Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.02.2015, 19:39   #1
Niko91
 
Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ - Beitrag

Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ



Hey Leute,

mir ist heute die Erinnerung an ein altes "Problem" gekommen. Ich schrieb damals schon hier im Forum und mir wurde auch geholfen. Ich war dann allerdings 3 Wochen in einem Urlaub, danach ist das Problem in Vergessenheit geraten. Hier der Link zum alten Problem:

http://www.trojaner-board.de/145931-...unbekannt.html

War wirklich keine Absicht... hab's einfach vergessen nach dem langen Urlaub, sorry und danke für die damalige Hilfe! Den letzten Schritt der damals von Schrauber empfohlen wurde habe ich nicht mehr ausgeführt. Da so viel Zeit vergangen ist, traue ich mich nicht einfach den Schritt auszuführen, ist ja nicht sicher ob er noch angebracht ist.

Mir kam die Erinnerung an damals heute, als ich auf einer Partition folgenden Ordner gefunden habe:

3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ

Der Ordner enthält wiederum Ordner mit Namen:

Z......ZZ....ZZZ (in verschiedenen Variationen, die Z Anzahl variert)

Die Ordner wiederum enthalten Datein mit selben Namensvormat, teilweise im Win-Rar bzw. Zip Format und im .ZZZ (Die Endung taucht dabei auch in verschiedenen Z Zahlen auf, von .Z bis .ZZZZZ ist alles dabei).

Ich traue mich nicht weiter an den Ordner ran bzw. ihn einfach zu löschen ohne weiter abgeklärt zu haben, um was es sich dabei handeln könnte. Ich habe keine Ahnung ob mein PC infiziert ist, ich habe keine sichtbaren Symptome, bis eben diese Ordner/Datein.

Ich hoffe ihr helft mir nochmal, auch wenn ich es damals vergessen habe zu Ende zu führen. Entschuldigung dafür!

Hier die FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Niko (administrator) on QUESTMASTER3000 on 09-02-2015 20:09:29
Running from C:\Users\Niko\Downloads
Loaded Profiles: Niko (Available profiles: Niko)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech Inc.) C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Roccat GmbH) C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.234\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\LoLPatcher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.127\deploy\LolClient.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [1783296 2006-07-23] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RoccatKova+] => C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Run: [] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {1f2ae42a-6c2a-11e1-b0a8-6c626d05b0fe} - H:\Startme.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {379e72df-efc9-11df-8b4a-bc0543012beb} - G:\autorun.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {5a9cca7b-9dd3-11e0-84c8-6c626d05b0fe} - G:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {5cad3377-32e1-11e0-b4ea-bc0543012beb} - G:\Setup.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {6aab9b84-3ad2-11e1-9c2a-6c626d05b0fe} - J:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {73f1126d-ebea-11e3-8e72-6c626d05b0fe} - G:\AutoRun.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {a4e48009-2754-11e1-acab-6c626d05b0fe} - G:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {b0ffa8fa-dcf2-11e3-bcfc-6c626d05b0fe} - I:\LaunchU3.exe -a
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {d76988f4-d636-11df-8edb-6c626d05b0fe} - H:\pushinst.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {f77b1307-55ad-11e3-b52c-6c626d05b0fe} - G:\AUTORUN.EXE
Startup: C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll (Kaspersky Lab ZAO)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1216835461-190305365-3235199106-1000 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKU\S-1-5-21-1216835461-190305365-3235199106-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B1BCECC2-475A-46EA-AF15-1D84FEA5E409}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default
FF DefaultSearchUrl: 
FF SearchEngineOrder.1: foxsearch
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1216835461-190305365-3235199106-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-1216835461-190305365-3235199106-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\searchplugins\icqplugin.xml
FF Extension: Procon Latte Content Filter - C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\Extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi [2014-05-31]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF Extension: Adblock Plus - C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-23]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Thunderbird\Extensions: [te_9.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012-03-12]
FF HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.149\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.149\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.149\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Shockwave for Director) - C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll (Macromedia, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Gutscheinmieze-Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Niko\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-01-03]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-01-03]
CHR Extension: (Content Blocker) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-01-03]
CHR Extension: (Virtual Keyboard) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-01-03]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-01-10]
CHR Extension: (Google Wallet) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Anti-Banner) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-01-03]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-01-07]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2011-01-08] ()
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-04] (Disc Soft Ltd)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-06] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2014-12-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-06] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2013-04-24] (Windows (R) Win 7 DDK provider)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 VMC31D; C:\Windows\System32\Drivers\VMC31D.sys [179968 2008-04-09] (Vimicro Corporation) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 AODDriver; \??\C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 20:09 - 2015-02-09 20:10 - 00028117 _____ () C:\Users\Niko\Downloads\FRST.txt
2015-02-09 20:09 - 2015-02-09 20:09 - 02132992 _____ (Farbar) C:\Users\Niko\Downloads\FRST64.exe
2015-02-09 20:08 - 2015-02-09 20:08 - 00050477 _____ () C:\Users\Niko\Downloads\Defogger.exe
2015-02-09 20:08 - 2015-02-09 20:08 - 00000540 _____ () C:\Users\Niko\Downloads\defogger_disable.log
2015-01-26 20:43 - 2015-01-26 20:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 12:25 - 2015-01-25 12:25 - 00094720 _____ () C:\Users\Niko\Downloads\Controlling_Loesungen(1).xls
2015-01-14 21:04 - 2015-01-14 21:04 - 05516918 _____ () C:\Users\Niko\Downloads\1
2015-01-14 17:49 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 17:49 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 17:49 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 17:49 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 17:49 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 17:49 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 17:49 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 17:49 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 17:49 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 17:49 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 17:49 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 17:49 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 17:49 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 20:19 - 2015-01-11 20:39 - 00000000 ____D () C:\Program Files (x86)\Altitude
2015-01-11 20:19 - 2015-01-11 20:19 - 00001897 _____ () C:\Users\Public\Desktop\Altitude.lnk
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altitude

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 20:09 - 2013-12-11 13:53 - 00000000 ____D () C:\FRST
2015-02-09 20:08 - 2013-12-11 13:45 - 00000296 _____ () C:\Users\Niko\defogger_reenable
2015-02-09 19:58 - 2010-12-13 15:44 - 00000000 ____D () C:\Windows\Minidump
2015-02-09 19:51 - 2012-04-01 18:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 19:49 - 2013-12-04 11:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-09 18:19 - 2010-10-12 20:00 - 01834400 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 17:19 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 17:19 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 17:14 - 2012-04-15 19:12 - 00000000 ____D () C:\Users\Niko\Desktop\FK 10
2015-02-09 17:10 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-09 17:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 13:15 - 2010-10-13 19:31 - 00000000 ____D () C:\Users\Niko\AppData\Roaming\Skype
2015-02-06 19:51 - 2012-04-01 18:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 19:51 - 2012-04-01 18:41 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 19:51 - 2011-06-01 09:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 21:46 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-01-29 21:46 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-01-29 21:46 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 16:43 - 2012-05-04 11:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 20:53 - 2013-10-17 22:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 19:55 - 2014-08-11 15:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-26 19:55 - 2012-04-10 01:34 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-22 21:00 - 2010-10-12 20:42 - 00000000 ____D () C:\Users\Niko\AppData\Local\CrashDumps
2015-01-14 21:38 - 2013-08-15 10:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:29 - 2010-10-13 22:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2011-12-08 21:44 - 2011-12-08 21:53 - 0000651 _____ () C:\Users\Niko\AppData\Roaming\MPQEditor.ini
2012-08-09 14:35 - 2012-08-09 14:36 - 0097497 _____ () C:\Users\Niko\AppData\Roaming\Scribe.dmp
2011-08-29 13:01 - 2013-06-16 10:11 - 0023094 _____ () C:\Users\Niko\AppData\Roaming\wklnhst.dat
2014-04-08 20:28 - 2014-04-08 20:28 - 0001456 _____ () C:\Users\Niko\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2011-10-31 22:06 - 2011-10-31 22:06 - 0007604 _____ () C:\Users\Niko\AppData\Local\Resmon.ResmonCfg
2011-06-15 21:29 - 2011-06-19 16:38 - 0001940 _____ () C:\Users\Niko\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2010-10-13 19:32 - 2010-10-13 19:32 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-10-13 20:33 - 2014-10-18 21:22 - 0049225 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Niko\AppData\Local\Temp\detectionapi_rd.dll
C:\Users\Niko\AppData\Local\Temp\detectionui_r.exe
C:\Users\Niko\AppData\Local\Temp\directx10tests_rd.dll
C:\Users\Niko\AppData\Local\Temp\directx11tests_rd.dll
C:\Users\Niko\AppData\Local\Temp\directx9tests_rd.dll
C:\Users\Niko\AppData\Local\Temp\local.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 18:49

