Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: PC ist sehr langsam und hängt unregelmäßig einige Sekunden (https://www.trojaner-board.de/141436-windows-7-pc-sehr-langsam-haengt-unregelmaessig-einige-sekunden.html)

HansaHans 12.09.2013 21:14
Windows 7: PC ist sehr langsam und hängt unregelmäßig einige Sekunden
 
Hallo zusammen,
seit einigen Tagen ist mein Rechner extrem unbeständig in seiner Leistung. Trotz geringer CPU-Auslastung bringen ihn bereits kleine Aufgaben zum Hängen.
Darüber hinaus hängt sich der PC zwischendurch für einige Sekunden auf und arbeitet, gefühlt, nicht weiter.

Vielen Dank für eure Hilfe!

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:50 on 12/09/2013 (Hindersmann)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2013
Ran by Hindersmann (administrator) on HINDERSMANN-PC on 12-09-2013 21:51:57
Running from D:\Users\Hindersmann\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) D:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUS) D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(Microsoft Corporation) D:\Windows\system32\WLANExt.exe
(ASUS) D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) D:\Windows\system32\nvvsvc.exe
(ASUS) D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Intel Corporation) D:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Cisco Systems, Inc.) D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
() D:\Windows\SysWOW64\DptfParticipantProcessorService.exe
() D:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
(Intel(R) Corporation) D:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) D:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(pdfforge GmbH) D:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) D:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel® Corporation) D:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) D:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(ASUSTek Computer Inc.) D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Stefan Hirschmann) D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\NoteBookFanControl.exe
(ASUS) D:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Google Inc.) D:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) D:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(ASUSTek Computer Inc.) D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) D:\Windows\System32\igfxtray.exe
(Intel Corporation) D:\Windows\System32\hkcmd.exe
(Intel Corporation) D:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK Computer Inc.) D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ELAN Microelectronics Corp.) D:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) D:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(ELAN Microelectronics Corp.) D:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUSTek Computer Inc.) D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Adobe Systems Inc.) D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(NVIDIA Corporation) D:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) D:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) D:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(OldTimer Tools) D:\Users\Hindersmann\Desktop\OTL.exe
(Microsoft Corporation) D:\Windows\system32\taskmgr.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - D:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "D:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [ASUSQuickGesture(x86)] - D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUSTPLoader(x64)] - D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek)
HKLM\...\Run: [ASUSQuickGesture(x64)] - D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ETDCtrl] - D:\Program Files\Elantech\ETDCtrl.exe [2892584 2011-12-12] (ELAN Microelectronics Corp.)
HKCU\...\Run: [GoogleChromeAutoLaunch_928877A4C7DF6A5F4EDCBFA23A443A70] - D:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392 2013-09-02] (Google Inc.)
MountPoints2: {4ec2eb6d-1938-11e2-82ef-c485083c725f} - F:\Password.exe
MountPoints2: {f82d4048-a2d6-11e2-bbb4-c485083c725f} - F:\auvisio.exe
HKLM-x32\...\Run: [USB3MON] - D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [ATKOSD2] - D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] - D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] - D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe ARM] - D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
AppInit_DLLs: D:\Windows\system32\nvinitx.dll [250504 2013-03-15] (NVIDIA Corporation)
AppInit_DLLs-x32: d:\windows\syswow64\nvinit.dll [205184 2013-03-15] (NVIDIA Corporation)
Startup: D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> D:\Users\Hindersmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB2BBF1DA552DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B44DC485083C725C&affID=119779&tt=250613_gr3&tsp=4924
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=o0&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ASUS Browser Extension x64 - {78234974-0C4B-4111-BDEB-D9A104418772} - D:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - D:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ASUS Browser Extension x86 - {78234974-0C4B-4111-BDEB-D9A104418771} - D:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - D:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -  No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default
FF user.js: detected! => D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\user.js
FF Plugin: @adobe.com/FlashPlayer - D:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - D:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - D:\Program Files (x86)\Adobe\Photoshop\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - D:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - D:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - D:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - D:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - D:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - D:\Program Files (x86)\Adobe\Photoshop\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\searchplugins\babylon.xml
FF SearchPlugin: D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\searchplugins\delta.xml
FF SearchPlugin: D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\searchplugins\sweetim.xml
FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: D:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: EPUBReader - D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: fpw - D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\Extensions\fpw@informatik.tu-darmstadt.de.xpi
FF Extension: groovesharkUnlocker - D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: hdvc - D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\Extensions\hdvc@hdvc.com.xpi
FF Extension: No Name - D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - D:\Users\Hindersmann\AppData\Roaming\Mozilla\Firefox\Profiles\6ozsalbr.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - D:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - D:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\
FF Extension: Norton Toolbar - D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\

