 15:35 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-01-27 20:44 - 2013-07-01 14:33 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-27 17:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-27 12:41 - 2013-07-03 19:16 - 00000000 ____D () C:\Users\Jutta\AppData\Local\Adobe
2014-01-27 12:39 - 2013-07-03 20:56 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-27 09:19 - 2014-01-27 09:19 - 00000000 ____D () C:\Windows\twain_64
2014-01-27 09:18 - 2014-01-27 09:17 - 23580208 _____ () C:\Users\Jutta\Downloads\UniversalScanDriver_V1.02.19.exe
2014-01-20 21:10 - 2014-01-20 21:09 - 00128000 ___SH () C:\Users\Jutta\Thumbs.db
2014-01-17 23:10 - 2013-08-17 00:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-17 23:08 - 2013-07-01 15:21 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-17 23:07 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-01-13 15:43 - 2014-01-13 15:43 - 00440136 _____ () C:\Users\Jutta\Documents\Gutschrift Wehner Groma.oxps
2014-01-09 17:23 - 2014-01-09 17:23 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-01-09 17:23 - 2014-01-09 17:23 - 00000000 ____D () C:\Windows\system32\NV
2014-01-09 16:27 - 2013-04-13 04:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-01-09 09:02 - 2013-11-19 14:49 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-19 14:49 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-04 12:47 - 2013-07-01 11:23 - 00000000 ____D () C:\Users\Jutta\AppData\Local\VirtualStore
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\Users\Jutta\3DM-Installer.exe
C:\Users\Jutta\D3DX9_42.dll
C:\Users\Jutta\eep8.exe
C:\Users\Jutta\Gleisobj.dll
C:\Users\Jutta\mfc100.dll
C:\Users\Jutta\Mfc71.dll
C:\Users\Jutta\msvcp100.dll
C:\Users\Jutta\Msvcp71.dll
C:\Users\Jutta\msvcr100.dll
C:\Users\Jutta\Msvcr71.dll
C:\Users\Jutta\msxml3.dll
C:\Users\Jutta\msxml3a.dll
C:\Users\Jutta\msxml3r.dll
C:\Users\Jutta\ode.dll
C:\Users\Jutta\opcode.dll
C:\Users\Jutta\SPRender.dll
C:\Users\Jutta\Sucode.dll
C:\Users\Jutta\sureCommon3.dll
C:\Users\Jutta\sureInd.dll
C:\Users\Jutta\sureParticles3.dll
C:\Users\Jutta\susl.dll
C:\Users\Jutta\sutrack+.dll
C:\Users\Jutta\Validator.dll
Some content of TEMP:
====================
C:\Users\Jutta\AppData\Local\Temp\bitool.dll
C:\Users\Jutta\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Jutta\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Jutta\AppData\Local\Temp\smt_awesomehp_new.exe
C:\Users\Jutta\AppData\Local\Temp\UpdateCheckerSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-29 21:07
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by Jutta at 2014-02-02 18:15:00
Running from C:\Users\Jutta\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
Abschleppwagen-Simulator 2010 Version 1.3 (x32 Version: 1.3 - astragon Software GmbH)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
ASUS Instant Connect (x32 Version: 1.2.8 - ASUS)
ASUS InstantOn (x32 Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (x32 Version: 3.1.13 - ASUS)
ASUS Live Update (x32 Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (Version: 2.1.2 - ASUS)
ASUS Smart Gesture (x32 Version: 1.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.03.0005 - ASUS)
ASUS Tutor (x32 Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (x32 Version: 2.1.5 - ASUS)
ASUS Virtual Camera (x32 Version: 1.0.26 - ASUS)
ASUS WebStorage Sync Agent (x32 Version: 1.1.10.123 - ASUS Cloud Corporation)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (x32 Version: 1.0.0023 - ASUS)
CCleaner (Version: 4.05 - Piriform)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 7.0.0.3625 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.3625 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Eisenbahn.exe Professional 8.0 (x32 Version: 8.00.0000 - Trend)
Fairground 2 Version 1.0 (x32 Version: - rondomedia Marketing & Vertriebs GmbH)
Flughafen-Feuerwehr-Simulator Version 1.0 (x32 Version: - rondomedia Marketing & Vertriebs GmbH)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Mp3 Wma Converter V 2.2 (x32 Version: 2.2.0.0 - Koyote Soft)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
IePluginService12.27.0.3326 (x32 Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2884 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Landwirtschafts Simulator 2011 (x32 Version: 1.0 - GIANTS Software)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.0 (x86 de) (x32 Version: 24.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyBitCast 2.0 (x32 Version: 2.0 - ASUS)
NoLimits Coasters 1.56 (entfernen) (x32 Version: - )
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6804 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3 (x32 Version: - Atari)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (x32 Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Scan Driver (x32 Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SceneSwitch (x32 Version: 1.0.16 - ASUS)
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Sonderfahrzeug-Simulator 2012 Version 1.0 (x32 Version: 1.0 - Astragon)
Spotify (HKCU Version: 0.9.4.178.g259772ba - Spotify AB)
SupTab (x32 Version: 1.1.1.0 - ) <==== ATTENTION
THW Simulator 2012 (x32 Version: - )
tulox (x32 Version: - )
VR-NetWorld (x32 Version: - )
Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Searchqu Toolbar (x32 Version: 4.1.0.3114 - Bandoo Media Inc) <==== ATTENTION
WinFlash (x32 Version: 2.41.1 - ASUS)