==================== End Of Log ============================
         
Und hier Additional:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Niko at 2015-02-09 20:10:54
Running from C:\Users\Niko\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Total Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Altitude 1.1 (HKLM-x32\...\4578-0181-0549-1546) (Version: 1.1 - Nimbly Games)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
America (HKLM-x32\...\America) (Version:  - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
applicationupdater (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\SOE-C:/Users/Niko/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version:  - Sony Online Entertainment)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C6300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Canon Utilities Digital Photo Professional 3.11 (HKLM-x32\...\Digital Photo Professional) (Version: 3.11.30.3 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.11.3.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.2.1.13 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.10.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.13 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Citrix Online Plug-in - Web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
EndNote X4 (HKLM-x32\...\{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}) (Version: 14.0.0.4845 - Thomson Reuters)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Free 3GP Video Converter version 5.0.21.1212 (HKLM-x32\...\Free 3GP Video Converter_is1) (Version: 5.0.21.1212 - DVDVideoSoft Ltd.)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Converter version 5.0.23.320 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.1.42.1212 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.42.1212 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IBM SPSS Statistics 19 (HKLM\...\{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}) (Version: 19.0.0 - SPSS Inc., an IBM Company)
IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
IndustrieGigant 2 (HKLM-x32\...\{8FA7E81D-6D99-4788-8BE4-D898B346AB2E}) (Version: 1.1.0.0 - JoWooD Productions Software AG)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader (HKLM-x32\...\JDownloader) (Version:  - AppWork UG (haftungsbeschränkt))
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech G11 Keyboard Software 1.03 (HKLM\...\{59427B1F-852F-4AF1-8215-E5B12F966D89}) (Version: 1.3.166.0 - Logitech)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mendeley Desktop 1.3.1 (HKLM-x32\...\Mendeley Desktop) (Version: 1.3.1 - Mendeley Ltd.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{B26E3B0D-C2FA-4370-B068-7C476766F029}) (Version: 08.04.0702 - Microsoft Corporation)
Microsoft Works Suite-Add-Ins für Microsoft Word (HKLM-x32\...\{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}) (Version: 8.0.0.0000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mindjet (HKLM-x32\...\{6D1AFA44-6E87-41F5-B7D4-4C457A98A3A3}) (Version: 11.1.353 - Mindjet)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{4AA68A73-DB9C-439D-9481-981C82BD008B}) (Version: 7.1.69.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.3.86.0 - Nokia)
Nokia Suite (x32 Version: 3.3.86.0 - Nokia) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.36 - Symantec)
Notation Composer 2.6.3 Trial (HKLM-x32\...\{9C20F41F-CD00-4EA9-BCC9-5D0855EF30C2}) (Version: 2.6.3 - Notation Software) <==== ATTENTION
Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
partypoker (HKLM-x32\...\PartyPoker) (Version:  - PartyGaming)
PC Connectivity Solution (HKLM-x32\...\{A2AA4204-C05A-4013-888A-AD153139297F}) (Version: 11.5.29.0 - Nokia)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PlanetSide 2 (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\SOE-PlanetSide 2 PSG) (Version:  - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
Populous: The Beginning (HKLM-x32\...\Populous: The Beginning) (Version: 1.03 - Bullfrog)
PS_AIO_04_C6300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - )
ROCCAT Kova[+] Mouse Driver (HKLM-x32\...\{A86DDFE3-F661-461C-9BF2-876AC2CA57DE}) (Version: 1.10 - Roccat GmbH)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScummVM Git (HKLM-x32\...\ScummVM_is1) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup-Start von Microsoft Works 2005 (HKLM-x32\...\Works2005Setup) (Version:  - )
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
Silent Hunter 5 (HKLM-x32\...\{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}) (Version: 1.2.0 - Ubisoft)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Söldner Secret Wars - Community Edition Version 33960 (HKLM-x32\...\{F3AF62F5-665E-4B3E-8899-5C46D1793391}_is1) (Version: 33960 - soldnersecretwars.de)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.12.12.41 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.108 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.108 - Sony)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
STARWARS: The Battle of Endor version 2.1 (HKLM-x32\...\STARWARS: The Battle of Endor v2.1_is1) (Version:  - Bruno R. Marcos)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stranded II 1.0.0.1 (HKLM-x32\...\{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1) (Version:  - Unreal Software)
Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal (HKLM-x32\...\Steam App 31170) (Version:  - Telltale Games)
Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay  (HKLM-x32\...\Steam App 31180) (Version:  - Telltale Games)
Tales of Monkey Island: Chapter 3 - Lair of the Leviathan  (HKLM-x32\...\Steam App 31190) (Version:  - Telltale Games)
Tales of Monkey Island: Chapter 4 - The Trial and Execution of Guybrush Threepwood  (HKLM-x32\...\Steam App 31200) (Version:  - Telltale Games)
Tales of Monkey Island: Chapter 5 - Rise of the Pirate God (HKLM-x32\...\Steam App 31210) (Version:  - Telltale Games)
TeamSpeak 3 Client (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
TomTom HOME 2.8.2.2264 (HKLM-x32\...\TomTom HOME) (Version: 2.8.2.2264 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.49 - Creative Island Media, LLC) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 1.1.8 (HKLM-x32\...\VLC media player) (Version: 1.1.8 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Works Update (x32 Version: 8.0.0.0000 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.2.0.16826 - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{5be52a22-f148-4495-bf42-53cd0367c056}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-05-24 15:24 - 00000836 ____A C:\Windows\system32\Drivers\etc\hosts





==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07F14CBB-44D8-4976-8119-8C69192C48BE} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0897BBC7-D121-4F07-9838-F12C6DA30141} - System32\Tasks\{B24CB037-AB4D-4C95-B81B-9C8AF6B600E5} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {1DEADAE6-FC5C-4ACE-9D0A-A8C54D135654} - System32\Tasks\{BCCDA5D3-2212-4AB4-921C-831790D4D59D} => D:\Niko\LucasArts\Monkey Island 2 LeChucks Revenge Special Edition\Monkey2.exe
Task: {263007BF-6B17-4D8F-9A49-C962FE28CE4F} - System32\Tasks\{BE69D37A-D45C-41C5-97D7-ABBBE8F4B4E0} => F:\AUTORUN.EXE
Task: {283F984A-AB35-4FC3-A64F-0D98C52EAC6E} - System32\Tasks\{D83F7E2F-F944-4344-A2C0-7E43A04F4192} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -c -runfromtemp -l0x0007 -removeonly
Task: {2EB67EBE-7D0C-41A7-9EBA-71964B81DDC3} - System32\Tasks\{4D2E3DDC-0A55-4CDF-8193-B49A86F1F31E} => D:\Siedler\BLUEBYTE\SIEDLER2\SIEDLER2.EXE [2010-10-18] ()
Task: {2F2FD535-9B25-4027-8EBD-0B5D41894E69} - System32\Tasks\{42A8F30A-90D7-4932-A9A4-B8209AE63396} => D:\Siedler\BLUEBYTE\SIEDLER2\SIEDLER2.EXE [2010-10-18] ()
Task: {31250475-1FD8-4276-BF00-173EF208248E} - System32\Tasks\{E01AF9FC-3534-45FD-BB90-68DCF6FEBE07} => C:\Team17\Worms World Party\wwp.exe
Task: {3EE62B6E-BC92-4833-8480-2D9166AD6023} - System32\Tasks\{6AF28C70-A5F5-4E2F-8776-A1F02E199B3A} => C:\Program Files (x86)\DATA BECKER\America\America.exe [2001-01-09] (Related Designs Software GmbH)
Task: {3F2EC12C-BB24-4328-9E03-212A0E98C8AE} - System32\Tasks\{6E25A4CC-0165-4D47-BC2D-737AE62E5A05} => D:\worms_arma\Worms_2_Armageddon\wa.exe
Task: {42C7E264-7A69-4C6F-B0D9-F094D128A31D} - System32\Tasks\{B56D80DE-2BF5-4431-AE7D-EF6AC461BA36} => D:\110\commandos\betasux.exe
Task: {4DCBCB29-8F7E-4FE8-912B-619F7D1E7495} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-05-07] (Oracle Corporation)
Task: {5336786C-D351-4E1C-ACAE-5C5F06940241} - System32\Tasks\{EF4A83C9-FDE2-4C9C-9C82-D763D863A393} => C:\Program Files (x86)\IndustrieGigant 2\enginetest.exe
Task: {5A881D11-A8FE-42C7-9CBF-F78D4299B07C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {5CAEF151-92A5-464D-A104-F71852FA71ED} - System32\Tasks\DLL-files.com Fixer => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {74242883-8C19-43FA-B548-45D65795D860} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {76894412-422E-4900-8D40-6790C3A00453} - System32\Tasks\{9D45BAF4-090B-416A-BEAE-58E186B7AF81} => D:\worms_arma\Worms_2_Armageddon\wa.exe
Task: {843A3CBD-CCA1-48A4-AF9E-5C95C2F9B1A8} - System32\Tasks\{075F83F5-4508-48FB-BFF2-0320604E19C4} => C:\Program Files (x86)\IndustrieGigant 2\ig2.exe
Task: {929B4B8F-495B-4B84-A456-AD69AC087F33} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A2304F2E-408C-4F08-B751-AF3D3391A72F} - System32\Tasks\{574609B5-BCD2-44A3-B1D5-4E616F5A71AC} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {A562E7FB-0709-4640-BC44-D8CFB206FDBE} - System32\Tasks\{573FC5F3-DC3E-4A8B-AA99-DF270D6A24BB} => G:\SETUP.EXE [2005-04-06] (Macrovision Corporation)
Task: {AD384E94-3136-447C-83BD-1D8499955373} - System32\Tasks\{603E6881-FB7D-42DA-9702-17AC9D70506C} => pcalua.exe -a "C:\Program Files (x86)\avmwlanstick\instwcli.exe" -d "C:\Program Files (x86)\avmwlanstick"
Task: {AD7CD137-8732-4AA2-BD86-96B62FCBD724} - System32\Tasks\{561CF15B-5378-4012-A919-D2D8C080120C} => pcalua.exe -a "C:\Program Files (x86)\EA GAMES\Die Sims 2 Nightlife\eauninstall.exe" -d "C:\Program Files (x86)\EA GAMES\Die Sims 2 Nightlife"
Task: {B0F4B8B8-3F9B-47E1-9473-ECE741C7827C} - System32\Tasks\{7D743872-4514-4F70-8963-CD993D7B3DA9} => C:\Emergency\emergy.exe [1998-04-28] ()
Task: {B3DBC25B-6B8A-48DC-932E-F0BC48AA544C} - System32\Tasks\{39C61096-0393-49FE-9103-79A8C49767C3} => D:\worms_arma\Worms_2_Armageddon\wa.exe
Task: {B80AB8E9-E2F9-4398-8999-9E034F9B1FAC} - System32\Tasks\{4CBDF0BE-AB76-4389-9BAE-03E1C5DA06AB} => D:\Niko\LucasArts\Monkey2Launcher.exe [2010-07-29] ()
Task: {BB150135-744B-435F-A4AE-20E7CF156FEF} - System32\Tasks\{8B0B2FA5-AECC-4577-BBE1-F36F579EC056} => D:\Pizza Syndicate\Autorun.exe
Task: {CD9599FB-F604-4398-97A6-61B6CF25C24C} - System32\Tasks\{CE267232-BC30-4FDC-886D-92AB01325001} => C:\Team17\Worms World Party\wwp.exe
Task: {D76172FF-1B90-4522-A342-21585159C3BD} - System32\Tasks\{4B5AA4C3-6DB9-4CC9-8377-6D0F7AA73424} => D:\Emergency\emergy.exe
Task: {D9757778-8515-40E2-B097-7560A21885A3} - System32\Tasks\{94D78FD0-AA40-47FB-AF1F-DBE3E932BA82} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.73.129.457/de/abandoninstall?page=tsWLM
Task: {DADA45EF-CA2A-4370-9830-DEDBDDAE3B82} - System32\Tasks\{FF640566-487F-493B-976D-AF61DDA0251F} => D:\Emergency\emergy.exe
Task: {DB8B467B-773D-4B13-8609-3809862037B2} - System32\Tasks\{5ACEA32C-AE59-480F-ABC6-FBDB0BCA4D14} => D:\Emergency\emergy.exe
Task: {E7682E85-D68B-4663-AED0-377E2A47AF1D} - System32\Tasks\{5F59D4BF-403D-4ED4-B93C-ACED9C48D0BD} => C:\Program Files (x86)\DATA BECKER\America\America.exe [2001-01-09] (Related Designs Software GmbH)
Task: {E8D66105-45EB-4BF7-ADC3-35807FEB2CB6} - System32\Tasks\{2BB5F165-2886-4B5B-A2F5-18D71DBF59E5} => pcalua.exe -a G:\setup.exe -d G:\
Task: {EED55FB9-B7AE-4B1C-9B93-2D0D99F61F4E} - System32\Tasks\{191935BD-D718-4812-86E7-D3C695199D12} => D:\Siedler\BLUEBYTE\SIEDLER2\SIEDLER2.EXE [2010-10-18] ()
Task: {F7EBD3BC-9E4B-41A0-9FE6-21A0E7A55BA1} - System32\Tasks\{3B40AD84-DD3D-4E71-9400-424EEECF6903} => D:\Niko\LucasArts\Monkey Island 2 LeChucks Revenge Special Edition\Monkey2.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2010-10-12 21:38 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2011-01-08 17:23 - 2011-01-08 17:23 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-07-14 02:17 - 2009-07-14 02:41 - 01708032 _____ () C:\Windows\system32\hpotiop1.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-06-12 17:11 - 2014-06-04 20:05 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2014-06-04 20:06 - 2015-02-04 16:24 - 02445816 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.234\deploy\LoLLauncher.exe
2015-02-04 16:24 - 2015-02-04 16:24 - 04234232 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\LoLPatcher.exe
2014-06-04 20:19 - 2014-06-04 20:19 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.127\deploy\LolClient.exe
2013-10-10 22:48 - 2013-10-10 22:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\kpcengine.2.3.dll
2014-10-14 18:28 - 2010-05-29 13:57 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\hiddriver.dll
2015-01-26 20:43 - 2015-01-26 20:43 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-30 17:12 - 2014-12-06 12:47 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-08-30 17:12 - 2014-12-06 12:47 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-08-30 17:12 - 2014-12-06 12:47 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2015-02-06 19:51 - 2015-02-06 19:51 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1216835461-190305365-3235199106-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "E:\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1216835461-190305365-3235199106-500 - Administrator - Disabled)
Gast (S-1-5-21-1216835461-190305365-3235199106-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1216835461-190305365-3235199106-1002 - Limited - Enabled)
Niko (S-1-5-21-1216835461-190305365-3235199106-1000 - Administrator - Enabled) => C:\Users\Niko