Chrome:
=======
CHR Extension: (YouTube) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Grooveshark Germany unlocker) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0
CHR Extension: (Adobe Acrobat - Create PDF) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0
CHR Extension: (ProxTube) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclefogcenncfmmekelnpgpehiglcjln\1.2.4_0
CHR Extension: (ZenMate for Google Chrome\u2122) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme\2.9_0
CHR Extension: (AdBlock) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (IP Address) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjndloejlcbpkholmagjbddfkjmmploh\1.10_0
CHR Extension: (Porsche) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3_0
CHR Extension: (IP Address) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml\7.1_0
CHR Extension: (Downloaders) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0
CHR Extension: (Norton Identity Protection) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (Chrome In-App Payments service) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (YouTube Unblocker) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.4.4_0
CHR Extension: (Type Fu) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\okboeogmnhjpgbeaokfogelclpblaemo\2.0.0_0
CHR Extension: (Gmail) - D:\Users\HINDER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
CHR HKLM-x32\...\Chrome\Extension: [kpkbnefaikfaeadgidhpoanckoiaheli] - D:\Program Files (x86)\HDvidCodec.com\HDvidCodec10.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 DptfParticipantProcessorService; D:\Windows\SysWOW64\DptfParticipantProcessorService.exe [18944 2012-02-20] ()
R2 DptfPolicyConfigTDPService; D:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [19968 2012-02-20] ()
R2 Intel(R) ME Service; D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MSSQL$SQLEXPRESS; D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; D:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R2 N360; D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PDF Architect Helper Service; D:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; D:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S4 SQLAgent$SQLEXPRESS; D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 ZeroConfigService; D:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [1525336 2013-09-04] (Symantec Corporation)
R1 BHDrvx64; D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [1525336 2013-09-04] (Symantec Corporation)
S3 bsitf; D:\Program Files (x86)\ASUS\WinFlash\bsitf64.sys [13440 2010-01-05] (ASUSTek Computer Inc.)
S3 bsitf; D:\Program Files (x86)\ASUS\WinFlash\bsitf64.sys [13440 2010-01-05] (ASUSTek Computer Inc.)
R1 ccSet_N360; D:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R3 CVPNDRVA; D:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 CVPNDRVA; D:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 DptfDevDram; D:\Windows\System32\DRIVERS\DptfDevDram.sys [107288 2012-02-20] (Intel Corporation)
R3 DptfDevFan; D:\Windows\System32\DRIVERS\DptfDevFan.sys [42776 2012-02-20] (Intel Corporation)
R3 DptfDevGen; D:\Windows\System32\DRIVERS\DptfDevGen.sys [64792 2012-02-20] (Intel Corporation)
R3 DptfDevPch; D:\Windows\System32\DRIVERS\DptfDevPch.sys [96024 2012-02-20] (Intel Corporation)
R3 DptfDevProc; D:\Windows\System32\DRIVERS\DptfDevProc.sys [220952 2012-02-20] (Intel Corporation)
R3 DptfManager; D:\Windows\System32\DRIVERS\DptfManager.sys [357656 2012-02-20] (Intel Corporation)
R1 dtsoftbus01; D:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-28] (DT Soft Ltd)
R1 eeCtrl; D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-30] (Symantec Corporation)
R1 eeCtrl; D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-30] (Symantec Corporation)
R3 EraserUtilRebootDrv; D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-30] (Symantec Corporation)
R3 ETDKbdf; D:\Windows\System32\DRIVERS\ETDKbdf.sys [15656 2011-12-12] (ELAN Microelectronics Corp.)
R1 IDSVia64; D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130911.001\IDSvia64.sys [520280 2013-08-29] (Symantec Corporation)
R1 IDSVia64; D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130911.001\IDSvia64.sys [520280 2013-08-29] (Symantec Corporation)
R3 NAVENG; D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130912.001\ENG64.SYS [126040 2013-08-30] (Symantec Corporation)
R3 NAVENG; D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130912.001\ENG64.SYS [126040 2013-08-30] (Symantec Corporation)
R3 NAVEX15; D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130912.001\EX64.SYS [2099288 2013-08-30] (Symantec Corporation)
R3 NAVEX15; D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130912.001\EX64.SYS [2099288 2013-08-30] (Symantec Corporation)
R3 SRTSP; D:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; D:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; D:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; D:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; D:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-30] (Symantec Corporation)
R1 SymIRON; D:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; D:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S1 UimBus; D:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-09-13] (Windows (R) 2000 DDK provider)
S1 Uim_IM; D:\Windows\System32\Drivers\Uim_IMx64.sys [633552 2012-09-13] (Paragon)
S1 Uim_VIM; D:\Windows\System32\Drivers\uim_vimx64.sys [390224 2012-09-13] (Paragon)
S3 VSPerfDrv100; D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 VSPerfDrv100; D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 EagleX64; \??\D:\Windows\system32\drivers\EagleX64.sys [x]
R3 WinRing0_1_2_0; \??\D:\Users\Hindersmann\AppData\Local\Temp\tmp950D.tmp [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-12 21:51 - 2013-09-12 21:51 - 00000000 ____D D:\FRST
2013-09-12 21:50 - 2013-09-12 21:51 - 01949660 _____ (Farbar) D:\Users\Hindersmann\Desktop\FRST64.exe
2013-09-12 21:50 - 2013-09-12 21:50 - 00000484 _____ D:\Users\Hindersmann\Desktop\defogger_disable.log
2013-09-12 21:50 - 2013-09-12 21:50 - 00000000 _____ D:\Users\Hindersmann\defogger_reenable
2013-09-12 21:49 - 2013-09-12 21:49 - 00050477 _____ D:\Users\Hindersmann\Desktop\Defogger.exe
2013-09-12 21:46 - 2013-09-12 21:46 - 00098680 _____ D:\Users\Hindersmann\Desktop\Extras.Txt
2013-09-12 21:45 - 2013-09-12 21:45 - 00163256 _____ D:\Users\Hindersmann\Desktop\OTL.Txt
2013-09-12 21:38 - 2013-09-12 21:38 - 00602112 _____ (OldTimer Tools) D:\Users\Hindersmann\Desktop\OTL.exe
2013-09-12 20:39 - 2013-08-30 10:11 - 769845165 _____ D:\Users\Hindersmann\Downloads\mfhmavabrandijuliamrpete_720.mp4
2013-09-12 16:45 - 2013-09-12 16:45 - 00000000 ____D D:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-12 16:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) D:\Windows\system32\Drivers\mbam.sys
2013-09-12 16:44 - 2013-09-12 16:44 - 00000085 _____ D:\Windows\wininit.ini
2013-09-12 16:41 - 2013-09-12 16:41 - 00000000 ____D D:\Windows\System32\Tasks\Safer-Networking
2013-09-12 16:40 - 2013-09-12 16:43 - 00000000 ____D D:\ProgramData\Spybot - Search & Destroy
2013-09-11 17:28 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) D:\Windows\system32\ie4uinit.exe
2013-09-11 17:28 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) D:\Windows\system32\iertutil.dll
2013-09-11 17:28 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) D:\Windows\system32\ieui.dll
2013-09-11 17:28 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) D:\Windows\system32\iesysprep.dll
2013-09-11 17:28 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) D:\Windows\system32\iesetup.dll
2013-09-11 17:28 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) D:\Windows\system32\iernonce.dll
2013-09-11 17:28 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iertutil.dll
2013-09-11 17:28 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieui.dll
2013-09-11 17:28 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iesysprep.dll
2013-09-11 17:28 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iesetup.dll
2013-09-11 17:28 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) D:\Windows\SysWOW64\iernonce.dll
2013-09-11 17:28 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.tlb
2013-09-11 17:28 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.tlb
2013-09-11 17:28 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) D:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 17:28 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) D:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 17:27 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) D:\Windows\system32\wininet.dll
2013-09-11 17:27 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) D:\Windows\system32\urlmon.dll
2013-09-11 17:27 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) D:\Windows\system32\mshtml.dll
2013-09-11 17:27 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) D:\Windows\system32\msfeeds.dll
2013-09-11 17:27 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) D:\Windows\system32\jsproxy.dll
2013-09-11 17:27 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) D:\Windows\system32\ieframe.dll
2013-09-11 17:27 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) D:\Windows\system32\jscript9.dll
2013-09-11 17:27 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) D:\Windows\system32\jscript.dll
2013-09-11 17:27 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wininet.dll
2013-09-11 17:27 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) D:\Windows\SysWOW64\urlmon.dll
2013-09-11 17:27 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) D:\Windows\SysWOW64\mshtml.dll
2013-09-11 17:27 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ieframe.dll
2013-09-11 17:27 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript9.dll
2013-09-11 17:27 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jscript.dll
2013-09-11 17:27 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) D:\Windows\SysWOW64\msfeeds.dll
2013-09-11 17:27 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) D:\Windows\SysWOW64\jsproxy.dll
2013-09-11 16:55 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) D:\Windows\system32\Drivers\ataport.sys
2013-09-11 16:55 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) D:\Windows\system32\ntoskrnl.exe
2013-09-11 16:55 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) D:\Windows\system32\ntdll.dll
2013-09-11 16:55 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) D:\Windows\system32\wow64win.dll
2013-09-11 16:55 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) D:\Windows\system32\wow64.dll
2013-09-11 16:55 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) D:\Windows\system32\wow64cpu.dll
2013-09-11 16:55 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) D:\Windows\system32\winsrv.dll
2013-09-11 16:55 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) D:\Windows\system32\ntvdm64.dll
2013-09-11 16:55 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) D:\Windows\system32\kernel32.dll
2013-09-11 16:55 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) D:\Windows\system32\KernelBase.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) D:\Windows\system32\csrsrv.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) D:\Windows\system32\apisetschema.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) D:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 16:55 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 16:55 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ntdll.dll
2013-09-11 16:55 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) D:\Windows\SysWOW64\kernel32.dll
2013-09-11 16:55 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) D:\Windows\SysWOW64\KernelBase.dll
2013-09-11 16:55 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wow32.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) D:\Windows\SysWOW64\apisetschema.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) D:\Windows\system32\conhost.exe
2013-09-11 16:55 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) D:\Windows\system32\smss.exe
2013-09-11 16:55 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) D:\Windows\SysWOW64\setup16.exe
2013-09-11 16:55 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) D:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 16:55 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) D:\Windows\SysWOW64\instnm.exe
2013-09-11 16:55 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) D:\Windows\SysWOW64\user.exe
2013-09-11 16:55 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 16:55 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) D:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 16:54 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) D:\Windows\system32\win32k.sys
2013-09-11 16:54 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) D:\Windows\system32\shell32.dll
2013-09-11 16:54 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) D:\Windows\system32\shdocvw.dll
2013-09-11 16:54 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) D:\Windows\SysWOW64\shell32.dll
2013-09-11 16:54 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) D:\Windows\SysWOW64\shdocvw.dll
2013-09-08 12:44 - 2013-09-12 19:09 - 00000000 ____D D:\Users\Hindersmann\Desktop\5-076 Übungsdateien
2013-09-06 17:24 - 2013-09-06 17:24 - 00000000 ____D D:\Users\Hindersmann\Downloads\Sportmuffel
2013-09-05 20:43 - 2013-09-05 20:43 - 00000000 ____D D:\Program Files (x86)\Microsoft Silverlight
2013-09-03 18:41 - 2013-09-05 17:00 - 00000000 ____D D:\Users\Hindersmann\DigSig
2013-09-01 17:42 - 2013-09-01 17:42 - 00000000 ____D D:\Windows\System32\Tasks\Norton 360
2013-08-29 23:26 - 2013-09-01 17:37 - 00003206 _____ D:\Windows\System32\Tasks\Norton WSC Integration
2013-08-29 23:26 - 2013-08-30 10:54 - 00177312 _____ (Symantec Corporation) D:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-08-29 23:26 - 2013-08-30 10:54 - 00007631 _____ D:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-08-29 23:26 - 2013-08-29 23:26 - 00000000 ____D D:\Program Files\Symantec
2013-08-29 23:26 - 2013-08-29 23:26 - 00000000 ____D D:\Program Files\Common Files\Symantec Shared
2013-08-29 23:23 - 2013-09-01 17:37 - 00000000 ____D D:\Windows\system32\Drivers\N360x64
2013-08-29 23:23 - 2013-08-29 23:27 - 00000000 ____D D:\ProgramData\Norton
2013-08-29 23:23 - 2013-08-29 23:23 - 00000000 ____D D:\Program Files (x86)\Norton 360
2013-08-29 23:14 - 2013-08-29 23:14 - 00000000 ____D D:\Users\Hindersmann\Downloads\Norton360.Final.German
2013-08-21 21:15 - 2013-09-12 20:19 - 00034554 _____ D:\Windows\PFRO.log
2013-08-16 08:31 - 2013-09-12 21:19 - 00004043 _____ D:\Windows\setupact.log
2013-08-16 08:31 - 2013-08-16 08:32 - 00000000 ____D D:\Users\Hindersmann\Desktop\Elektrotechnik
2013-08-16 08:31 - 2013-08-16 08:31 - 00000000 _____ D:\Windows\setuperr.log
2013-08-15 22:06 - 2013-09-11 17:27 - 00000000 ____D D:\Windows\system32\MRT
2013-08-14 15:49 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) D:\Windows\system32\wintrust.dll
2013-08-14 15:49 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) D:\Windows\system32\crypt32.dll
2013-08-14 15:49 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) D:\Windows\system32\cryptsvc.dll
2013-08-14 15:49 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) D:\Windows\system32\cryptnet.dll
2013-08-14 15:49 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) D:\Windows\SysWOW64\wintrust.dll
2013-08-14 15:49 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) D:\Windows\SysWOW64\crypt32.dll
2013-08-14 15:49 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) D:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 15:49 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) D:\Windows\SysWOW64\cryptnet.dll
2013-08-14 15:48 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) D:\Windows\system32\WMVDECOD.DLL
2013-08-14 15:48 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) D:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 15:48 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) D:\Windows\system32\tzres.dll
2013-08-14 15:48 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) D:\Windows\SysWOW64\tzres.dll
2013-08-14 15:48 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) D:\Windows\system32\rpcrt4.dll
2013-08-14 15:48 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) D:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 15:48 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) D:\Windows\system32\Drivers\tcpip.sys
2013-08-14 15:48 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) D:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-12 21:51 - 2013-09-12 21:51 - 00000000 ____D D:\FRST
2013-09-12 21:51 - 2013-09-12 21:50 - 01949660 _____ (Farbar) D:\Users\Hindersmann\Desktop\FRST64.exe
2013-09-12 21:50 - 2013-09-12 21:50 - 00000484 _____ D:\Users\Hindersmann\Desktop\defogger_disable.log
2013-09-12 21:50 - 2013-09-12 21:50 - 00000000 _____ D:\Users\Hindersmann\defogger_reenable
2013-09-12 21:50 - 2012-09-30 21:37 - 00000000 ____D D:\Users\Hindersmann
2013-09-12 21:49 - 2013-09-12 21:49 - 00050477 _____ D:\Users\Hindersmann\Desktop\Defogger.exe
2013-09-12 21:46 - 2013-09-12 21:46 - 00098680 _____ D:\Users\Hindersmann\Desktop\Extras.Txt
2013-09-12 21:46 - 2012-10-14 23:13 - 00001120 _____ D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-12 21:45 - 2013-09-12 21:45 - 00163256 _____ D:\Users\Hindersmann\Desktop\OTL.Txt
2013-09-12 21:38 - 2013-09-12 21:38 - 00602112 _____ (OldTimer Tools) D:\Users\Hindersmann\Desktop\OTL.exe
2013-09-12 21:27 - 2012-10-01 01:34 - 00000000 ____D D:\Users\Hindersmann\AppData\Roaming\vlc
2013-09-12 21:26 - 2009-07-14 19:58 - 00773946 _____ D:\Windows\system32\perfh007.dat
2013-09-12 21:26 - 2009-07-14 19:58 - 00177318 _____ D:\Windows\system32\perfc007.dat
2013-09-12 21:26 - 2009-07-14 07:13 - 01806990 _____ D:\Windows\system32\PerfStringBackup.INI
2013-09-12 21:26 - 2009-07-14 06:45 - 00015600 ____H D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-12 21:26 - 2009-07-14 06:45 - 00015600 ____H D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-12 21:22 - 2013-06-16 22:22 - 01734361 _____ D:\Windows\WindowsUpdate.log
2013-09-12 21:19 - 2013-08-16 08:31 - 00004043 _____ D:\Windows\setupact.log
2013-09-12 21:19 - 2013-06-28 13:56 - 00000530 _____ D:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job
2013-09-12 21:19 - 2013-04-05 07:31 - 00000212 _____ D:\Windows\Tasks\AutoKMS.job
2013-09-12 21:19 - 2012-10-14 23:13 - 00001116 _____ D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-12 21:19 - 2012-10-01 16:49 - 00000000 ____D D:\Users\Hindersmann\AppData\Roaming\Dropbox
2013-09-12 21:19 - 2012-09-30 21:57 - 00000828 _____ D:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-09-12 21:19 - 2012-09-30 21:48 - 00000000 ____D D:\ProgramData\NVIDIA
2013-09-12 21:19 - 2009-07-14 07:08 - 00000006 ____H D:\Windows\Tasks\SA.DAT
2013-09-12 21:02 - 2013-06-25 16:35 - 00000000 ____D D:\Program Files (x86)\Azureus
2013-09-12 21:02 - 2013-02-25 21:47 - 00000000 ____D D:\Program Files (x86)\WISO
2013-09-12 21:02 - 2012-09-30 21:51 - 00000000 ___HD D:\Program Files (x86)\InstallShield Installation Information
2013-09-12 20:58 - 2012-10-01 14:42 - 00000000 ____D D:\Program Files (x86)\Adobe
2013-09-12 20:57 - 2012-10-20 15:55 - 00000000 ____D D:\Program Files\Common Files\Adobe
2013-09-12 20:56 - 2012-10-14 23:13 - 00000000 ____D D:\Program Files (x86)\Google
2013-09-12 20:54 - 2013-03-19 17:04 - 00000000 ____D D:\Program Files (x86)\Steam
2013-09-12 20:54 - 2012-10-01 02:03 - 00000884 _____ D:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-12 20:46 - 2012-10-01 22:17 - 00000000 ____D D:\Users\Hindersmann\Documents\Outlook-Dateien
2013-09-12 20:19 - 2013-08-21 21:15 - 00034554 _____ D:\Windows\PFRO.log
2013-09-12 19:09 - 2013-09-08 12:44 - 00000000 ____D D:\Users\Hindersmann\Desktop\5-076 Übungsdateien
2013-09-12 18:51 - 2013-06-25 17:49 - 00000000 ____D D:\Program Files (x86)\hdvidcodec.com
2013-09-12 16:45 - 2013-09-12 16:45 - 00000000 ____D D:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-12 16:44 - 2013-09-12 16:44 - 00000085 _____ D:\Windows\wininit.ini
2013-09-12 16:43 - 2013-09-12 16:40 - 00000000 ____D D:\ProgramData\Spybot - Search & Destroy
2013-09-12 16:41 - 2013-09-12 16:41 - 00000000 ____D D:\Windows\System32\Tasks\Safer-Networking
2013-09-12 16:39 - 2012-09-30 22:07 - 00000000 ____D D:\Users\Hindersmann\AppData\Roaming\DAEMON Tools Lite
2013-09-11 17:42 - 2013-03-18 22:30 - 00000000 ____D D:\Users\Hindersmann\AppData\Local\think-cell
2013-09-11 17:35 - 2013-04-14 19:26 - 05052760 _____ D:\Windows\system32\FNTCACHE.DAT
2013-09-11 17:35 - 2012-09-30 22:30 - 00000000 ____D D:\Windows\Panther
2013-09-11 17:35 - 2012-09-30 21:37 - 00000000 ___RD D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 17:35 - 2012-09-30 21:37 - 00000000 ___RD D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 17:27 - 2013-08-15 22:06 - 00000000 ____D D:\Windows\system32\MRT
2013-09-11 17:25 - 2012-10-01 01:39 - 79143768 _____ (Microsoft Corporation) D:\Windows\system32\MRT.exe
2013-09-11 17:24 - 2012-10-01 17:08 - 00000000 ____D D:\ProgramData\Microsoft Help
2013-09-09 17:40 - 2012-11-26 23:22 - 00000000 ____D D:\Users\Hindersmann\workspace
2013-09-08 13:23 - 2012-09-30 21:57 - 00000830 _____ D:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-09-08 12:53 - 2013-04-05 07:31 - 00000202 _____ D:\Windows\Tasks\AutoKMSDaily.job
2013-09-06 17:24 - 2013-09-06 17:24 - 00000000 ____D D:\Users\Hindersmann\Downloads\Sportmuffel
2013-09-05 20:43 - 2013-09-05 20:43 - 00000000 ____D D:\Program Files (x86)\Microsoft Silverlight
2013-09-05 17:00 - 2013-09-03 18:41 - 00000000 ____D D:\Users\Hindersmann\DigSig
2013-09-01 17:42 - 2013-09-01 17:42 - 00000000 ____D D:\Windows\System32\Tasks\Norton 360
2013-09-01 17:37 - 2013-08-29 23:26 - 00003206 _____ D:\Windows\System32\Tasks\Norton WSC Integration
2013-09-01 17:37 - 2013-08-29 23:23 - 00000000 ____D D:\Windows\system32\Drivers\N360x64
2013-08-30 10:54 - 2013-08-29 23:26 - 00177312 _____ (Symantec Corporation) D:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-08-30 10:54 - 2013-08-29 23:26 - 00007631 _____ D:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-08-30 10:11 - 2013-09-12 20:39 - 769845165 _____ D:\Users\Hindersmann\Downloads\mfhmavabrandijuliamrpete_720.mp4
2013-08-29 23:27 - 2013-08-29 23:23 - 00000000 ____D D:\ProgramData\Norton
2013-08-29 23:26 - 2013-08-29 23:26 - 00000000 ____D D:\Program Files\Symantec
2013-08-29 23:26 - 2013-08-29 23:26 - 00000000 ____D D:\Program Files\Common Files\Symantec Shared
2013-08-29 23:23 - 2013-08-29 23:23 - 00000000 ____D D:\Program Files (x86)\Norton 360
2013-08-29 23:14 - 2013-08-29 23:14 - 00000000 ____D D:\Users\Hindersmann\Downloads\Norton360.Final.German
2013-08-21 17:03 - 2012-11-04 17:27 - 00000000 ____D D:\Program Files (x86)\Mozilla Firefox
2013-08-21 17:03 - 2012-09-30 22:08 - 00000000 ____D D:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 23:03 - 2009-07-14 05:20 - 00000000 ____D D:\Windows\rescache
2013-08-19 13:49 - 2013-05-29 20:43 - 00000000 ____D D:\Users\Hindersmann\Documents\MATLAB
2013-08-19 13:16 - 2012-10-01 17:08 - 00000000 ____D D:\Users\Hindersmann\AppData\Local\Microsoft Help
2013-08-16 08:32 - 2013-08-16 08:31 - 00000000 ____D D:\Users\Hindersmann\Desktop\Elektrotechnik
2013-08-16 08:31 - 2013-08-16 08:31 - 00000000 _____ D:\Windows\setuperr.log