WPM17.8.0.3325 (x32 Version: 17.8.0.3325 - Cherished Technololgy LIMITED) <==== ATTENTION
==================== Restore Points =========================
26-12-2013 22:09:46 Geplanter Prüfpunkt
02-01-2014 17:19:24 DirectX wurde installiert
13-01-2014 20:56:33 Geplanter Prüfpunkt
17-01-2014 22:05:32 Windows Update
02-02-2014 14:25:10 Installed Samsung Kies
==================== Hosts content: ==========================
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {491C78A9-8162-48C4-B69D-71471415546D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for JUTTA-Jutta Jutta => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-01-15] (Microsoft Corporation)
Task: {64119EBC-2F99-4D3B-8D3D-D637811DCD4B} - System32\Tasks\Microsoft\Windows\RestartManager\{3E371F90-96F3-461f-B927-51987DA7D222} => C:\Windows\system32\rmclient.exe [2012-07-26] (Microsoft Corporation)
Task: {6DBC672D-06CB-4FA8-A423-143D4F6EC94E} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {8D798F60-DCA6-4A5D-9F86-77DD4F5BD9E5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {90F73258-6FAC-43C9-BA03-D98CEE0D3A14} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-10-04] (ASUS)
Task: {A3941073-3E51-4409-A002-8243A95D5D82} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B5F824B5-923B-4AAF-AE8F-63329900FF8F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-27] (Adobe Systems Incorporated)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DB6AF6C5-6894-4C47-B347-10A306808047} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek)
Task: {E8C27ACF-BE84-4A73-8343-7B16682AAE56} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-04-13 04:42 - 2013-12-19 21:33 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-04-13 04:43 - 2013-12-19 19:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-06-22 09:44 - 2011-06-22 09:44 - 00034304 _____ () C:\Windows\System32\sst2cl6.dll
2013-07-01 14:33 - 2013-08-23 14:45 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-07-01 14:33 - 2013-10-31 09:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-07-01 14:33 - 2013-10-31 09:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2012-10-04 14:58 - 2012-10-04 14:58 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-10-04 14:58 - 2012-10-04 14:58 - 00041856 _____ () C:\Program Files\ASUS\P4G\plctrl.dll
2014-01-27 09:19 - 2013-10-04 05:53 - 00734720 _____ () C:\Windows\system32\SnMinDrv.dll
2013-07-01 13:52 - 2013-07-01 13:53 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-04-13 04:42 - 2013-12-19 21:33 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2012-09-11 14:01 - 2012-09-11 14:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2012-05-24 21:19 - 2012-05-24 21:19 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-11-13 17:12 - 2013-11-13 17:12 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-01-15 22:59 - 2014-01-15 22:59 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
2013-04-13 04:48 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-12-22 15:05 - 2013-12-22 15:05 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Der angeforderte Dienst wurde bereits gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
==================== Memory info ===========================
Percentage of memory in use: 54%
Total physical RAM: 3981.57 MB
Available physical RAM: 1803.45 MB
Total Pagefile: 4685.57 MB
Available Pagefile: 2405.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:111.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:258.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: F7791DB4)
Partition: GPT Partition Type
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-02 18:34:18
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003d Hitachi_HTS545050A7E380 rev.GG2OA6C0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Jutta\AppData\Local\Temp\uxloypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007f85486257c 8 bytes JMP 000007f9523103b0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007f854866b10 9 bytes JMP 000007f952310308
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f8548e5658 7 bytes JMP 000007f952310260
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f8548e5778 7 bytes JMP 000007f9523102d0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007f854901564 7 bytes JMP 000007f952310340
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f8549140e4 7 bytes JMP 000007f952310298
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f854914178 8 bytes JMP 000007f952310228
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f85491479c 8 bytes JMP 000007f952310378
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f8523528a0 7 bytes JMP 000007f9523100d8
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f8523528e8 5 bytes JMP 000007f952310180
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f85236f590 6 bytes JMP 000007f952310148
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f85236f8ac 5 bytes JMP 000007f952310110
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\USER32.dll!CreateWindowExW 000007f853d3c5b0 7 bytes JMP 000007f952310490
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007f853d431f0 9 bytes JMP 000007f9523103e8
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 000007f853d433e0 5 bytes JMP 000007f952310458
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007f853d47160 5 bytes JMP 000007f952310420