==================== Faulty Device Manager Devices =============

Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2015 10:26:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 492: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (02/05/2015 10:26:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (02/03/2015 06:50:27 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/03/2015 06:50:01 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/03/2015 06:49:28 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/02/2015 09:19:21 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/02/2015 09:18:53 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/02/2015 09:18:21 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/01/2015 05:18:47 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/01/2015 05:18:36 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (02/09/2015 05:14:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (02/09/2015 05:12:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (02/09/2015 05:12:30 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (02/09/2015 05:11:58 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (02/09/2015 05:11:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" wurde nicht richtig gestartet.

Error: (02/09/2015 05:11:16 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (02/09/2015 05:10:34 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (02/08/2015 11:41:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (02/08/2015 11:40:22 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (02/08/2015 11:39:40 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (02/05/2015 10:26:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 492: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (02/05/2015 10:26:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (02/03/2015 06:50:27 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (02/03/2015 06:50:01 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dllC:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll19

Error: (02/03/2015 06:49:28 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exeC:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe19

Error: (02/02/2015 09:19:21 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (02/02/2015 09:18:53 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dllC:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll19

Error: (02/02/2015 09:18:21 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exeC:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe19

Error: (02/01/2015 05:18:47 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (02/01/2015 05:18:36 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dllC:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll19


CodeIntegrity Errors:
===================================
  Date: 2015-02-03 18:50:36.956
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-03 18:50:36.941
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-03 18:50:36.941
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-03 18:50:36.941
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-03 18:50:36.941
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-03 18:50:36.941
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-02 21:19:32.242
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-02 21:19:32.242
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-02 21:19:32.242
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-02 21:19:32.227
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X6 1055T Processor
Percentage of memory in use: 34%
Total physical RAM: 8191.18 MB
Available physical RAM: 5328.75 MB
Total Pagefile: 16380.54 MB
Available Pagefile: 13290.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:152.34 GB) (Free:23.61 GB) NTFS
Drive d: () (Fixed) (Total:380.86 GB) (Free:159.78 GB) NTFS
Drive e: () (Fixed) (Total:398.21 GB) (Free:80.33 GB) NTFS
Drive g: (FEAR) (CDROM) (Total:4.16 GB) (Free:0 GB) CDFS
Drive h: (USB DISK) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BAFBAE4D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=152.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=380.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=398.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0C)

==================== End Of Log ============================
         
GMER kommt gleich in einem Edit!!


Alt 09.02.2015, 20:54   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ - Standard

Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ



Hi und

Bitte einen Lauf mit MBAR machen:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 09.02.2015, 21:49   #3
Niko91
 
Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ - Standard

Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ



Mbar nichts gefunden, hier der Report:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.02.09.10
  rootkit: v2015.02.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Niko :: QUESTMASTER3000 [administrator]

09.02.2015 22:28:19
mbar-log-2015-02-09 (22-28-19).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 367075
Time elapsed: 12 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Und hiern och das fehlende GMER