Files to move or delete:
====================
D:\Users\Hindersmann\AppData\Local\Temp\SpotifyUninstall.exe

==================== Bamital & volsnap Check =================

D:\Windows\System32\winlogon.exe => MD5 is legit
D:\Windows\System32\wininit.exe => MD5 is legit
D:\Windows\SysWOW64\wininit.exe => MD5 is legit
D:\Windows\explorer.exe => MD5 is legit
D:\Windows\SysWOW64\explorer.exe => MD5 is legit
D:\Windows\System32\svchost.exe => MD5 is legit
D:\Windows\SysWOW64\svchost.exe => MD5 is legit
D:\Windows\System32\services.exe => MD5 is legit
D:\Windows\System32\User32.dll => MD5 is legit
D:\Windows\SysWOW64\User32.dll => MD5 is legit
D:\Windows\System32\userinit.exe => MD5 is legit
D:\Windows\SysWOW64\userinit.exe => MD5 is legit
D:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 04:15

==================== End Of Log ============================
--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2013
Ran by Hindersmann at 2013-09-12 21:52:13
Running from D:\Users\Hindersmann\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

64 Bit HP CIO Components Installer (Version: 6.2.2)
8500A909_BasicWeb (x32 Version: 140.0.000.000)
8500A909_Help_BasicWeb (x32 Version: 1.00.0000)
Adobe Acrobat XI Pro (x32 Version: 11.0.04)
Adobe AIR (x32 Version: 3.4.0.2710)
Adobe Flash Player 11 ActiveX (x32 Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
ASUS Power4Gear Hybrid (Version: 1.2.2)
ASUS Smart Gesture (x32 Version: 1.0.32)
ATK Package (x32 Version: 1.0.0020)
AX88772B Windows 7 Drivers (x32 Version: 1.0.2.0)
bpd_scan (x32 Version: 3.00.0000)
BPDSoftware (x32 Version: 140.0.000.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
BufferChm (x32 Version: 140.0.213.000)
Canon MG5100 series MP Drivers
CCleaner (Version: 4.04)
Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7)
CPUID CPU-Z 1.63.0
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dotfuscator Software Services - Community Edition - DEU (x32 Version: 5.0.2300.0)
Dotfuscator Software Services - Community Edition (x32 Version: 5.0.2300.0)
Dropbox (HKCU Version: 2.0.22)
ETDWare PS/2-X64 10.6.6.0 (Version: 10.6.6.0)
FileZilla Client 3.5.3 (x32 Version: 3.5.3)
Google Chrome (x32 Version: 29.0.1547.66)
Google Update Helper (x32 Version: 1.3.21.153)
GPL Ghostscript (Version: 9.06)
HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät (Version: 28.0.1313.0)
HP Officejet Pro 8500 A909 Series (Version: 14.0)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
IAR Embedded Workbench Demo for H8 1.52D (x32)
InstantOn for NB (x32 Version: 2.3.3)
Intel PROSet Wireless
Intel(R) Dynamic Platform & Thermal Framework (x32 Version: 6.0.1.1067)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2761)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.2.0.0284)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.1.2.0206)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.5.235)
Intel® PROSet/Wireless WiFi-Software (Version: 15.02.0000.1258)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Java 7 Update 25 (x32 Version: 7.0.250)
Java 7 Update 9 (64-bit) (Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.5)
Java SE Development Kit 7 Update 9 (64-bit) (Version: 1.7.0.90)
JDownloader 0.9 (x32 Version: 0.9)
KeePass Password Safe 1.24 (x32 Version: 1.24)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MATLAB R2013a (Version: 8.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - DEU (x32 Version: 2.0.50331.0)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (x32 Version: 2.0.50331.0)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (x32 Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (x32 Version: 2.0.50217.0)
Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.1.99.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (x32 Version: 5.1.20513.0)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (x32 Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (x32 Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 de (x32 Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) de (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - DEU (Version: 10.0.30319)
Microsoft Team Foundation Server 2010-Objektmodell - DEU (Version: 10.0.30319)
Microsoft Visio 2010 Service Pack 1 (SP1) (x32)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010 Performance Collection Tools - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio 2010 Ultimate - DEU (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio Macro Tools - DEU Language Pack (x32 Version: 9.0.30729)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
MiKTeX 2.9 (x32 Version: 2.9)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser und SDK (x32 Version: 4.20.9818.0)
Need for Speed Most Wanted (x32)
NetBeans IDE 7.2.1 (Version: 7.2.1)
Network64 (Version: 140.0.215.000)
Nexon Game Manager (x32)
Norton 360 (x32 Version: 20.4.0.40)
NVIDIA 3D Vision Treiber 314.22 (Version: 314.22)
NVIDIA Grafiktreiber 314.22 (Version: 314.22)
NVIDIA HD-Audiotreiber 1.3.13.1 (Version: 1.3.13.1)
NVIDIA Install Application (Version: 2.1002.115.743)
NVIDIA Optimus 1.12.12 (Version: 1.12.12)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422)
NVIDIA Systemsteuerung 314.22 (Version: 314.22)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
Opera 12.15 (x32 Version: 12.15.1748)
PDF Architect (x32 Version: 1.1.83.9982)
PDFCreator (x32 Version: 1.7.0)
Programmer's Notepad (x32 Version: 2.3.4.2350)
PSpice Student 9.1 (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6685)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.39025)
Scan (x32 Version: 140.0.167.000)
Secure Download Manager (x32 Version: 3.1.0)
Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) (Version: 10.1.2531.0)
Skype™ 6.5 (x32 Version: 6.5.158)
SpeedFan (remove only) (x32)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
Steam (x32 Version: 1.0.0.0)
SumatraPDF (x32 Version: 2.2.1)
swMSM (x32 Version: 12.0.0.1)
TeXnicCenter Version 2.0 Beta 1 (Version: 2.0 Beta 1)
think-cell (x32 Version: 5.3.22.242)
Toolbox (x32 Version: 140.0.428.000)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (Version: 10.1.2731.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Visual Studio 2010 Prerequisites - English (Version: 10.0.30319)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (x32 Version: 4.0.8080.0)
VLC media player 2.0.3 (x32 Version: 2.0.3)
Web Deployment Tool (Version: 1.1.0618)
WebReg (x32 Version: 140.0.213.017)
WinFlash (x32 Version: 2.41.1)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
WISO Steuer-Sparbuch 2013 (x32 Version: 20.00.8137)
XAMPP 1.8.1 (x32)
X-Proxy (HKCU Version: 3.3.0.2)