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f854181070 8 bytes JMP 000007f9523101f0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f8541a0c10 8 bytes JMP 000007f9523101b8
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007f84f456d10 5 bytes JMP 000007f94f440110
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007f84f45d060 5 bytes JMP 000007f94f4400d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f851a71532 4 bytes [A7, 51, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f851a7153a 4 bytes [A7, 51, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1112] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f851a7165a 4 bytes [A7, 51, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1120] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007f851a71532 4 bytes [A7, 51, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1120] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007f851a7153a 4 bytes [A7, 51, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1120] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007f851a7165a 4 bytes [A7, 51, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1120] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f853c1177a 4 bytes [C1, 53, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1120] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f853c11782 4 bytes [C1, 53, F8, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1460] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f853c1177a 4 bytes [C1, 53, F8, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1460] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f853c11782 4 bytes [C1, 53, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3988] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f851a71532 4 bytes [A7, 51, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3988] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f851a7153a 4 bytes [A7, 51, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3988] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f851a7165a 4 bytes [A7, 51, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3608] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f851a71532 4 bytes [A7, 51, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3608] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f851a7153a 4 bytes [A7, 51, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3608] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f851a7165a 4 bytes [A7, 51, F8, 07]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007f8553a104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007f8553a1087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007f8553a10dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 128 000007f8553a1110 48 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36 000007f8553a1174 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!memcmp + 199 000007f8553a1257 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!strcat + 144 000007f8553a1300 16 bytes {JMP 0xffffffffffffff8c}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183 000007f8553a13d7 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168 000007f8553a1578 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405 000007f8553a1725 32 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 181 000007f8553a1805 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354 000007f8553a1982 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007f8553a1a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007f8553a1dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007f8553a1e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007f8553a2096 48 bytes {JMP 0xffffffffffffffc0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007f8553a25b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77 000007f8553a261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 160 000007f8553a26f0 16 bytes {JMP RAX}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 236 000007f8553a289c 32 bytes {JMP 0xffffffffffffffb9}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000007f8553a2cb0 8 bytes {JMP QWORD [RIP-0x402]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007f8553a2e30 8 bytes {JMP QWORD [RIP-0x51b]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007f8553a2e60 8 bytes {JMP QWORD [RIP-0x5ca]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f8553a2f80 8 bytes {JMP QWORD [RIP-0x6da]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007f8553a3030 8 bytes {JMP QWORD [RIP-0x792]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f8553a36f1 8 bytes {JMP QWORD [RIP-0xca0]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000007f8553a39d1 8 bytes {JMP QWORD [RIP-0x1018]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8553a4251 8 bytes {JMP QWORD [RIP-0x18a0]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616 00000000770c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000770c15fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000770c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140 00000000770c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000770c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000770c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000770c1923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000770c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000770c196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3432] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000770c1977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6064] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f8490b1b32 