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-09 22:04:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Niko\AppData\Local\Temp\fwldiaoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                                              0000000072ec1a22 2 bytes [EC, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                                              0000000072ec1ad0 2 bytes [EC, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                                              0000000072ec1b08 2 bytes [EC, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                                              0000000072ec1bba 2 bytes [EC, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1784] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                                              0000000072ec1bda 2 bytes [EC, 72]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                 0000000077671398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                        000000007767143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                        0000000077671594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                000000007767191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                               0000000077671bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                  0000000077671d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                      0000000077671edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                    0000000077671fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                    00000000776727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                  00000000776727d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79   000000007767282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184  0000000077672898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299          0000000077672d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375          0000000077672d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                      000000007767323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                      00000000776733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                     0000000077673a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                     0000000077673ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197         0000000077673b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                  0000000077674190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                 0000000077674241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                 00000000776742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                     00000000776743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                     0000000077674434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                               00000000776745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                               00000000776746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                  0000000077674a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                  0000000077674b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                               0000000077674c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                               0000000077674d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256              0000000077674ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                 0000000077674ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501              00000000776750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                         00000000776752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                   00000000776753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                     00000000776755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                     00000000776764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                        000000007767668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                        000000007767687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45          00000000776768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4              00000000776768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92             000000007767692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                       0000000077677166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                0000000077677dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                       0000000077677e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                            00000000776c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                          00000000776c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                00000000776c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                              00000000776c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                  00000000776c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                  00000000776c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                00000000776c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                00000000776c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312              00000000751213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471              000000007512146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                           00000000751216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                        00000000751219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                        00000000751219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                  0000000075121a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                                                          0000000077671398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                 000000007767143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                 0000000077671594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                         000000007767191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                        0000000077671bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                           0000000077671d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                               0000000077671edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                             0000000077671fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                             00000000776727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                           00000000776727d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                            000000007767282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                           0000000077672898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                   0000000077672d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                   0000000077672d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                               000000007767323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                               00000000776733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                              0000000077673a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                              0000000077673ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                  0000000077673b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                           0000000077674190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                          0000000077674241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                          00000000776742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                              00000000776743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                              0000000077674434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                                                                        00000000776745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                                                                        00000000776746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                           0000000077674a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                           0000000077674b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                        0000000077674c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                        0000000077674d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                       0000000077674ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                          0000000077674ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                       00000000776750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                  00000000776752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                            00000000776753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                                                              00000000776755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                              00000000776764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                 000000007767668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                 000000007767687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                   00000000776768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                       00000000776768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                      000000007767692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                0000000077677166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                                                         0000000077677dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                                                0000000077677e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                     00000000776c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                   00000000776c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                         00000000776c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       00000000776c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                           00000000776c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           00000000776c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                         00000000776c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         00000000776c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                       00000000751213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                       000000007512146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                    00000000751216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                 00000000751219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                 00000000751219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[3664] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                           0000000075121a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                                                          0000000077671398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                 000000007767143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                 0000000077671594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                         000000007767191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                        0000000077671bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                           0000000077671d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                               0000000077671edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                             0000000077671fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                             00000000776727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                           00000000776727d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                            000000007767282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                           0000000077672898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                   0000000077672d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                   0000000077672d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                               000000007767323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                               00000000776733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                              0000000077673a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                              0000000077673ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                  0000000077673b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                           0000000077674190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                          0000000077674241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                          00000000776742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                              00000000776743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                              0000000077674434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                                                                        00000000776745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                                                                        00000000776746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                           0000000077674a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                           0000000077674b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                        0000000077674c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                        0000000077674d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                       0000000077674ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                          0000000077674ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                       00000000776750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                  00000000776752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                            00000000776753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                                                              00000000776755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                              00000000776764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                 000000007767668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                 000000007767687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                   00000000776768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                       00000000776768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                      000000007767692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                0000000077677166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                                                         0000000077677dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                                                0000000077677e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                     00000000776c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                   00000000776c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                         00000000776c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       00000000776c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                           00000000776c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           00000000776c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                         00000000776c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         00000000776c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                       00000000751213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                       000000007512146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                    00000000751216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                 00000000751219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                 00000000751219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[1000] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                           0000000075121a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                                                 0000000077671398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                        000000007767143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                        0000000077671594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                000000007767191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                               0000000077671bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                  0000000077671d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                      0000000077671edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                    0000000077671fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                    00000000776727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                  00000000776727d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                   000000007767282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                  0000000077672898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                          0000000077672d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                          0000000077672d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                      000000007767323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                      00000000776733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                     0000000077673a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                     0000000077673ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                         0000000077673b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                  0000000077674190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                 0000000077674241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                 00000000776742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                     00000000776743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                     0000000077674434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                                                               00000000776745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                                                               00000000776746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                  0000000077674a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                  0000000077674b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                               0000000077674c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                               0000000077674d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                              0000000077674ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                 0000000077674ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                              00000000776750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                         00000000776752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                   00000000776753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                                                     00000000776755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                     00000000776764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                        000000007767668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                        000000007767687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                          00000000776768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                              00000000776768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                             000000007767692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                       0000000077677166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                                                0000000077677dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                                       0000000077677e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                            00000000776c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                          00000000776c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                00000000776c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                              00000000776c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                  00000000776c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                  00000000776c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                00000000776c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                00000000776c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                              00000000751213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                              000000007512146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                           00000000751216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                        00000000751219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                        00000000751219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe[3536] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                  0000000075121a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424                                                                                         0000000077671398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                000000007767143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                0000000077671594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                        000000007767191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                       0000000077671bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                          0000000077671d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                              0000000077671edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                            0000000077671fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                            00000000776727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                          00000000776727d2 8 bytes {JMP 0x10}
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                           000000007767282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                          0000000077672898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                  0000000077672d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                                  0000000077672d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                              000000007767323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                              00000000776733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                             0000000077673a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                             0000000077673ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                 0000000077673b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                          0000000077674190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                         0000000077674241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                         00000000776742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 3
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                             00000000776743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                             0000000077674434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408                                                                                       00000000776745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657                                                                                       00000000776746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                          0000000077674a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                          0000000077674b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                                       0000000077674c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                                       0000000077674d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                  * 2
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                                      0000000077674ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                         0000000077674ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                                      00000000776750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                                 00000000776752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                           00000000776753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484                                                                             00000000776755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                             00000000776764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                                000000007767668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                                000000007767687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                                  00000000776768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                                      00000000776768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                                     000000007767692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                               0000000077677166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                                                                        0000000077677dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                                                               0000000077677e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                    00000000776c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                  00000000776c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                        00000000776c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                      00000000776c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                          00000000776c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                          00000000776c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                        00000000776c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                        00000000776c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                      00000000751213cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                      000000007512146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                   00000000751216d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                00000000751219db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                00000000751219fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Niko\Downloads\Gmer-19357.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                          0000000075121a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Registry - GMER 2.1 ----

Reg    HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=26F42A7 TREIBER\Windows XP\Intel\xae Matrix Storage Manager\Setup.exe  1

---- EOF - GMER 2.1 ----
         
__________________

Alt 09.02.2015, 21:51   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ - Standard

Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Wie man Programme richtig installiert

Backup mit DriveSnapshot

Das TB unterstützen

Alt 09.02.2015, 22:51   #5
Niko91
 
Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ - Standard

Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ



AdwCleaner:

Code:
ATTFilter
# AdwCleaner v4.110 - Bericht erstellt 09/02/2015 um 23:11:25
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-09.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Niko - QUESTMASTER3000
# Gestarted von : C:\Users\Niko\Downloads\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\RHelpers
Ordner Gelöscht : C:\ProgramData\Updater
Ordner Gelöscht : C:\ProgramData\Websteroids
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Users\Niko\AppData\Roaming\Gutscheinmieze
Ordner Gelöscht : C:\Users\Niko\AppData\Roaming\pdfforge
[!] Ordner Gelöscht : C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Ordner Gelöscht : C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Datei Gelöscht : C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.xpi
Datei Gelöscht : C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\dll-files.com
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\dll-files.com
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\B696D3C37BD0D6C33A65D38BEC459181
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\B696D3C37BD0D6C33A65D38BEC459181
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B696D3C37BD0D6C33A65D38BEC459181
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - fritz;*.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v35.0.1 (x86 de)


-\\ Google Chrome v

[C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp

*************************

AdwCleaner[R0].txt - [10476 Bytes] - [17/12/2013 20:30:00]
AdwCleaner[R1].txt - [4174 Bytes] - [09/02/2015 23:08:53]
AdwCleaner[S0].txt - [9865 Bytes] - [17/12/2013 20:31:27]
AdwCleaner[S1].txt - [3669 Bytes] - [09/02/2015 23:11:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3728  Bytes] ##########
         
JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Niko on 09.02.2015 at 23:21:22,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.02.2015 at 23:24:13,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Niko (administrator) on QUESTMASTER3000 on 09-02-2015 23:51:53
Running from C:\Users\Niko\Desktop
Loaded Profiles: Niko (Available profiles: Niko)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech Inc.) C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Roccat GmbH) C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [1783296 2006-07-23] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RoccatKova+] => C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Run: [] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {1f2ae42a-6c2a-11e1-b0a8-6c626d05b0fe} - H:\Startme.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {379e72df-efc9-11df-8b4a-bc0543012beb} - G:\autorun.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {5a9cca7b-9dd3-11e0-84c8-6c626d05b0fe} - G:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {5cad3377-32e1-11e0-b4ea-bc0543012beb} - G:\Setup.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {6aab9b84-3ad2-11e1-9c2a-6c626d05b0fe} - J:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {73f1126d-ebea-11e3-8e72-6c626d05b0fe} - G:\AutoRun.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {a4e48009-2754-11e1-acab-6c626d05b0fe} - G:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {b0ffa8fa-dcf2-11e3-bcfc-6c626d05b0fe} - I:\LaunchU3.exe -a
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {d76988f4-d636-11df-8edb-6c626d05b0fe} - H:\pushinst.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {f77b1307-55ad-11e3-b52c-6c626d05b0fe} - G:\AUTORUN.EXE
Startup: C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll (Kaspersky Lab ZAO)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKU\S-1-5-21-1216835461-190305365-3235199106-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B1BCECC2-475A-46EA-AF15-1D84FEA5E409}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default
FF DefaultSearchUrl: 
FF SearchEngineOrder.1: foxsearch
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1216835461-190305365-3235199106-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-1216835461-190305365-3235199106-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\searchplugins\englische-ergebnisse.xml
FF Extension: Procon Latte Content Filter - C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\Extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi [2014-05-31]
FF Extension: Adblock Plus - C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-23]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-06]
FF HKLM-x32\...\Thunderbird\Extensions: [te_9.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012-03-12]
FF HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\77dp60xc.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.149\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.149\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.149\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Shockwave for Director) - C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll (Macromedia, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Gutscheinmieze-Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Niko\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-01-03]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-01-03]
CHR Extension: (Content Blocker) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-01-03]
CHR Extension: (Virtual Keyboard) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-01-03]
CHR Extension: (Google Wallet) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Anti-Banner) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-01-03]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2011-01-08] ()
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-04] (Disc Soft Ltd)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-06] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2014-12-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-06] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 KovaPlusFltr; C:\Windows\System32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2013-04-24] (Windows (R) Win 7 DDK provider)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 VMC31D; C:\Windows\System32\Drivers\VMC31D.sys [179968 2008-04-09] (Vimicro Corporation) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 AODDriver; \??\C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 23:46 - 2015-02-09 23:46 - 00016281 _____ () C:\Users\Niko\Desktop\Addition.txt
2015-02-09 23:24 - 2015-02-09 23:24 - 00000624 _____ () C:\Users\Niko\Desktop\JRT.txt
2015-02-09 23:16 - 2015-02-09 23:16 - 01388274 _____ (Thisisu) C:\Users\Niko\Desktop\JRT.exe
2015-02-09 23:15 - 2015-02-09 23:15 - 00003824 _____ () C:\Users\Niko\Desktop\AdwCleaner[S1].txt
2015-02-09 23:08 - 2015-02-09 23:08 - 02112512 _____ () C:\Users\Niko\Desktop\AdwCleaner_4.110.exe
2015-02-09 23:02 - 2015-02-09 23:02 - 00500744 _____ () C:\Windows\Minidump\020915-20404-01.dmp
2015-02-09 22:28 - 2015-02-09 22:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-09 22:28 - 2015-02-09 22:28 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 22:24 - 2015-02-09 22:44 - 00000000 ____D () C:\Users\Niko\Desktop\mbar
2015-02-09 22:24 - 2015-02-09 22:24 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-09 22:07 - 2015-02-09 22:11 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Niko\Downloads\mbar-1.08.3.1004.exe
2015-02-09 22:04 - 2015-02-09 22:04 - 00077273 _____ () C:\Users\Niko\Desktop\GEMR.log
2015-02-09 20:47 - 2015-02-09 23:47 - 00000336 _____ () C:\Windows\setupact.log
2015-02-09 20:47 - 2015-02-09 23:02 - 844008652 _____ () C:\Windows\MEMORY.DMP
2015-02-09 20:47 - 2015-02-09 20:47 - 00320264 _____ () C:\Windows\Minidump\020915-20202-01.dmp
2015-02-09 20:47 - 2015-02-09 20:47 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-09 20:42 - 2015-02-09 20:42 - 00380416 _____ () C:\Users\Niko\Downloads\Gmer-19357.exe
2015-02-09 20:11 - 2015-02-09 23:52 - 00026140 _____ () C:\Users\Niko\Desktop\FRST.txt
2015-02-09 20:10 - 2015-02-09 20:11 - 00049688 _____ () C:\Users\Niko\Downloads\Addition.txt
2015-02-09 20:09 - 2015-02-09 20:11 - 00035643 _____ () C:\Users\Niko\Downloads\FRST.txt
2015-02-09 20:09 - 2015-02-09 20:09 - 02132992 _____ (Farbar) C:\Users\Niko\Desktop\FRST64.exe
2015-02-09 20:08 - 2015-02-09 20:08 - 00050477 _____ () C:\Users\Niko\Downloads\Defogger.exe
2015-02-09 20:08 - 2015-02-09 20:08 - 00000540 _____ () C:\Users\Niko\Downloads\defogger_disable.log
2015-01-26 20:43 - 2015-01-26 20:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 12:25 - 2015-01-25 12:25 - 00094720 _____ () C:\Users\Niko\Downloads\Controlling_Loesungen(1).xls
2015-01-14 21:04 - 2015-01-14 21:04 - 05516918 _____ () C:\Users\Niko\Downloads\1
2015-01-14 17:49 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 17:49 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 17:49 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 17:49 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 17:49 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 17:49 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 17:49 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 17:49 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 17:49 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 17:49 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 17:49 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 17:49 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 17:49 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 20:19 - 2015-01-11 20:39 - 00000000 ____D () C:\Program Files (x86)\Altitude
2015-01-11 20:19 - 2015-01-11 20:19 - 00001897 _____ () C:\Users\Public\Desktop\Altitude.lnk
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altitude