==================== Restore Points  =========================

11-09-2013 15:04:17 Windows Update
12-09-2013 18:55:47 Removed Google Earth.
12-09-2013 19:01:12 Entfernt Paragon Backup and Recovery™ 2013 Plus Edition.
12-09-2013 19:02:49 Entfernt WISO Steuer 2012

==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-11-22 17:56 - 00003308 ____A D:\Windows\system32\Drivers\etc\hosts



==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {1F134FF2-209A-4FD5-A8C5-7222D7C559B5} - System32\Tasks\NoteBookFanControl => D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\NoteBookFanControl.exe [2013-01-29] (Stefan Hirschmann)
Task: {322D65C9-039A-493F-9CB3-207AF98C8295} - System32\Tasks\MATLAB R2013a Startup Accelerator => D:\Program Files\MATLAB\bin\win64\MATLABStartupAccelerator.exe [2013-01-16] ()
Task: {3510C74C-E7B2-40DF-A624-443ED46117D0} - System32\Tasks\GoogleUpdateTaskMachineCore => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14] (Google Inc.)
Task: {3A7054D5-D07B-4378-B53D-F8873B8EB674} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {43177FEF-B178-48C8-9302-8B67A2FC821A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => D:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {4BA5F4A0-11C2-4D33-A77B-76871E2FBCE3} - System32\Tasks\Microsoft\Windows Defender\Mp Scheduled Scan => D:\Program Files\Windows Defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {4CD7B3DA-F975-4212-8292-2B000DA62692} - System32\Tasks\ATKOSD2 => D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-06-25] (ASUSTek Computer Inc.)
Task: {50E48E30-BF07-45C4-837F-7C9CBBAD9EA2} - System32\Tasks\Norton WSC Integration => D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {8FBB32AC-E012-4A7F-A43C-3B2B457ED8AB} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {A640F7C1-C1B4-40B8-A2D4-C1DB9A96B69A} - System32\Tasks\AutoKMSDaily => D:\Windows\AutoKMS.exe
Task: {C42E8B1F-D9FC-4429-B419-88A7FA8F514E} - System32\Tasks\ASUS P4G => D:\Program Files\ASUS\P4G\BatteryLife.exe [2012-05-15] (ASUS)
Task: {CA6C453F-80A1-4888-AA31-B8C35BC20582} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => D:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {D0919686-810B-4592-AB62-3D7814DEA67D} - System32\Tasks\AutoKMS => D:\Windows\AutoKMS.exe
Task: {D929D056-31B6-405F-A89E-CEFC0BEB4102} - System32\Tasks\Adobe Flash Player Updater => D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {DF46D3C6-B505-4616-81AC-C692E2B63303} - System32\Tasks\GoogleUpdateTaskMachineUA => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14] (Google Inc.)
Task: {E33FEE13-EDFE-4502-8B92-B2B75AAF7AE1} - System32\Tasks\Norton 360\Norton Error Analyzer => D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {FFAE253B-0EAB-499A-8098-F2B71BDCE016} - System32\Tasks\Norton 360\Norton Error Processor => D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: D:\Windows\Tasks\Adobe Flash Player Updater.job => D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\Windows\Tasks\AutoKMS.job => D:\Windows\AutoKMS.exe
Task: D:\Windows\Tasks\AutoKMSDaily.job => D:\Windows\AutoKMS.exe
Task: D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: D:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => D:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: D:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => D:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: D:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job => D:\Program Files\MATLAB\bin\win64\MATLABStartupAccelerator.exe

==================== Loaded Modules (whitelisted) =============

2013-01-09 21:38 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) D:\Windows\system32\taskhost.exe
2012-09-30 21:47 - 2013-03-15 07:53 - 00250504 _____ (NVIDIA Corporation) D:\Windows\system32\nvinitx.dll
2013-08-30 10:52 - 2013-05-21 06:44 - 00144368 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
2009-07-14 01:37 - 2009-07-14 03:39 - 00120320 _____ (Microsoft Corporation) D:\Windows\system32\Dwm.exe
2012-09-30 21:47 - 2013-03-15 07:53 - 01118776 _____ (NVIDIA Corporation) D:\Windows\system32\nvumdshimx.dll
2012-09-30 22:36 - 2010-11-20 05:25 - 00464384 _____ (Microsoft Corporation) D:\Windows\system32\taskeng.exe
2012-10-01 01:36 - 2011-02-25 08:19 - 02871808 _____ (Microsoft Corporation) D:\Windows\Explorer.EXE
2013-04-05 00:12 - 2013-04-05 00:12 - 00164016 _____ (Dropbox, Inc.) D:\Users\Hindersmann\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () D:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-08-30 10:50 - 2013-05-29 04:41 - 02656592 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\buShell.dll
2013-08-30 10:50 - 2013-05-21 06:44 - 01060232 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\ccL120U.dll
2013-08-30 10:50 - 2013-05-23 07:25 - 00114056 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\EFACli64.dll
2013-08-30 10:50 - 2013-05-21 06:44 - 00119176 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\ccVrTrst.dll
2013-08-30 10:50 - 2013-05-21 06:44 - 00475528 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\ccSet.dll
2013-08-30 10:50 - 2013-05-21 06:44 - 00231304 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\ccIPC.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () D:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-08-30 10:50 - 2013-05-30 03:23 - 00553264 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\diStRptr.dll
2013-08-30 10:50 - 2013-05-29 04:41 - 00663888 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\buComm.dll
2013-08-30 10:50 - 2013-05-28 19:52 - 01728336 ____R (SwapDrive, Inc.) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\BuEng.dll
2013-08-30 10:50 - 2013-05-21 06:44 - 00443784 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\ccGEvt.dll
2012-09-30 22:08 - 2012-06-09 19:20 - 00196096 _____ (Alexander Roshal) D:\Program Files\WinRAR\rarext.dll
2013-08-30 10:50 - 2013-06-04 06:45 - 00243536 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\NavShExt.dll
2012-09-30 21:48 - 2013-03-15 06:16 - 01016096 _____ (NVIDIA Corporation) D:\Windows\system32\nv3dappshext.dll
2012-09-30 21:47 - 2013-03-15 07:53 - 02864144 _____ (NVIDIA Corporation) D:\Windows\system32\nvapi64.dll
2013-08-11 13:12 - 2013-08-11 13:12 - 00178800 _____ (Sony DADC Austria AG.) d:\windows\SysWOW64\cmdlineext_x64.dll
2012-09-30 21:48 - 2013-03-15 06:16 - 00076064 _____ (NVIDIA Corporation) D:\Windows\system32\Nv3DAppShExtR.dll
2013-02-15 16:46 - 2013-01-29 02:49 - 00544256 _____ (Stefan Hirschmann) D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\NoteBookFanControl.exe
2013-02-15 16:46 - 2013-01-29 02:49 - 00028672 _____ (Stefan Hirschmann) D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\NoteBookFanControlLib.dll
2013-02-15 16:46 - 2012-12-25 10:54 - 00170496 _____ (CodePlex Community) D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\Microsoft.Win32.TaskScheduler.dll
2013-02-15 16:46 - 2013-01-27 23:03 - 00257536 _____ () D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\OpenHardwareMonitorLib.dll
2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () D:\Program Files\ASUS\P4G\DevMng.dll
2012-06-13 19:34 - 2012-06-13 19:34 - 00170304 _____ (Intel Corporation) D:\Windows\System32\igfxtray.exe
2012-06-13 19:34 - 2012-06-13 19:34 - 00438784 _____ (Intel Corporation) D:\Windows\system32\igfxrDEU.lrc
2012-06-13 19:34 - 2012-06-13 19:34 - 00398656 _____ (Intel Corporation) D:\Windows\System32\hkcmd.exe
2012-06-13 19:34 - 2012-06-13 19:34 - 00440128 _____ (Intel Corporation) D:\Windows\System32\igfxpers.exe
2012-06-13 19:34 - 2012-06-13 19:34 - 00094208 _____ () D:\Windows\System32\IccLibDll_x64.dll
2012-09-30 21:51 - 2012-07-13 18:53 - 12936848 _____ (Realtek Semiconductor) D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2012-09-30 21:51 - 2012-06-20 17:26 - 00110592 _____ (Real Sound Lab SIA) D:\Windows\system32\CONEQMSAPOGUILibrary.dll
2009-07-14 01:57 - 2009-07-14 03:39 - 00045568 _____ (Microsoft Corporation) D:\Windows\System32\rundll32.exe
2013-09-12 21:38 - 2013-09-12 21:38 - 00602112 _____ (OldTimer Tools) D:\Users\Hindersmann\Desktop\OTL.exe
2012-09-30 22:36 - 2010-11-20 05:25 - 00257024 _____ (Microsoft Corporation) D:\Windows\system32\taskmgr.exe
2013-09-12 21:50 - 2013-09-12 21:51 - 01949660 _____ (Farbar) D:\Users\Hindersmann\Desktop\FRST64.exe
2013-08-30 10:51 - 2013-05-21 06:44 - 00705928 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccL120U.dll
2013-08-30 10:52 - 2013-05-21 06:44 - 00089480 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccVrTrst.dll
2013-08-30 10:50 - 2013-05-23 07:25 - 00086408 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\EFACli.dll
2013-08-30 10:52 - 2013-05-21 06:44 - 00157576 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvc.dll
2013-08-30 10:52 - 2013-05-21 06:40 - 00410576 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\srtsp32.dll
2013-08-30 10:51 - 2013-05-21 06:44 - 00159624 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccIPC.dll
2013-08-30 10:52 - 2013-06-04 06:42 - 00548688 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\NPCTRAY.DLL
2013-08-30 10:52 - 2013-05-21 06:44 - 00345480 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSet.dll
2013-08-30 10:50 - 2013-06-04 06:43 - 00962384 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\uiMain.dll
2013-08-30 10:50 - 2013-05-28 09:42 - 02430800 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SYMHTMDX.DLL
2013-08-30 10:52 - 2013-05-30 03:22 - 00320816 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\diStRptr.dll
2013-09-02 16:18 - 2013-06-28 07:17 - 01849168 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\isDataPr.dll
2013-08-30 10:50 - 2013-05-30 04:13 - 01337136 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\MClnTask.dll
2013-08-30 10:50 - 2013-06-04 06:42 - 00548176 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\ASHELPER.DLL
2013-08-30 10:51 - 2013-06-04 06:42 - 00579408 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\ASOEHOOK.DLL
2013-08-30 10:50 - 2013-06-04 06:42 - 00537424 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\AVPAPP32.DLL
2013-08-30 10:51 - 2013-05-29 04:41 - 00263504 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\BUUIPLG.DLL
2013-08-30 10:51 - 2013-05-24 04:09 - 00502664 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\AVIfc.dll
2013-08-30 10:51 - 2013-05-21 06:44 - 00289160 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccGEvt.dll
2013-08-30 10:51 - 2013-05-21 06:44 - 00401288 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccJobMgr.dll
2013-08-30 10:52 - 2013-05-21 00:50 - 02651472 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\CLTALDIS.DLL
2013-08-30 10:52 - 2013-06-04 06:42 - 00528208 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\FWSESAL.DLL
2013-08-30 10:54 - 2013-06-10 19:10 - 00629072 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\MUI\20.4.0.40\07\01\cltRes.loc
2013-08-30 10:50 - 2013-05-21 00:50 - 00932176 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\cltPE.dll
2013-08-30 10:50 - 2013-05-21 00:50 - 01035088 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\cltLMS.dll
2013-09-02 16:18 - 2013-07-03 23:42 - 00821552 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\NAHELPER.DLL
2013-08-30 10:50 - 2013-05-31 03:46 - 00999760 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\CODATAPR.DLL
2013-08-30 10:52 - 2013-05-31 03:48 - 00551760 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coShdObj.dll
2013-08-30 10:50 - 2013-05-31 03:48 - 01397584 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\COACTMGR.DLL
2013-08-30 10:52 - 2012-05-30 08:51 - 00699280 ____R () D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\wincfi39.dll
2013-08-30 10:50 - 2013-06-04 06:42 - 00502608 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\NUEX.DLL
2013-08-30 10:50 - 2013-05-30 04:13 - 01078576 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\DataStor.dll
2013-08-30 10:50 - 2013-05-30 04:13 - 00965936 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Comm.dll
2013-08-30 10:52 - 2013-06-04 06:43 - 00243024 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\QSPLUGIN.DLL
2013-08-30 10:52 - 2012-05-15 03:27 - 00588216 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\SDKCMN.DLL
2013-08-30 10:50 - 2013-05-29 04:41 - 00272208 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\buDataCl.dll
2013-08-30 10:52 - 2013-06-04 06:43 - 00916304 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\UIALERT.DLL
2013-08-30 10:52 - 2013-05-30 04:13 - 00028464 ____R (Symantec Corporation) D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\USERCTXT.DLL
2013-08-30 10:51 - 2013-05-29 04:41 - 00442192 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\buComm.dll
2013-08-30 10:51 - 2013-05-28 19:52 - 01439056 ____R (SwapDrive, Inc.) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\BuEng.dll
2013-08-30 10:52 - 2013-04-23 11:02 - 00115536 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\tuDataPr.dll
2013-08-30 10:50 - 2013-06-04 06:42 - 03857232 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ncw.dll
2013-08-30 10:50 - 2013-05-24 04:09 - 00284552 ____R (Symantec Corporation) D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\AppMgr32.dll
2013-04-05 00:12 - 2013-04-05 00:12 - 00130736 _____ (Dropbox, Inc.) D:\Users\Hindersmann\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () D:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-09-30 21:47 - 2013-03-15 07:53 - 00205184 _____ (NVIDIA Corporation) d:\windows\syswow64\nvinit.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00010240 _____ () D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2012-01-08 15:41 - 2012-01-08 15:41 - 00093696 _____ () D:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-09-04 20:51 - 2013-09-02 22:35 - 00709584 _____ () D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
2013-09-04 20:51 - 2013-09-02 22:35 - 00099792 _____ () D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll
2013-09-04 20:51 - 2013-09-02 22:35 - 04053456 _____ () D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-04 20:51 - 2013-09-02 22:35 - 00410576 _____ () D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-04 20:51 - 2013-09-02 22:35 - 01604560 _____ () D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
2013-09-04 20:51 - 2013-09-02 22:35 - 13599184 _____ () D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: D:\Users\Hindersmann\Lokale Einstellungen:3DKIm1g6EW6OBMRtHWiaBQmID
AlternateDataStreams: D:\Users\Hindersmann\AppData\Local:3DKIm1g6EW6OBMRtHWiaBQmID
AlternateDataStreams: D:\Users\Hindersmann\AppData\Local\Anwendungsdaten:3DKIm1g6EW6OBMRtHWiaBQmID
AlternateDataStreams: D:\Users\Hindersmann\AppData\Local\epDmpGdpihRZQ:uPYHcBRiwDMRwNxgN1AwTc