4 bytes [0B, 49, F8, 07]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6064] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f8490b1b3a 4 bytes [0B, 49, F8, 07]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007f8553a104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007f8553a1087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007f8553a10dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 128 000007f8553a1110 48 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36 000007f8553a1174 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!memcmp + 199 000007f8553a1257 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!strcat + 144 000007f8553a1300 16 bytes {JMP 0xffffffffffffff8c}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183 000007f8553a13d7 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168 000007f8553a1578 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405 000007f8553a1725 32 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 181 000007f8553a1805 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354 000007f8553a1982 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007f8553a1a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007f8553a1dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007f8553a1e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007f8553a2096 48 bytes {JMP 0xffffffffffffffc0}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007f8553a25b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77 000007f8553a261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 160 000007f8553a26f0 16 bytes {JMP RAX}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 236 000007f8553a289c 32 bytes {JMP 0xffffffffffffffb9}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000007f8553a2cb0 8 bytes {JMP QWORD [RIP-0x402]}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007f8553a2e30 8 bytes {JMP QWORD [RIP-0x51b]}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007f8553a2e60 8 bytes {JMP QWORD [RIP-0x5ca]}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007f8553a2f80 8 bytes {JMP QWORD [RIP-0x6da]}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007f8553a3030 8 bytes {JMP QWORD [RIP-0x792]}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007f8553a36f1 8 bytes {JMP QWORD [RIP-0xca0]}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000007f8553a39d1 8 bytes {JMP QWORD [RIP-0x1018]}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8553a4251 8 bytes {JMP QWORD [RIP-0x18a0]}
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616 00000000770c15f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000770c15fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000770c17d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140 00000000770c18c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000770c18e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23 00000000770c1903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000770c1923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000770c195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000770c196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Jutta\Downloads\Gmer-19357.exe[4244] C:\Windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000770c1977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [672:696] fffff960008085e8
---- Processes - GMER 2.1 ----
Process C:\ProgramData\WPM\wprotectmanager.exe (*** suspicious ***) @ C:\ProgramData\WPM\wprotectmanager.exe [1752] (WPM Service/Cherished Technololgy LIMITED)(2 0000000001340000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5500] 0000000061610000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5500] 000000005abf0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5500] 00000000602b0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 0000000061610000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 0000000059ed0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 0000000059db0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 000000005abf0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 00000000602b0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACECORE.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 000000005a930000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\1031\ACEWSTR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 000000005a850000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEES.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 000000005a7b0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\VBAJET32.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 000000005a7a0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\expsrv.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5824] 000000005a740000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Liebe Grüße Lynette |
| Themen zu PC Optimizer Pro eingefangen |
| browser, converter, cpu, desktop, ebanking, entfernen, error, firefox, flash player, homepage, iexplore.exe, kaspersky, klelam.sys, koyote, mozilla, mp3, ntdll.dll, realtek, registry, rundll, samsung kies, scan, security, services.exe, software, spotify web helper, suptab, svchost.exe, tastatur, updates, windows, windowsapps, wma |
Baum-Darstellung