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 23:52 - 2010-10-12 20:00 - 01886863 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 23:51 - 2013-12-11 13:53 - 00000000 ____D () C:\FRST
2015-02-09 23:51 - 2012-04-01 18:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 23:47 - 2013-12-04 11:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-09 23:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 23:45 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 23:45 - 2009-07-14 05:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 23:36 - 2013-12-17 20:29 - 00000000 ____D () C:\AdwCleaner
2015-02-09 23:17 - 2010-10-12 20:42 - 00000000 ____D () C:\Users\Niko\AppData\Local\CrashDumps
2015-02-09 23:13 - 2012-05-23 17:39 - 00852288 _____ () C:\Windows\PFRO.log
2015-02-09 23:11 - 2010-10-20 20:57 - 00000000 ____D () C:\ProgramData\ICQ
2015-02-09 23:02 - 2010-12-13 15:44 - 00000000 ____D () C:\Windows\Minidump
2015-02-09 20:39 - 2010-10-13 19:31 - 00000000 ____D () C:\Users\Niko\AppData\Roaming\Skype
2015-02-09 20:08 - 2013-12-11 13:45 - 00000296 _____ () C:\Users\Niko\defogger_reenable
2015-02-09 17:14 - 2012-04-15 19:12 - 00000000 ____D () C:\Users\Niko\Desktop\FK 10
2015-02-09 17:10 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-06 19:51 - 2012-04-01 18:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 19:51 - 2012-04-01 18:41 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 19:51 - 2011-06-01 09:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 21:46 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-01-29 21:46 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-01-29 21:46 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 16:43 - 2012-05-04 11:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 20:53 - 2013-10-17 22:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 19:55 - 2014-08-11 15:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-26 19:55 - 2012-04-10 01:34 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-14 21:38 - 2013-08-15 10:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:29 - 2010-10-13 22:11 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2011-12-08 21:44 - 2011-12-08 21:53 - 0000651 _____ () C:\Users\Niko\AppData\Roaming\MPQEditor.ini
2012-08-09 14:35 - 2012-08-09 14:36 - 0097497 _____ () C:\Users\Niko\AppData\Roaming\Scribe.dmp
2011-08-29 13:01 - 2013-06-16 10:11 - 0023094 _____ () C:\Users\Niko\AppData\Roaming\wklnhst.dat
2014-04-08 20:28 - 2014-04-08 20:28 - 0001456 _____ () C:\Users\Niko\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2011-10-31 22:06 - 2011-10-31 22:06 - 0007604 _____ () C:\Users\Niko\AppData\Local\Resmon.ResmonCfg
2011-06-15 21:29 - 2011-06-19 16:38 - 0001940 _____ () C:\Users\Niko\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2010-10-13 19:32 - 2010-10-13 19:32 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-10-13 20:33 - 2014-10-18 21:22 - 0049225 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Niko\AppData\Local\Temp\detectionapi_rd.dll
C:\Users\Niko\AppData\Local\Temp\detectionui_r.exe
C:\Users\Niko\AppData\Local\Temp\directx10tests_rd.dll
C:\Users\Niko\AppData\Local\Temp\directx11tests_rd.dll
C:\Users\Niko\AppData\Local\Temp\directx9tests_rd.dll
C:\Users\Niko\AppData\Local\Temp\local.dll
C:\Users\Niko\AppData\Local\Temp\Quarantine.exe
C:\Users\Niko\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Niko\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 18:49

==================== End Of Log ============================
         
--- --- ---


Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Niko at 2015-02-09 23:52:58
Running from C:\Users\Niko\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Total Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Altitude 1.1 (HKLM-x32\...\4578-0181-0549-1546) (Version: 1.1 - Nimbly Games)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
America (HKLM-x32\...\America) (Version:  - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
applicationupdater (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\SOE-C:/Users/Niko/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version:  - Sony Online Entertainment)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C6300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Canon Utilities Digital Photo Professional 3.11 (HKLM-x32\...\Digital Photo Professional) (Version: 3.11.30.3 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.11.3.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.2.1.13 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.10.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.13 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Citrix Online Plug-in - Web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
EndNote X4 (HKLM-x32\...\{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}) (Version: 14.0.0.4845 - Thomson Reuters)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Free 3GP Video Converter version 5.0.21.1212 (HKLM-x32\...\Free 3GP Video Converter_is1) (Version: 5.0.21.1212 - DVDVideoSoft Ltd.)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Converter version 5.0.23.320 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.1.42.1212 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.42.1212 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IBM SPSS Statistics 19 (HKLM\...\{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}) (Version: 19.0.0 - SPSS Inc., an IBM Company)
IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
IndustrieGigant 2 (HKLM-x32\...\{8FA7E81D-6D99-4788-8BE4-D898B346AB2E}) (Version: 1.1.0.0 - JoWooD Productions Software AG)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader (HKLM-x32\...\JDownloader) (Version:  - AppWork UG (haftungsbeschränkt))
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LEGO® Harry Potter™ - Die Jahre 1-4 (HKLM-x32\...\LEGO_HarryPotter_Years1-4_is1) (Version: 1.0 - WB Games)
Logitech G11 Keyboard Software 1.03 (HKLM\...\{59427B1F-852F-4AF1-8215-E5B12F966D89}) (Version: 1.3.166.0 - Logitech)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mendeley Desktop 1.3.1 (HKLM-x32\...\Mendeley Desktop) (Version: 1.3.1 - Mendeley Ltd.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{B26E3B0D-C2FA-4370-B068-7C476766F029}) (Version: 08.04.0702 - Microsoft Corporation)
Microsoft Works Suite-Add-Ins für Microsoft Word (HKLM-x32\...\{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}) (Version: 8.0.0.0000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mindjet (HKLM-x32\...\{6D1AFA44-6E87-41F5-B7D4-4C457A98A3A3}) (Version: 11.1.353 - Mindjet)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{4AA68A73-DB9C-439D-9481-981C82BD008B}) (Version: 7.1.69.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.3.86.0 - Nokia)
Nokia Suite (x32 Version: 3.3.86.0 - Nokia) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.36 - Symantec)
Notation Composer 2.6.3 Trial (HKLM-x32\...\{9C20F41F-CD00-4EA9-BCC9-5D0855EF30C2}) (Version: 2.6.3 - Notation Software) <==== ATTENTION
Orcs Must Die! (HKLM-x32\...\Steam App 102600) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
partypoker (HKLM-x32\...\PartyPoker) (Version:  - PartyGaming)
PC Connectivity Solution (HKLM-x32\...\{A2AA4204-C05A-4013-888A-AD153139297F}) (Version: 11.5.29.0 - Nokia)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PlanetSide 2 (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\SOE-PlanetSide 2 PSG) (Version:  - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
Populous: The Beginning (HKLM-x32\...\Populous: The Beginning) (Version: 1.03 - Bullfrog)
PS_AIO_04_C6300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - )
ROCCAT Kova[+] Mouse Driver (HKLM-x32\...\{A86DDFE3-F661-461C-9BF2-876AC2CA57DE}) (Version: 1.10 - Roccat GmbH)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScummVM Git (HKLM-x32\...\ScummVM_is1) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup-Start von Microsoft Works 2005 (HKLM-x32\...\Works2005Setup) (Version:  - )
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
Silent Hunter 5 (HKLM-x32\...\{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}) (Version: 1.2.0 - Ubisoft)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Söldner Secret Wars - Community Edition Version 33960 (HKLM-x32\...\{F3AF62F5-665E-4B3E-8899-5C46D1793391}_is1) (Version: 33960 - soldnersecretwars.de)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.12.12.41 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.108 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.108 - Sony)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
STARWARS: The Battle of Endor version 2.1 (HKLM-x32\...\STARWARS: The Battle of Endor v2.1_is1) (Version:  - Bruno R. Marcos)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stranded II 1.0.0.1 (HKLM-x32\...\{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1) (Version:  - Unreal Software)
Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal (HKLM-x32\...\Steam App 31170) (Version:  - Telltale Games)
Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay  (HKLM-x32\...\Steam App 31180) (Version:  - Telltale Games)
Tales of Monkey Island: Chapter 3 - Lair of the Leviathan  (HKLM-x32\...\Steam App 31190) (Version:  - Telltale Games)
Tales of Monkey Island: Chapter 4 - The Trial and Execution of Guybrush Threepwood  (HKLM-x32\...\Steam App 31200) (Version:  - Telltale Games)
Tales of Monkey Island: Chapter 5 - Rise of the Pirate God (HKLM-x32\...\Steam App 31210) (Version:  - Telltale Games)
TeamSpeak 3 Client (HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
TomTom HOME 2.8.2.2264 (HKLM-x32\...\TomTom HOME) (Version: 2.8.2.2264 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.49 - Creative Island Media, LLC) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 1.1.8 (HKLM-x32\...\VLC media player) (Version: 1.1.8 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Works Update (x32 Version: 8.0.0.0000 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.2.0.16826 - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{5be52a22-f148-4495-bf42-53cd0367c056}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1216835461-190305365-3235199106-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-05-24 15:24 - 00000836 ____A C:\Windows\system32\Drivers\etc\hosts