==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/12/2013 09:08:13 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16686 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e20

Startzeit: 01ceafeb03c4f3df

Endzeit: 11

Anwendungspfad: D:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID:

Error: (09/12/2013 08:33:00 PM) (Source: Chrome) (User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.66;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\cfe4259e-1ee7-4008-876d-39d881c8a0b8.dmp

Error: (09/11/2013 06:41:25 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Volume "Volume (X:)" wurde aufgrund eines Fehlers nicht defragmentiert: Der Datenträger wurde vom System getrennt. (0x89000011)

Error: (09/08/2013 11:16:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.6129.5000, Zeitstempel: 0x5082f354
Name des fehlerhaften Moduls: mso.dll, Version: 14.0.6129.5000, Zeitstempel: 0x5082efbe
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004a150
ID des fehlerhaften Prozesses: 0x19a4
Startzeit der fehlerhaften Anwendung: 0xWINWORD.EXE0
Pfad der fehlerhaften Anwendung: WINWORD.EXE1
Pfad des fehlerhaften Moduls: WINWORD.EXE2
Berichtskennung: WINWORD.EXE3

Error: (09/02/2013 07:09:16 PM) (Source: Chrome) (User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\66666ffd-9027-4121-9207-80c355b2c96d.dmp

Error: (09/02/2013 04:36:25 PM) (Source: Chrome) (User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\01bd28c5-2a77-42c5-ac80-615703772244.dmp

Error: (08/25/2013 00:21:36 PM) (Source: Chrome) (User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\514754c9-2b93-4443-ac77-582e12a2ffe0.dmp

Error: (08/23/2013 08:41:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 23.0.1.4974, Zeitstempel: 0x520bc252
Name des fehlerhaften Moduls: xul.dll, Version: 23.0.1.4974, Zeitstempel: 0x520bc166
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0017af08
ID des fehlerhaften Prozesses: 0x1858
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (08/22/2013 10:07:59 PM) (Source: Chrome) (User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\0d32d15c-d1b2-481e-ae88-3d56fe421f97.dmp

Error: (08/21/2013 07:31:22 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: X:\Dropbox\-Importants\Hindersmann\Mamas Fotos\20130407_195219.jpgACCESS_VIOLATION0x71988c32AVEPROC_TestFile()


System errors:
=============
Error: (09/12/2013 09:21:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (09/12/2013 09:21:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (09/12/2013 09:19:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (09/12/2013 09:19:27 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UimBus
Uim_IM
Uim_VIM

Error: (09/12/2013 09:19:18 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "X:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.

Error: (09/12/2013 09:19:18 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "X:" den Befehl "chkdsk" aus.

Error: (09/12/2013 09:02:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (09/12/2013 09:02:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (09/12/2013 09:00:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (09/12/2013 08:59:53 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "X:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.


Microsoft Office Sessions:
=========================
Error: (09/12/2013 09:08:13 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16686e2001ceafeb03c4f3df11D:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/12/2013 08:33:00 PM) (Source: Chrome)(User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.66;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\cfe4259e-1ee7-4008-876d-39d881c8a0b8.dmp

Error: (09/11/2013 06:41:25 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: Volume (X:)Der Datenträger wurde vom System getrennt. (0x89000011)

Error: (09/08/2013 11:16:53 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE14.0.6129.50005082f354mso.dll14.0.6129.50005082efbec00000050004a15019a401ceacadb7a973c8D:\PROGRA~2\MIF5BA~1\Office14\WINWORD.EXED:\Program Files (x86)\Common Files\Microsoft Shared\office14\mso.dllfb058412-18cb-11e3-bc9a-c485083c725f

Error: (09/02/2013 07:09:16 PM) (Source: Chrome)(User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\66666ffd-9027-4121-9207-80c355b2c96d.dmp

Error: (09/02/2013 04:36:25 PM) (Source: Chrome)(User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\01bd28c5-2a77-42c5-ac80-615703772244.dmp

Error: (08/25/2013 00:21:36 PM) (Source: Chrome)(User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\514754c9-2b93-4443-ac77-582e12a2ffe0.dmp

Error: (08/23/2013 08:41:36 PM) (Source: Application Error)(User: )
Description: firefox.exe23.0.1.4974520bc252xul.dll23.0.1.4974520bc166c00000050017af08185801ce9fff508eb0c2D:\Program Files (x86)\Mozilla Firefox\firefox.exeD:\Program Files (x86)\Mozilla Firefox\xul.dlla31ffac2-0c23-11e3-8d65-c485083c725f

Error: (08/22/2013 10:07:59 PM) (Source: Chrome)(User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.57;lang=;id=;is_machine=1;upload=1;minidump=D:\Program Files (x86)\Google\CrashReports\0d32d15c-d1b2-481e-ae88-3d56fe421f97.dmp

Error: (08/21/2013 07:31:22 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: X:\Dropbox\-Importants\Hindersmann\Mamas Fotos\20130407_195219.jpgACCESS_VIOLATION0x71988c32AVEPROC_TestFile()


CodeIntegrity Errors:
===================================
  Date: 2013-02-14 22:31:14.643
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 22:31:14.580
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 17:25:22.150
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-14 17:25:22.116
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 10125.56 MB
Available physical RAM: 7590.81 MB
Total Pagefile: 20249.31 MB
Available Pagefile: 17344.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Daten) (Fixed) (Total:931.51 GB) (Free:191.97 GB) NTFS
Drive d: (Volume) (Fixed) (Total:119.24 GB) (Free:19.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive x: (Volume) (Fixed) (Total:22.36 GB) (Free:7.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 6557BC93)
Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1536 GB) (Disk ID: BFD3409A)
Partition 1: (Not Active) - (Size=22 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 88D7BB49)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

HansaHans 12.09.2013 21:15
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-12 22:01:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\000000a2 SAMSUNG_ rev.2AR1 931,51GB
Running: gmer_2.1.19163.exe; Driver: D:\Users\HINDER~1\AppData\Local\Temp\axlcqpoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  D:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544                                                                                                      fffff80003403000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG  D:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591                                                                                                      fffff8000340302f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                    000000007735efe0 5 bytes JMP 000000016fff0148
.text    D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                  00000000773899b0 7 bytes JMP 000000016fff00d8
.text    D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                  00000000773994d0 5 bytes JMP 000000016fff0180
.text    D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                  0000000077399640 5 bytes JMP 000000016fff0110
.text    D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\kernel32.dll!RegSetValueExA                                                          00000000773ba500 7 bytes JMP 000000016fff01b8
.text    D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                            000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text    D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                      000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text    D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                        000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text    D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                    000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text    D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                      000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text    D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                    000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text    D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\ole32.dll!CoCreateInstance                                                            000007feff607490 11 bytes JMP 000007fffd5e0228
.text    D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1584] D:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                          000007feff61bf00 7 bytes JMP 000007fffd5e0260
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                    00000000767613e1 7 bytes JMP 00000001707412ad
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                          000000007677b1d3 5 bytes JMP 00000001707415be
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                          00000000767f88b4 7 bytes JMP 0000000170741357
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                          00000000767f8939 5 bytes JMP 00000001707416e0
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                            00000000767f8c8f 5 bytes JMP 0000000170741028
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                0000000076701d1b 5 bytes JMP 00000001707411ef
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                              0000000076701dc9 5 bytes JMP 0000000170741023
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                  0000000076702aa4 5 bytes JMP 000000017074156e
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                    0000000076702d0a 5 bytes JMP 0000000170741294
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\USER32.dll!CreateWindowExW                                                    0000000075fa8a29 5 bytes JMP 0000000170741050
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                0000000075fb4572 5 bytes JMP 00000001707410d2
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                            000000007625e9a2 5 bytes JMP 00000001707415d7
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                              000000007625ebdc 5 bytes JMP 00000001707411b8
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                    0000000076e25ea5 5 bytes JMP 0000000170741609
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3688] D:\Windows\syswow64\ole32.dll!CoCreateInstance                                                    0000000076e59d0b 5 bytes JMP 0000000170741249
.text    D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                          00000000767613e1 7 bytes JMP 00000001707412ad
.text    D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                000000007677b1d3 5 bytes JMP 00000001707415be
.text    D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                00000000767f88b4 7 bytes JMP 0000000170741357
.text    D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                00000000767f8939 5 bytes JMP 00000001707416e0
.text    D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                  00000000767f8c8f 5 bytes JMP 0000000170741028
.text    D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                      0000000076701d1b 5 bytes JMP 00000001707411ef
.text    D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                    0000000076701dc9 5 bytes JMP 0000000170741023
.text    D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                        0000000076702aa4 5 bytes JMP 000000017074156e
.text    D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                          0000000076702d0a 5 bytes JMP 0000000170741294
.text    D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\USER32.dll!CreateWindowExW                                                          0000000075fa8a29 5 bytes JMP 0000000170741050
.text    D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                      0000000075fb4572 5 bytes JMP 00000001707410d2
.text    D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                  000000007625e9a2 5 bytes JMP 00000001707415d7
.text    D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                    000000007625ebdc 5 bytes JMP 00000001707411b8
.text    D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                          0000000076e25ea5 5 bytes JMP 0000000170741609
.text    D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3704] D:\Windows\syswow64\ole32.dll!CoCreateInstance                                                          0000000076e59d0b 5 bytes JMP 0000000170741249
.text    D:\Windows\system32\Dwm.exe[3812] D:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                        000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text    D:\Windows\system32\Dwm.exe[3812] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                    000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text    D:\Windows\system32\Dwm.exe[3812] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                      000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text    D:\Windows\system32\Dwm.exe[3812] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                  000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text    D:\Windows\system32\Dwm.exe[3812] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                  000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text    D:\Windows\system32\Dwm.exe[3812] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text    D:\Windows\system32\Dwm.exe[3812] D:\Windows\system32\dxgi.dll!CreateDXGIFactory                                                                                        000007fef54edc88 5 bytes JMP 000007fff54c00d8
.text    D:\Windows\system32\Dwm.exe[3812] D:\Windows\system32\dxgi.dll!CreateDXGIFactory1                                                                                        000007fef54ede10 5 bytes JMP 000007fff54c0110
.text    D:\Windows\system32\taskeng.exe[3820] D:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                    000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text    D:\Windows\system32\taskeng.exe[3820] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text    D:\Windows\system32\taskeng.exe[3820] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                  000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text    D:\Windows\system32\taskeng.exe[3820] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                              000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text    D:\Windows\system32\taskeng.exe[3820] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                              000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text    D:\Windows\system32\taskeng.exe[3820] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                            000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text    D:\Windows\system32\taskeng.exe[3820] D:\Windows\system32\ole32.dll!CoCreateInstance                                                                                    000007feff607490 11 bytes JMP 000007fffd5e0228
.text    D:\Windows\system32\taskeng.exe[3820] D:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                    000007feff61bf00 7 bytes JMP 000007fffd5e0260
.text    D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\NoteBookFanControl.exe[3952] D:\Windows\system32\KERNELBASE.dll!FreeLibrary                    000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text    D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\NoteBookFanControl.exe[3952] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW              000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text    D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\NoteBookFanControl.exe[3952] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text    D:\Users\Hindersmann\Downloads\Releases\NoteBookFanControl-0.14.3.58.beta\NoteBookFanControl.exe[3952] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW            000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text    D:\Program Files\ASUS\P4G\BatteryLife.exe[3964] D:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                  000000007735efe0 5 bytes JMP 000000016fff0148
.text    D:\Program Files\ASUS\P4G\BatteryLife.exe[3964] D:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                00000000773899b0 7 bytes JMP 000000016fff00d8
.text    D:\Program Files\ASUS\P4G\BatteryLife.exe[3964] D:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                00000000773994d0 5 bytes JMP 000000016fff0180
.text    D:\Program Files\ASUS\P4G\BatteryLife.exe[3964] D:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                0000000077399640 5 bytes JMP 000000016fff0110
.text    D:\Program Files\ASUS\P4G\BatteryLife.exe[3964] D:\Windows\system32\kernel32.dll!RegSetValueExA                                                                          00000000773ba500 7 bytes JMP 000000016fff01b8
.text    D:\Program Files\ASUS\P4G\BatteryLife.exe[3964] D:\Windows\system32\ole32.dll!CoCreateInstance                                                                          000007feff607490 11 bytes JMP 000007fffd5e0228
.text    D:\Program Files\ASUS\P4G\BatteryLife.exe[3964] D:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                          000007feff61bf00 7 bytes JMP 000007fffd5e0260
.text    D:\Windows\system32\taskeng.exe[3992] D:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                    000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text    D:\Windows\system32\taskeng.exe[3992] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text    D:\Windows\system32\taskeng.exe[3992] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                  000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text    D:\Windows\system32\taskeng.exe[3992] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                              000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text    D:\Windows\system32\taskeng.exe[3992] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                              000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text    D:\Windows\system32\taskeng.exe[3992] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                            000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text    D:\Windows\system32\taskeng.exe[3992] D:\Windows\system32\ole32.dll!CoCreateInstance                                                                                    000007feff607490 11 bytes JMP 000007fffd5e0228
.text    D:\Windows\system32\taskeng.exe[3992] D:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                    000007feff61bf00 7 bytes JMP 000007fffd5e0260
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                      00000000767613e1 7 bytes JMP 00000001707412ad
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                            000000007677b1d3 5 bytes JMP 00000001707415be
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                            00000000767f88b4 7 bytes JMP 0000000170741357
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                            00000000767f8939 5 bytes JMP 00000001707416e0
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                              00000000767f8c8f 5 bytes JMP 0000000170741028
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                  0000000076701d1b 5 bytes JMP 00000001707411ef
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                0000000076701dc9 5 bytes JMP 0000000170741023
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                    0000000076702aa4 5 bytes JMP 000000017074156e
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                      0000000076702d0a 5 bytes JMP 0000000170741294
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\USER32.dll!CreateWindowExW                                                      0000000075fa8a29 5 bytes JMP 0000000170741050
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                  0000000075fb4572 5 bytes JMP 00000001707410d2
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                              000000007625e9a2 5 bytes JMP 00000001707415d7
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                000000007625ebdc 5 bytes JMP 00000001707411b8
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                      0000000076e25ea5 5 bytes JMP 0000000170741609
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1424] D:\Windows\syswow64\ole32.dll!CoCreateInstance                                                      0000000076e59d0b 5 bytes JMP 0000000170741249
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                        00000000767613e1 7 bytes JMP 00000001707412ad
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                000000007677b1d3 5 bytes JMP 00000001707415be
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                00000000767f88b4 7 bytes JMP 0000000170741357
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                00000000767f8939 5 bytes JMP 00000001707416e0
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                  00000000767f8c8f 5 bytes JMP 0000000170741028
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                    0000000076701d1b 5 bytes JMP 00000001707411ef
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                  0000000076701dc9 5 bytes JMP 0000000170741023
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                      0000000076702aa4 5 bytes JMP 000000017074156e
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                          0000000076702d0a 5 bytes JMP 0000000170741294
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\USER32.dll!CreateWindowExW                                                          0000000075fa8a29 5 bytes JMP 0000000170741050
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                      0000000075fb4572 5 bytes JMP 00000001707410d2
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                  000000007625e9a2 5 bytes JMP 00000001707415d7
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                    000000007625ebdc 5 bytes JMP 00000001707411b8
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                        0000000076e25ea5 5 bytes JMP 0000000170741609
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4344] D:\Windows\syswow64\ole32.dll!CoCreateInstance                                                          0000000076e59d0b 5 bytes JMP 0000000170741249
.text    D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                        00000000767613e1 7 bytes JMP 00000001707412ad
.text    D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                              000000007677b1d3 5 bytes JMP 00000001707415be
.text    D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                              00000000767f88b4 7 bytes JMP 0000000170741357
.text    D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                              00000000767f8939 5 bytes JMP 00000001707416e0
.text    D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                00000000767f8c8f 5 bytes JMP 0000000170741028
.text    D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                    0000000076701d1b 5 bytes JMP 00000001707411ef
.text    D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                  0000000076701dc9 5 bytes JMP 0000000170741023
.text    D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                      0000000076702aa4 5 bytes JMP 000000017074156e
.text    D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                        0000000076702d0a 5 bytes JMP 0000000170741294
.text    D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\USER32.dll!CreateWindowExW                                                        0000000075fa8a29 5 bytes JMP 0000000170741050
.text    D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                    0000000075fb4572 5 bytes JMP 00000001707410d2
.text    D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                000000007625e9a2 5 bytes JMP 00000001707415d7
.text    D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                  000000007625ebdc 5 bytes JMP 00000001707411b8
.text    D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                        0000000076e25ea5 5 bytes JMP 0000000170741609
.text    D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4692] D:\Windows\syswow64\ole32.dll!CoCreateInstance                                                        0000000076e59d0b 5 bytes JMP 0000000170741249
.text    D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                            000000007735efe0 5 bytes JMP 000000016fff0148
.text    D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                          00000000773899b0 7 bytes JMP 000000016fff00d8
.text    D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                          00000000773994d0 5 bytes JMP 000000016fff0180
.text    D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                          0000000077399640 5 bytes JMP 000000016fff0110
.text    D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                  00000000773ba500 7 bytes JMP 000000016fff01b8
.text    D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                    000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text    D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                              000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text    D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text    D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                            000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text    D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                              000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text    D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                            000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text    D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\ole32.dll!CoCreateInstance                                                                                    000007feff607490 11 bytes JMP 000007fffd5e0228
.text    D:\Windows\System32\igfxpers.exe[4992] D:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                  000007feff61bf00 7 bytes JMP 000007fffd5e0260
.text    D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                            000000007735efe0 5 bytes JMP 000000016fff0148
.text    D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                          00000000773899b0 7 bytes JMP 000000016fff00d8
.text    D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                          00000000773994d0 5 bytes JMP 000000016fff0180
.text    D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                          0000000077399640 5 bytes JMP 000000016fff0110
.text    D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\kernel32.dll!RegSetValueExA                                                                    00000000773ba500 7 bytes JMP 000000016fff01b8
.text    D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                    000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text    D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text    D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                  000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text    D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                              000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text    D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                              000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text    D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                            000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text    D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\ole32.dll!CoCreateInstance                                                                    000007feff607490 11 bytes JMP 000007fffd5e0228
.text    D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5012] D:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                    000007feff61bf00 7 bytes JMP 000007fffd5e0260
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\kernel32.dll!RegSetValueExA                                  00000000767613e1 7 bytes JMP 00000001707412ad
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                          000000007677b1d3 5 bytes JMP 00000001707415be
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                          00000000767f88b4 7 bytes JMP 0000000170741357
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                          00000000767f8939 5 bytes JMP 00000001707416e0
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                            00000000767f8c8f 5 bytes JMP 0000000170741028
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                              0000000076701d1b 5 bytes JMP 00000001707411ef
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                            0000000076701dc9 5 bytes JMP 0000000170741023
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                0000000076702aa4 5 bytes JMP 000000017074156e
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                    0000000076702d0a 5 bytes JMP 0000000170741294
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\USER32.dll!CreateWindowExW                                    0000000075fa8a29 5 bytes JMP 0000000170741050
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                0000000075fb4572 5 bytes JMP 00000001707410d2
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                            000000007625e9a2 5 bytes JMP 00000001707415d7