==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07F14CBB-44D8-4976-8119-8C69192C48BE} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0897BBC7-D121-4F07-9838-F12C6DA30141} - System32\Tasks\{B24CB037-AB4D-4C95-B81B-9C8AF6B600E5} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {1DEADAE6-FC5C-4ACE-9D0A-A8C54D135654} - System32\Tasks\{BCCDA5D3-2212-4AB4-921C-831790D4D59D} => D:\Niko\LucasArts\Monkey Island 2 LeChucks Revenge Special Edition\Monkey2.exe
Task: {263007BF-6B17-4D8F-9A49-C962FE28CE4F} - System32\Tasks\{BE69D37A-D45C-41C5-97D7-ABBBE8F4B4E0} => F:\AUTORUN.EXE
Task: {283F984A-AB35-4FC3-A64F-0D98C52EAC6E} - System32\Tasks\{D83F7E2F-F944-4344-A2C0-7E43A04F4192} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -c -runfromtemp -l0x0007 -removeonly
Task: {2EB67EBE-7D0C-41A7-9EBA-71964B81DDC3} - System32\Tasks\{4D2E3DDC-0A55-4CDF-8193-B49A86F1F31E} => D:\Siedler\BLUEBYTE\SIEDLER2\SIEDLER2.EXE [2010-10-18] ()
Task: {2F2FD535-9B25-4027-8EBD-0B5D41894E69} - System32\Tasks\{42A8F30A-90D7-4932-A9A4-B8209AE63396} => D:\Siedler\BLUEBYTE\SIEDLER2\SIEDLER2.EXE [2010-10-18] ()
Task: {31250475-1FD8-4276-BF00-173EF208248E} - System32\Tasks\{E01AF9FC-3534-45FD-BB90-68DCF6FEBE07} => C:\Team17\Worms World Party\wwp.exe
Task: {3EE62B6E-BC92-4833-8480-2D9166AD6023} - System32\Tasks\{6AF28C70-A5F5-4E2F-8776-A1F02E199B3A} => C:\Program Files (x86)\DATA BECKER\America\America.exe [2001-01-09] (Related Designs Software GmbH)
Task: {3F2EC12C-BB24-4328-9E03-212A0E98C8AE} - System32\Tasks\{6E25A4CC-0165-4D47-BC2D-737AE62E5A05} => D:\worms_arma\Worms_2_Armageddon\wa.exe
Task: {42C7E264-7A69-4C6F-B0D9-F094D128A31D} - System32\Tasks\{B56D80DE-2BF5-4431-AE7D-EF6AC461BA36} => D:\110\commandos\betasux.exe
Task: {4DCBCB29-8F7E-4FE8-912B-619F7D1E7495} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-05-07] (Oracle Corporation)
Task: {5336786C-D351-4E1C-ACAE-5C5F06940241} - System32\Tasks\{EF4A83C9-FDE2-4C9C-9C82-D763D863A393} => C:\Program Files (x86)\IndustrieGigant 2\enginetest.exe
Task: {5A881D11-A8FE-42C7-9CBF-F78D4299B07C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {5CAEF151-92A5-464D-A104-F71852FA71ED} - System32\Tasks\DLL-files.com Fixer => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: {74242883-8C19-43FA-B548-45D65795D860} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {76894412-422E-4900-8D40-6790C3A00453} - System32\Tasks\{9D45BAF4-090B-416A-BEAE-58E186B7AF81} => D:\worms_arma\Worms_2_Armageddon\wa.exe
Task: {843A3CBD-CCA1-48A4-AF9E-5C95C2F9B1A8} - System32\Tasks\{075F83F5-4508-48FB-BFF2-0320604E19C4} => C:\Program Files (x86)\IndustrieGigant 2\ig2.exe
Task: {929B4B8F-495B-4B84-A456-AD69AC087F33} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A2304F2E-408C-4F08-B751-AF3D3391A72F} - System32\Tasks\{574609B5-BCD2-44A3-B1D5-4E616F5A71AC} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {A562E7FB-0709-4640-BC44-D8CFB206FDBE} - System32\Tasks\{573FC5F3-DC3E-4A8B-AA99-DF270D6A24BB} => G:\SETUP.EXE
Task: {AD384E94-3136-447C-83BD-1D8499955373} - System32\Tasks\{603E6881-FB7D-42DA-9702-17AC9D70506C} => pcalua.exe -a "C:\Program Files (x86)\avmwlanstick\instwcli.exe" -d "C:\Program Files (x86)\avmwlanstick"
Task: {AD7CD137-8732-4AA2-BD86-96B62FCBD724} - System32\Tasks\{561CF15B-5378-4012-A919-D2D8C080120C} => pcalua.exe -a "C:\Program Files (x86)\EA GAMES\Die Sims 2 Nightlife\eauninstall.exe" -d "C:\Program Files (x86)\EA GAMES\Die Sims 2 Nightlife"
Task: {B0F4B8B8-3F9B-47E1-9473-ECE741C7827C} - System32\Tasks\{7D743872-4514-4F70-8963-CD993D7B3DA9} => C:\Emergency\emergy.exe [1998-04-28] ()
Task: {B3DBC25B-6B8A-48DC-932E-F0BC48AA544C} - System32\Tasks\{39C61096-0393-49FE-9103-79A8C49767C3} => D:\worms_arma\Worms_2_Armageddon\wa.exe
Task: {B80AB8E9-E2F9-4398-8999-9E034F9B1FAC} - System32\Tasks\{4CBDF0BE-AB76-4389-9BAE-03E1C5DA06AB} => D:\Niko\LucasArts\Monkey2Launcher.exe [2010-07-29] ()
Task: {BB150135-744B-435F-A4AE-20E7CF156FEF} - System32\Tasks\{8B0B2FA5-AECC-4577-BBE1-F36F579EC056} => D:\Pizza Syndicate\Autorun.exe
Task: {CD9599FB-F604-4398-97A6-61B6CF25C24C} - System32\Tasks\{CE267232-BC30-4FDC-886D-92AB01325001} => C:\Team17\Worms World Party\wwp.exe
Task: {D76172FF-1B90-4522-A342-21585159C3BD} - System32\Tasks\{4B5AA4C3-6DB9-4CC9-8377-6D0F7AA73424} => D:\Emergency\emergy.exe
Task: {D9757778-8515-40E2-B097-7560A21885A3} - System32\Tasks\{94D78FD0-AA40-47FB-AF1F-DBE3E932BA82} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.73.129.457/de/abandoninstall?page=tsWLM
Task: {DADA45EF-CA2A-4370-9830-DEDBDDAE3B82} - System32\Tasks\{FF640566-487F-493B-976D-AF61DDA0251F} => D:\Emergency\emergy.exe
Task: {DB8B467B-773D-4B13-8609-3809862037B2} - System32\Tasks\{5ACEA32C-AE59-480F-ABC6-FBDB0BCA4D14} => D:\Emergency\emergy.exe
Task: {E7682E85-D68B-4663-AED0-377E2A47AF1D} - System32\Tasks\{5F59D4BF-403D-4ED4-B93C-ACED9C48D0BD} => C:\Program Files (x86)\DATA BECKER\America\America.exe [2001-01-09] (Related Designs Software GmbH)
Task: {E8D66105-45EB-4BF7-ADC3-35807FEB2CB6} - System32\Tasks\{2BB5F165-2886-4B5B-A2F5-18D71DBF59E5} => pcalua.exe -a G:\setup.exe -d G:\
Task: {EED55FB9-B7AE-4B1C-9B93-2D0D99F61F4E} - System32\Tasks\{191935BD-D718-4812-86E7-D3C695199D12} => D:\Siedler\BLUEBYTE\SIEDLER2\SIEDLER2.EXE [2010-10-18] ()
Task: {F7EBD3BC-9E4B-41A0-9FE6-21A0E7A55BA1} - System32\Tasks\{3B40AD84-DD3D-4E71-9400-424EEECF6903} => D:\Niko\LucasArts\Monkey Island 2 LeChucks Revenge Special Edition\Monkey2.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2010-10-12 21:38 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2011-01-08 17:23 - 2011-01-08 17:23 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-07-14 02:17 - 2009-07-14 02:41 - 01708032 _____ () C:\Windows\system32\hpotiop1.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-10-10 22:48 - 2013-10-10 22:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-14 18:28 - 2010-05-29 13:57 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\hiddriver.dll
2015-01-26 20:43 - 2015-01-26 20:43 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-30 17:12 - 2014-12-06 12:47 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-08-30 17:12 - 2014-12-06 12:47 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-08-30 17:12 - 2014-12-06 12:47 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1216835461-190305365-3235199106-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "E:\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1216835461-190305365-3235199106-500 - Administrator - Disabled)
Gast (S-1-5-21-1216835461-190305365-3235199106-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1216835461-190305365-3235199106-1002 - Limited - Enabled)
Niko (S-1-5-21-1216835461-190305365-3235199106-1000 - Administrator - Enabled) => C:\Users\Niko