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                              000000007625ebdc 5 bytes JMP 00000001707411b8
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                  0000000076e25ea5 5 bytes JMP 0000000170741609
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\ole32.dll!CoCreateInstance                                    0000000076e59d0b 5 bytes JMP 0000000170741249
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000076f71465 2 bytes [F7, 76]
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe[5040] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          0000000076f714bb 2 bytes [F7, 76]
.text    ...                                                                                                                                                                      * 2
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                              000000007735efe0 5 bytes JMP 000000016fff0148
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                            00000000773899b0 7 bytes JMP 000000016fff00d8
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\kernel32.dll!K32GetModuleInformation                            00000000773994d0 5 bytes JMP 000000016fff0180
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                            0000000077399640 5 bytes JMP 000000016fff0110
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\kernel32.dll!RegSetValueExA                                    00000000773ba500 7 bytes JMP 000000016fff01b8
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\KERNELBASE.dll!FreeLibrary                                      000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                  000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                              000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                              000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\ole32.dll!CoCreateInstance                                      000007feff607490 11 bytes JMP 000007fffd5e0228
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[5084] D:\Windows\system32\ole32.dll!CoSetProxyBlanket                                    000007feff61bf00 7 bytes JMP 000007fffd5e0260
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                          000000007735efe0 5 bytes JMP 000000016fff0148
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                        00000000773899b0 7 bytes JMP 000000016fff00d8
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\kernel32.dll!K32GetModuleInformation                        00000000773994d0 5 bytes JMP 000000016fff0180
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                        0000000077399640 5 bytes JMP 000000016fff0110
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\kernel32.dll!RegSetValueExA                                00000000773ba500 7 bytes JMP 000000016fff01b8
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\KERNELBASE.dll!FreeLibrary                                  000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                            000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                              000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                          000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                            000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                          000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\ole32.dll!CoCreateInstance                                  000007feff607490 11 bytes JMP 000007fffd5e0228
.text    D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[5104] D:\Windows\system32\ole32.dll!CoSetProxyBlanket                                000007feff61bf00 7 bytes JMP 000007fffd5e0260
.text    D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                      000000007735efe0 5 bytes JMP 000000016fff0148
.text    D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                    00000000773899b0 7 bytes JMP 000000016fff00d8
.text    D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                    00000000773994d0 5 bytes JMP 000000016fff0180
.text    D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                    0000000077399640 5 bytes JMP 000000016fff0110
.text    D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\kernel32.dll!RegSetValueExA                                                                              00000000773ba500 7 bytes JMP 000000016fff01b8
.text    D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                              000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text    D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                          000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text    D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                            000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text    D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                        000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text    D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                        000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text    D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                      000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text    D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\ole32.dll!CoCreateInstance                                                                              000007feff607490 11 bytes JMP 000007fffd5e0228
.text    D:\Program Files\Elantech\ETDCtrl.exe[4116] D:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                              000007feff61bf00 7 bytes JMP 000007fffd5e0260
.text    D:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4480] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                        0000000076f71465 2 bytes [F7, 76]
.text    D:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4480] D:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                      0000000076f714bb 2 bytes [F7, 76]
.text    ...                                                                                                                                                                      * 2
.text    D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\kernel32.dll!RegSetValueExA          00000000767613e1 7 bytes JMP 00000001707412ad
.text    D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW  000000007677b1d3 5 bytes JMP 00000001707415be
.text    D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx  00000000767f88b4 7 bytes JMP 0000000170741357
.text    D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation  00000000767f8939 5 bytes JMP 00000001707416e0
.text    D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW    00000000767f8c8f 5 bytes JMP 0000000170741028
.text    D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW      0000000076701d1b 5 bytes JMP 00000001707411ef
.text    D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW    0000000076701dc9 5 bytes JMP 0000000170741023
.text    D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW        0000000076702aa4 5 bytes JMP 000000017074156e
.text    D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary            0000000076702d0a 5 bytes JMP 0000000170741294
.text    D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList    000000007625e9a2 5 bytes JMP 00000001707415d7
.text    D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo      000000007625ebdc 5 bytes JMP 00000001707411b8
.text    D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\USER32.dll!CreateWindowExW            0000000075fa8a29 5 bytes JMP 0000000170741050
.text    D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA        0000000075fb4572 5 bytes JMP 00000001707410d2
.text    D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket          0000000076e25ea5 5 bytes JMP 0000000170741609
.text    D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4828] D:\Windows\syswow64\ole32.dll!CoCreateInstance            0000000076e59d0b 5 bytes JMP 0000000170741249
.text    D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                            00000000767613e1 7 bytes JMP 00000001707412ad
.text    D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                  000000007677b1d3 5 bytes JMP 00000001707415be
.text    D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                  00000000767f88b4 7 bytes JMP 0000000170741357
.text    D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                  00000000767f8939 5 bytes JMP 00000001707416e0
.text    D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                    00000000767f8c8f 5 bytes JMP 0000000170741028
.text    D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                        0000000076701d1b 5 bytes JMP 00000001707411ef
.text    D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                      0000000076701dc9 5 bytes JMP 0000000170741023
.text    D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                          0000000076702aa4 5 bytes JMP 000000017074156e
.text    D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                            0000000076702d0a 5 bytes JMP 0000000170741294
.text    D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                    000000007625e9a2 5 bytes JMP 00000001707415d7
.text    D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                      000000007625ebdc 5 bytes JMP 00000001707411b8
.text    D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\USER32.dll!CreateWindowExW                                                            0000000075fa8a29 5 bytes JMP 0000000170741050
.text    D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                        0000000075fb4572 5 bytes JMP 00000001707410d2
.text    D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                            0000000076e25ea5 5 bytes JMP 0000000170741609
.text    D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5520] D:\Windows\syswow64\ole32.dll!CoCreateInstance                                                            0000000076e59d0b 5 bytes JMP 0000000170741249
.text    D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                000000007735efe0 5 bytes JMP 000000016fff0148
.text    D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                              00000000773899b0 7 bytes JMP 000000016fff00d8
.text    D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                              00000000773994d0 5 bytes JMP 000000016fff0180
.text    D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                              0000000077399640 5 bytes JMP 000000016fff0110
.text    D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\kernel32.dll!RegSetValueExA                                                                        00000000773ba500 7 bytes JMP 000000016fff01b8
.text    D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                        000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text    D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                    000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text    D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                      000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text    D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                  000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text    D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                  000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text    D:\Program Files\Elantech\ETDCtrlHelper.exe[5528] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                      00000000767613e1 7 bytes JMP 00000001707412ad
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                              000000007677b1d3 5 bytes JMP 00000001707415be
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                              00000000767f88b4 7 bytes JMP 0000000170741357
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                              00000000767f8939 5 bytes JMP 00000001707416e0
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                00000000767f8c8f 5 bytes JMP 0000000170741028
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                  0000000076701d1b 5 bytes JMP 00000001707411ef
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                0000000076701dc9 5 bytes JMP 0000000170741023
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                    0000000076702aa4 5 bytes JMP 000000017074156e
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                        0000000076702d0a 5 bytes JMP 0000000170741294
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\USER32.dll!CreateWindowExW                                                        0000000075fa8a29 5 bytes JMP 0000000170741050
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                    0000000075fb4572 5 bytes JMP 00000001707410d2
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                000000007625e9a2 5 bytes JMP 00000001707415d7
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                  000000007625ebdc 5 bytes JMP 00000001707411b8
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                      0000000076e25ea5 5 bytes JMP 0000000170741609
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5556] D:\Windows\syswow64\ole32.dll!CoCreateInstance                                                        0000000076e59d0b 5 bytes JMP 0000000170741249
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                00000000767613e1 7 bytes JMP 00000001707412ad
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                      000000007677b1d3 5 bytes JMP 00000001707415be
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                      00000000767f88b4 7 bytes JMP 0000000170741357
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                      00000000767f8939 5 bytes JMP 00000001707416e0
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                        00000000767f8c8f 5 bytes JMP 0000000170741028
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                            0000000076701d1b 5 bytes JMP 00000001707411ef
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                          0000000076701dc9 5 bytes JMP 0000000170741023
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                              0000000076702aa4 5 bytes JMP 000000017074156e
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                0000000076702d0a 5 bytes JMP 0000000170741294
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\USER32.dll!CreateWindowExW                                                0000000075fa8a29 5 bytes JMP 0000000170741050
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                            0000000075fb4572 5 bytes JMP 00000001707410d2
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                        000000007625e9a2 5 bytes JMP 00000001707415d7
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                          000000007625ebdc 5 bytes JMP 00000001707411b8
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                0000000076e25ea5 5 bytes JMP 0000000170741609
.text    D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5564] D:\Windows\syswow64\ole32.dll!CoCreateInstance                                                0000000076e59d0b 5 bytes JMP 0000000170741249
.text    D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                    00000000767613e1 7 bytes JMP 00000001707412ad
.text    D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                            000000007677b1d3 5 bytes JMP 00000001707415be
.text    D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                            00000000767f88b4 7 bytes JMP 0000000170741357
.text    D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                            00000000767f8939 5 bytes JMP 00000001707416e0
.text    D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                              00000000767f8c8f 5 bytes JMP 0000000170741028
.text    D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                0000000076701d1b 5 bytes JMP 00000001707411ef
.text    D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                              0000000076701dc9 5 bytes JMP 0000000170741023
.text    D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                  0000000076702aa4 5 bytes JMP 000000017074156e
.text    D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                      0000000076702d0a 5 bytes JMP 0000000170741294
.text    D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\USER32.dll!CreateWindowExW                                                      0000000075fa8a29 5 bytes JMP 0000000170741050
.text    D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                  0000000075fb4572 5 bytes JMP 00000001707410d2
.text    D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                              000000007625e9a2 5 bytes JMP 00000001707415d7
.text    D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                000000007625ebdc 5 bytes JMP 00000001707411b8
.text    D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                    0000000076e25ea5 5 bytes JMP 0000000170741609
.text    D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[5616] D:\Windows\syswow64\ole32.dll!CoCreateInstance                                                      0000000076e59d0b 5 bytes JMP 0000000170741249
.text    D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                      000000007735efe0 5 bytes JMP 000000016fff0148
.text    D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                    00000000773899b0 7 bytes JMP 000000016fff00d8
.text    D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                    00000000773994d0 5 bytes JMP 000000016fff0180
.text    D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                    0000000077399640 5 bytes JMP 000000016fff0110
.text    D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\kernel32.dll!RegSetValueExA                                                            00000000773ba500 7 bytes JMP 000000016fff01b8
.text    D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                              000007fefd612db0 5 bytes JMP 000007fffd5e0180
.text    D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                        000007fefd6137d0 7 bytes JMP 000007fffd5e00d8
.text    D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                          000007fefd618ef0 6 bytes JMP 000007fffd5e0148
.text    D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                      000007fefd62af60 5 bytes JMP 000007fffd5e0110
.text    D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                        000007fefeaa89e0 8 bytes JMP 000007fffd5e01f0
.text    D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5704] D:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                      000007fefeaabe40 8 bytes JMP 000007fffd5e01b8
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                  000000007773fcb0 5 bytes JMP 00000001002a091c
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                000000007773fe14 5 bytes JMP 00000001002a0048
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                          000000007773fea8 5 bytes JMP 00000001002a02ee
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                      0000000077740004 5 bytes JMP 00000001002a04b2
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                              0000000077740038 5 bytes JMP 00000001002a09fe
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                      0000000077740068 5 bytes JMP 00000001002a0ae0
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                    0000000077740084 5 bytes JMP 0000000100020050
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                      000000007774079c 5 bytes JMP 00000001002a012a
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                          000000007774088c 5 bytes JMP 00000001002a0758
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                    00000000777408a4 5 bytes JMP 00000001002a0676
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                        0000000077740df4 5 bytes JMP 00000001002a03d0
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                  0000000077741920 5 bytes JMP 00000001002a0594
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                              0000000077741be4 5 bytes JMP 00000001002a083a
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                      0000000077741d70 5 bytes JMP 00000001002a020c
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                    00000000767613e1 7 bytes JMP 00000001707412ad
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                          000000007677b1d3 5 bytes JMP 00000001707415be
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                          00000000767f88b4 7 bytes JMP 0000000170741357
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                          00000000767f8939 5 bytes JMP 00000001707416e0
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                            00000000767f8c8f 5 bytes JMP 0000000170741028
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                0000000076701d1b 5 bytes JMP 00000001707411ef
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                              0000000076701dc9 5 bytes JMP 0000000170741023
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                  0000000076702aa4 5 bytes JMP 000000017074156e
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                    0000000076702d0a 5 bytes JMP 0000000170741294
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                    0000000076b0524f 7 bytes JMP 00000001002a0f52
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                        0000000076b053d0 7 bytes JMP 00000001002b0210
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                        0000000076b05677 1 byte JMP 00000001002b0048
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                        0000000076b05679 5 bytes {JMP 0xffffffff897aa9d1}
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                              0000000076b0589a 7 bytes JMP 00000001002a0ca6
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                              0000000076b05a1d 7 bytes JMP 00000001002b03d8
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                          0000000076b05c9b 7 bytes JMP 00000001002b012c
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                            0000000076b05d87 7 bytes JMP 00000001002b02f4
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                          0000000076b07240 7 bytes JMP 00000001002a0e6e
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                            000000007625e9a2 5 bytes JMP 00000001707415d7
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                              000000007625ebdc 5 bytes JMP 00000001707411b8
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                    0000000075fa8a29 5 bytes JMP 0000000170741050
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                0000000075fb4572 5 bytes JMP 00000001707410d2
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                          0000000075ff1492 7 bytes JMP 00000001002b04bc
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                    0000000076e25ea5 5 bytes JMP 0000000170741609
.text    D:\Users\Hindersmann\Desktop\gmer_2.1.19163.exe[6756] D:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                    0000000076e59d0b 5 bytes JMP 0000000170741249