==================== Faulty Device Manager Devices =============

Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (02/09/2015 11:51:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: 
%%126

Error: (02/09/2015 11:49:56 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (02/09/2015 11:49:26 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (02/09/2015 11:49:14 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (02/09/2015 11:49:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" wurde nicht richtig gestartet.

Error: (02/09/2015 11:48:32 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (02/09/2015 11:47:50 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (02/09/2015 11:39:03 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (02/09/2015 11:38:21 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{10DA4F3C-CC99-4190-BE4D-58330754E882}{7DDEFEA6-98EE-4F13-A25B-EC83D9BC5541}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (02/09/2015 11:38:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-09 22:01:44.731
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-09 22:01:44.731
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-09 22:01:44.731
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-09 22:01:44.715
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-09 22:01:44.715
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-09 22:01:44.715
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-03 18:50:36.956
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-03 18:50:36.941
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-03 18:50:36.941
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-03 18:50:36.941
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X6 1055T Processor
Percentage of memory in use: 20%
Total physical RAM: 8191.18 MB
Available physical RAM: 6493.29 MB
Total Pagefile: 16380.54 MB
Available Pagefile: 14429.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:152.34 GB) (Free:31.39 GB) NTFS
Drive d: () (Fixed) (Total:380.86 GB) (Free:159.78 GB) NTFS
Drive e: () (Fixed) (Total:398.21 GB) (Free:80.33 GB) NTFS
Drive h: (USB DISK) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BAFBAE4D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=152.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=380.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=398.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0C)

==================== End Of Log ============================
         


Alt 09.02.2015, 22:52   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ - Standard

Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ



Da fehlt aber einiges im Addition-Log
__________________
--> Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ

Alt 09.02.2015, 23:03   #7
Niko91
 
Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ - Standard

Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ



Bist mir zu schnell �� hab das fehlende Addition editiert. Hab nach Neustart vergessen Kaspersky zu deaktivieren. Im oberen Post ist jetzt der richtige log

Alt 09.02.2015, 23:15   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ - Standard

Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Run: [] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {1f2ae42a-6c2a-11e1-b0a8-6c626d05b0fe} - H:\Startme.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {379e72df-efc9-11df-8b4a-bc0543012beb} - G:\autorun.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {5a9cca7b-9dd3-11e0-84c8-6c626d05b0fe} - G:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {5cad3377-32e1-11e0-b4ea-bc0543012beb} - G:\Setup.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {6aab9b84-3ad2-11e1-9c2a-6c626d05b0fe} - J:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {73f1126d-ebea-11e3-8e72-6c626d05b0fe} - G:\AutoRun.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {a4e48009-2754-11e1-acab-6c626d05b0fe} - G:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {b0ffa8fa-dcf2-11e3-bcfc-6c626d05b0fe} - I:\LaunchU3.exe -a
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {d76988f4-d636-11df-8edb-6c626d05b0fe} - H:\pushinst.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {f77b1307-55ad-11e3-b52c-6c626d05b0fe} - G:\AUTORUN.EXE
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKU\S-1-5-21-1216835461-190305365-3235199106-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
FF DefaultSearchUrl: 
FF SearchEngineOrder.1: foxsearch
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Wie man Programme richtig installiert

Backup mit DriveSnapshot

Das TB unterstützen

Alt 10.02.2015, 21:34   #9
Niko91
 
Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ - Standard

Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ



Und hier der Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by Niko at 2015-02-10 22:31:30 Run:1
Running from C:\Users\Niko\Desktop
Loaded Profiles: Niko (Available profiles: Niko)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Run: [] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {1f2ae42a-6c2a-11e1-b0a8-6c626d05b0fe} - H:\Startme.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {379e72df-efc9-11df-8b4a-bc0543012beb} - G:\autorun.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {5a9cca7b-9dd3-11e0-84c8-6c626d05b0fe} - G:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {5cad3377-32e1-11e0-b4ea-bc0543012beb} - G:\Setup.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {6aab9b84-3ad2-11e1-9c2a-6c626d05b0fe} - J:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {73f1126d-ebea-11e3-8e72-6c626d05b0fe} - G:\AutoRun.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {a4e48009-2754-11e1-acab-6c626d05b0fe} - G:\AUTORUN.EXE
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {b0ffa8fa-dcf2-11e3-bcfc-6c626d05b0fe} - I:\LaunchU3.exe -a
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {d76988f4-d636-11df-8edb-6c626d05b0fe} - H:\pushinst.exe
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\...\MountPoints2: {f77b1307-55ad-11e3-b52c-6c626d05b0fe} - G:\AUTORUN.EXE
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKU\S-1-5-21-1216835461-190305365-3235199106-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
FF DefaultSearchUrl: 
FF SearchEngineOrder.1: foxsearch
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
EmptyTemp:
Hosts:
         
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => Key deleted successfully.
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f2ae42a-6c2a-11e1-b0a8-6c626d05b0fe}" => Key deleted successfully.
HKCR\CLSID\{1f2ae42a-6c2a-11e1-b0a8-6c626d05b0fe} => Key not found. 
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379e72df-efc9-11df-8b4a-bc0543012beb}" => Key deleted successfully.
HKCR\CLSID\{379e72df-efc9-11df-8b4a-bc0543012beb} => Key not found. 
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a9cca7b-9dd3-11e0-84c8-6c626d05b0fe}" => Key deleted successfully.
HKCR\CLSID\{5a9cca7b-9dd3-11e0-84c8-6c626d05b0fe} => Key not found. 
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5cad3377-32e1-11e0-b4ea-bc0543012beb}" => Key deleted successfully.
HKCR\CLSID\{5cad3377-32e1-11e0-b4ea-bc0543012beb} => Key not found. 
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6aab9b84-3ad2-11e1-9c2a-6c626d05b0fe}" => Key deleted successfully.
HKCR\CLSID\{6aab9b84-3ad2-11e1-9c2a-6c626d05b0fe} => Key not found. 
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73f1126d-ebea-11e3-8e72-6c626d05b0fe}" => Key deleted successfully.
HKCR\CLSID\{73f1126d-ebea-11e3-8e72-6c626d05b0fe} => Key not found. 
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4e48009-2754-11e1-acab-6c626d05b0fe}" => Key deleted successfully.
HKCR\CLSID\{a4e48009-2754-11e1-acab-6c626d05b0fe} => Key not found. 
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0ffa8fa-dcf2-11e3-bcfc-6c626d05b0fe}" => Key deleted successfully.
HKCR\CLSID\{b0ffa8fa-dcf2-11e3-bcfc-6c626d05b0fe} => Key not found. 
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d76988f4-d636-11df-8edb-6c626d05b0fe}" => Key deleted successfully.
HKCR\CLSID\{d76988f4-d636-11df-8edb-6c626d05b0fe} => Key not found. 
"HKU\S-1-5-21-1216835461-190305365-3235199106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f77b1307-55ad-11e3-b52c-6c626d05b0fe}" => Key deleted successfully.
HKCR\CLSID\{f77b1307-55ad-11e3-b52c-6c626d05b0fe} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => Key not found. 
HKU\S-1-5-21-1216835461-190305365-3235199106-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => value deleted successfully.
HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => Key not found. 
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 3.5 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 22:31:43 ====
         

Alt 10.02.2015, 21:44   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ - Standard

Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Wie man Programme richtig installiert

Backup mit DriveSnapshot

Das TB unterstützen

Alt 11.02.2015, 22:05   #11
Niko91
 
Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ - Standard

Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ



Hey,

leider hängt sich der Eset Online Scanner bei 32 % auf. Ich werde es morgen dann nochmal versuchen und berichten. Ich hoffe, dass es dann funktioniert.

Alt 11.02.2015, 22:44   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ - Standard

Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ



MBAM hast davor aber gemacht oder?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Wie man Programme richtig installiert

Backup mit DriveSnapshot

Das TB unterstützen

Alt 12.02.2015, 21:13   #13
Niko91
 
Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ - Standard

Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ



So, geschafft!

Mbam
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 11.02.2015
Suchlauf-Zeit: 19:34:20
Logdatei: AMBLog.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.11.06
Rootkit Datenbank: v2015.02.03.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Niko

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 360847
Verstrichene Zeit: 11 Min, 3 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 2
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\37568BAB52209F23, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], 

Dateien: 8
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\0.ini, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\20120627090604.log, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\Setup.dat, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\Setup.exe, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\Setup.ico, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\TsuDll.dll, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\_Setup.dll, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\_Setupx.dll, In Quarantäne, [b77b9489dcaee254ce03660e34cf669a], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Und Eset Log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ed8b7c5952292e4cb3cddf3eb5f0d37c
# engine=22422
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-11 08:19:35
# local_time=2015-02-11 09:19:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Total Security'
# compatibility_mode=1298 16777213 100 100 11985 51257605 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 50063968 175315825 0 0
# scanned=152708
# found=7
# cleaned=0
# scan_time=5040
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=F0C172550AA4ED9255C4D7AFCC650991F29AB7AA ft=1 fh=f4da2b89fff0e940 vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Updater\Uninstall.exe.vir"
sh=7671FBBD26BCEECB772D1A26CC7B1911B7A20E3E ft=1 fh=4fd638d5eab7a926 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=F85ACC6D44ED37D5C487581495CD52F644911B2B ft=1 fh=b11cb89f3457cf6c vn="Win32/Virut.NBP Virus" ac=I fn="C:\Program Files (x86)\Bethesda Softworks\Fallout 3\FalloutLauncher.exe"
sh=1D814EA403A946B40CC0A6A261B2387880D6B547 ft=1 fh=ff0bc5a908f5ad94 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Niko\Documents\Downloads\Integrated_BrotherSoft_TB.exe"
sh=D66CB3A290A683B3BA48D136D95089316A3054A5 ft=1 fh=cc854acfe5a0e7e4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Niko\Downloads\Star Wars The Battle of Endor - CHIP-Installer.exe"
sh=3951441AD0BEA5EF5F0CDC1C929B08F90C5D89C7 ft=1 fh=b71f7a435ee1d98a 
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ed8b7c5952292e4cb3cddf3eb5f0d37c
# engine=22440
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-12 08:21:06
# local_time=2015-02-12 09:21:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Total Security'
# compatibility_mode=1298 16777213 100 100 17455 51344096 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 50150459 175402316 0 0
# scanned=436163
# found=10
# cleaned=0
# scan_time=13570
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=F0C172550AA4ED9255C4D7AFCC650991F29AB7AA ft=1 fh=f4da2b89fff0e940 vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Updater\Uninstall.exe.vir"
sh=7671FBBD26BCEECB772D1A26CC7B1911B7A20E3E ft=1 fh=4fd638d5eab7a926 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=F85ACC6D44ED37D5C487581495CD52F644911B2B ft=1 fh=b11cb89f3457cf6c vn="Win32/Virut.NBP Virus" ac=I fn="C:\Program Files (x86)\Bethesda Softworks\Fallout 3\FalloutLauncher.exe"
sh=1D814EA403A946B40CC0A6A261B2387880D6B547 ft=1 fh=ff0bc5a908f5ad94 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Niko\Documents\Downloads\Integrated_BrotherSoft_TB.exe"
sh=D66CB3A290A683B3BA48D136D95089316A3054A5 ft=1 fh=cc854acfe5a0e7e4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Niko\Downloads\Star Wars The Battle of Endor - CHIP-Installer.exe"
sh=3951441AD0BEA5EF5F0CDC1C929B08F90C5D89C7 ft=1 fh=b71f7a435ee1d98a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I 
sh=F85ACC6D44ED37D5C487581495CD52F644911B2B ft=1 fh=b11cb89f3457cf6c vn="Win32/Virut.NBP Virus" ac=I fn="D:\Niko\FO3\FO3\FalloutLauncher.exe"
sh=173A746619C712051899C1EC4E03940091F8E5A5 ft=1 fh=ee537c48dcf64e43 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="E:\HD\ffdshow_beta6_rev2527_20081219.exe"
         

Alt 12.02.2015, 21:16   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ - Standard

Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Program Files (x86)\Bethesda Softworks\Fallout 3\FalloutLauncher.exe
C:\Users\Niko\Documents\Downloads\Integrated_BrotherSoft_TB.exe
C:\Users\Niko\Downloads\Star Wars The Battle of Endor - CHIP-Installer.exe
D:\Niko\FO3\FO3\FalloutLauncher.exe
E:\HD\ffdshow_beta6_rev2527_20081219.exe
EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Wie man Programme richtig installiert

Backup mit DriveSnapshot

Das TB unterstützen

Alt 14.02.2015, 16:47   #15
Niko91
 
Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ - Standard

Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ



So hier der Fixlog

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-02-2015
Ran by Niko at 2015-02-14 17:44:16 Run:2
Running from C:\Users\Niko\Desktop
Loaded Profiles: Niko (Available profiles: Niko)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\Bethesda Softworks\Fallout 3\FalloutLauncher.exe
C:\Users\Niko\Documents\Downloads\Integrated_BrotherSoft_TB.exe
C:\Users\Niko\Downloads\Star Wars The Battle of Endor - CHIP-Installer.exe
D:\Niko\FO3\FO3\FalloutLauncher.exe
E:\HD\ffdshow_beta6_rev2527_20081219.exe
EmptyTemp:
Hosts:
         
*****************

C:\Program Files (x86)\Bethesda Softworks\Fallout 3\FalloutLauncher.exe => Moved successfully.
C:\Users\Niko\Documents\Downloads\Integrated_BrotherSoft_TB.exe => Moved successfully.
C:\Users\Niko\Downloads\Star Wars The Battle of Endor - CHIP-Installer.exe => Moved successfully.
D:\Niko\FO3\FO3\FalloutLauncher.exe => Moved successfully.
E:\HD\ffdshow_beta6_rev2527_20081219.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 541.5 MB temporary data.


The system needed a reboot.
         

Antwort

Themen zu Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ
bonjour, browser, converter, desktop, dvdvideosoft ltd., firefox, flash player, google, helper, home, homepage, install.exe, kaspersky, league of legends, malware, mozilla, mp3, pc infiziert, problem, realtek, registry, robot, scan, security, software, spyware, svchost.exe, symantec, system, unbekannter ordner, virus, vista, windows, windows xp



Ähnliche Themen: Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ


  1. unbekannter Virus
    Log-Analyse und Auswertung - 28.07.2015 (12)
  2. Vista: Unbekannter Ordner in meinen persönlichen Dateien
    Plagegeister aller Art und deren Bekämpfung - 09.03.2015 (11)
  3. Sonderbarer Ordner im Win Temp Ordner
    Alles rund um Windows - 14.02.2014 (1)
  4. Windows 7: USB-Stick erstellt verknüpfungen zu jedem File/Ordner und versteckt die echten Files/Ordner
    Log-Analyse und Auswertung - 14.01.2014 (23)
  5. Ordner im USB vom Typ Anwendung(Ordner werden als Anwendungen angezeigt)
    Log-Analyse und Auswertung - 30.08.2012 (1)
  6. Unbekannter Ordner 'boot' in Nicht-OS Partition
    Alles rund um Windows - 24.08.2012 (9)
  7. Unbekannter Ordner aufgetauchst + Verdächtiges Scan Ergebnis
    Plagegeister aller Art und deren Bekämpfung - 25.10.2011 (22)
  8. Ordner auf USB-Stick werden zu Verknüpfungen - zusätzliche Ordner werden erstellt - iuewiu.scr
    Plagegeister aller Art und deren Bekämpfung - 21.06.2011 (5)
  9. Unbekannter Ordner mit Titel, der nur aus Zahlen besteht gefunden
    Alles rund um Windows - 06.07.2010 (6)
  10. SYSTIM32 Problem. Ordner sind verschwunden und alle Ordner EXE sind 6.56MB ?
    Plagegeister aller Art und deren Bekämpfung - 18.05.2010 (2)
  11. Unbekannter Virus! Festplate als Ordner + Verknüpfungen + autorun
    Mülltonne - 10.12.2009 (7)
  12. nach jedem Neustart immer ein Ordner Neuer Ordner auf dem Desktop
    Alles rund um Windows - 11.11.2009 (1)
  13. Nach Neuinstallation (win 7): Kein Zugriff auf Alte ordner; kann Ordner nicht löschen
    Alles rund um Windows - 04.11.2009 (1)
  14. unbekannter plagegeist
    Plagegeister aller Art und deren Bekämpfung - 09.04.2006 (1)
  15. zzzzzz Dateien
    Plagegeister aller Art und deren Bekämpfung - 29.10.2005 (1)
  16. GRAUER DESKTOP & UNBEKANNTER ORDNER IN DER TASKLEISTE
    Plagegeister aller Art und deren Bekämpfung - 03.02.2005 (21)
  17. unbekannter Ordner
    Alles rund um Windows - 14.02.2003 (29)

Zum Thema Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ - Hey Leute, mir ist heute die Erinnerung an ein altes "Problem" gekommen. Ich schrieb damals schon hier im Forum und mir wurde auch geholfen. Ich war dann allerdings 3 Wochen - Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ...
Archiv
Du betrachtest: Unbekannter Ordner: 3590F75ABA9E485486C100C1A9D4FF06ZZ........ZZZZZZ auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.