---- Threads - GMER 2.1 ----

Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2376]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2392]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2396]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2400]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2404]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2408]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2412]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2420]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2424]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2428]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2452]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2456]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2460]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2552]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2556]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2608]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2612]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2616]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2620]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2624]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2628]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:2632]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:3244]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:3260]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:3284]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:3732]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:3756]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:3776]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:3780]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:3796]                                                                            00000000719f3810
Thread    D:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2232:5448]                                                                            00000000719f3810

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c485083c725f                                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c485083c725f@8c771281e1e3                                                                                0x86 0x07 0x84 0xB5 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c485083c725f (not active ControlSet)                                                                         
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c485083c725f@8c771281e1e3                                                                                    0x86 0x07 0x84 0xB5 ...

---- EOF - GMER 2.1 ----

HansaHans 12.09.2013 21:23
Darüber hinaus ein OTL-Bericht:

Code:
OTL logfile created on: 12.09.2013 21:41:33 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = D:\Users\Hindersmann\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
9,89 Gb Total Physical Memory | 7,87 Gb Available Physical Memory | 79,59% Memory free
19,77 Gb Paging File | 17,40 Gb Available in Paging File | 87,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 191,97 Gb Free Space | 20,61% Space Free | Partition Type: NTFS
Drive D: | 119,24 Gb Total Space | 19,24 Gb Free Space | 16,13% Space Free | Partition Type: NTFS
Drive X: | 22,36 Gb Total Space | 7,30 Gb Free Space | 32,63% Space Free | Partition Type: NTFS
 
Computer Name: HINDERSMANN-PC | User Name: Hindersmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.09.12 21:38:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Hindersmann\Desktop\OTL.exe
PRC - [2013.09.05 16:04:16 | 003,478,392 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2013.09.02 22:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.07.15 20:41:27 | 000,217,992 | ---- | M] (Google Inc.) -- D:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) -- D:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) -- D:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.11 09:43:14 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012.07.17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.07.17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.06.27 12:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.06.25 17:19:24 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012.06.25 15:54:28 | 000,322,208 | ---- | M] (ASUSTek Computer Inc.) -- D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012.06.25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.06.19 13:59:04 | 000,174,752 | ---- | M] (ASUSTek Computer Inc.) -- D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012.06.01 15:40:06 | 001,104,240 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012.06.01 15:40:04 | 001,304,944 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012.06.01 15:40:00 | 001,014,128 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012.06.01 15:39:58 | 000,936,304 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2012.05.21 00:26:26 | 000,291,648 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.05.03 15:13:10 | 000,309,888 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
PRC - [2012.04.13 10:14:00 | 000,277,120 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
PRC - [2012.02.20 11:31:06 | 000,019,968 | ---- | M] () -- D:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
PRC - [2012.02.20 11:31:06 | 000,018,944 | ---- | M] () -- D:\Windows\SysWOW64\DptfParticipantProcessorService.exe
PRC - [2011.11.21 14:22:08 | 000,080,512 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2011.11.21 14:19:50 | 000,096,896 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.09.02 22:35:56 | 000,410,576 | ---- | M] () -- D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
MOD - [2013.09.02 22:35:54 | 004,053,456 | ---- | M] () -- D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013.09.02 22:35:04 | 000,709,584 | ---- | M] () -- D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
MOD - [2013.09.02 22:35:03 | 000,099,792 | ---- | M] () -- D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll
MOD - [2013.09.02 22:35:01 | 001,604,560 | ---- | M] () -- D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2012.09.23 20:43:58 | 000,010,240 | ---- | M] () -- D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2012.06.24 07:58:00 | 000,004,096 | ---- | M] () -- D:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\wincfi39.dll
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- D:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- D:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
 
 
========== Services (SafeList) ==========
 
SRV - [2013.08.28 23:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.08.21 17:03:15 | 000,117,656 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.13 22:50:29 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) [Auto | Running] -- D:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) [Auto | Running] -- D:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.07.17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.06.27 12:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.06.25 16:06:30 | 003,325,232 | ---- | M] (Intel® Corporation) [Auto | Running] -- D:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012.06.25 16:06:08 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- D:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012.06.25 16:05:54 | 000,628,016 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- D:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012.06.25 16:05:28 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- D:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012.06.25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.06.13 19:34:30 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- D:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.06.01 15:40:06 | 001,104,240 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012.06.01 15:40:04 | 001,304,944 | ---- | M] (Intel Corporation) [On_Demand | Running] -- D:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012.06.01 15:40:00 | 001,014,128 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012.04.23 17:23:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- D:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012.04.20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- D:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.04.13 10:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2012.03.15 07:09:20 | 000,659,976 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2012.02.20 11:31:06 | 000,019,968 | ---- | M] () [Auto | Running] -- D:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService)
SRV - [2012.02.20 11:31:06 | 000,018,944 | ---- | M] () [Auto | Running] -- D:\Windows\SysWOW64\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)
SRV - [2011.11.21 14:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2011.11.21 14:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.05.28 04:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- D:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.21 02:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.30 04:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2009.03.30 04:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2008.07.10 05:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.08.30 10:54:49 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.06.28 12:40:28 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.05.23 07:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013.05.21 07:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013.05.16 07:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.04.25 02:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.04.16 04:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013.03.15 07:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013.03.05 03:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013.03.05 03:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.12.06 13:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012.09.13 15:49:36 | 000,633,552 | ---- | M] (Paragon) [Kernel | System | Stopped] -- D:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2012.09.13 15:49:36 | 000,390,224 | ---- | M] (Paragon) [Kernel | System | Stopped] -- D:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2012.09.13 15:49:36 | 000,090,960 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- D:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.06.13 19:34:20 | 014,759,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.06.04 17:23:04 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.05.21 00:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.05.21 00:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.05.21 00:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.03.21 11:13:14 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012.03.19 17:43:42 | 000,314,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012.03.15 06:02:46 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012.03.15 06:02:46 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- D:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.20 11:31:06 | 000,357,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\DptfManager.sys -- (DptfManager)
DRV:64bit: - [2012.02.20 11:31:06 | 000,220,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\DptfDevProc.sys -- (DptfDevProc)
DRV:64bit: - [2012.02.20 11:31:06 | 000,107,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\DptfDevDram.sys -- (DptfDevDram)
DRV:64bit: - [2012.02.20 11:31:06 | 000,096,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\DptfDevPch.sys -- (DptfDevPch)
DRV:64bit: - [2012.02.20 11:31:06 | 000,064,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\DptfDevGen.sys -- (DptfDevGen)
DRV:64bit: - [2012.02.20 11:31:06 | 000,042,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\DptfDevFan.sys -- (DptfDevFan)
DRV:64bit: - [2012.02.13 09:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012.02.13 08:53:54 | 000,095,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.12.12 02:37:50 | 000,015,656 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ETDKbdf.sys -- (ETDKbdf)
DRV:64bit: - [2011.12.12 02:37:28 | 000,205,608 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 02:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2013.09.04 00:26:27 | 001,525,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130903.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013.08.30 03:14:10 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130912.001\ex64.sys -- (NAVEX15)
DRV - [2013.08.30 03:14:10 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.08.30 03:14:10 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.08.30 03:14:10 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130912.001\eng64.sys -- (NAVENG)
DRV - [2013.08.29 17:04:30 | 000,520,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130911.001\IDSviA64.sys -- (IDSVia64)
DRV - [2011.09.07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- D:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2010.01.05 17:01:02 | 000,013,440 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\ASUS\WinFlash\bsitf64.sys -- (bsitf)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- D:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 BB F1 DA 55 2D CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B44DC485083C725C&affID=119779&tt=250613_gr3&tsp=4924
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=o0&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: D:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: D:\Program Files (x86)\Adobe\Photoshop\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: D:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: D:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: D:\Program Files (x86)\Adobe\Photoshop\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: D:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.05.28 17:44:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.06.18 22:31:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2013.09.12 21:22:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013.08.29 23:27:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.09.30 22:11:40 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\Extensions
[2013.08.07 22:47:30 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\Firefox\Profiles\6ozsalbr.default\extensions
[2012.11.11 16:49:17 | 000,000,000 | ---D | M] (EPUBReader) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\Firefox\Profiles\6ozsalbr.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013.08.07 22:47:30 | 001,400,372 | ---- | M] () (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\extensions\fpw@informatik.tu-darmstadt.de.xpi
[2013.07.27 14:35:04 | 000,050,777 | ---- | M] () (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2013.04.17 15:50:46 | 000,201,930 | ---- | M] () (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\extensions\hdvc@hdvc.com.xpi
[2013.08.02 15:02:50 | 000,224,035 | ---- | M] () (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013.08.02 15:02:52 | 000,824,302 | ---- | M] () (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.01 01:40:28 | 000,434,392 | ---- | M] () (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.06.25 17:59:16 | 000,006,545 | ---- | M] () -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\searchplugins\babylon.xml
[2013.06.25 17:59:30 | 000,001,294 | ---- | M] () -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\searchplugins\delta.xml
[2012.10.03 14:34:33 | 000,003,915 | ---- | M] () -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\searchplugins\sweetim.xml
[2013.06.25 17:59:39 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\mozilla firefox\Extensions
[2013.05.29 20:38:34 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.08.21 17:03:15 | 000,000,000 | ---D | M] (Default) -- D:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B44DC485083C725C&affID=119779&tt=250613_gr3&tsp=4924
CHR - plugin: Shockwave Flash (Enabled) = D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = D:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = D:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = D:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: YouTube = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Grooveshark Germany unlocker = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\
CHR - Extension: Grooveshark Germany unlocker = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\.orig
CHR - Extension: Adobe Acrobat  PDF-Datei erstellen = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0\
CHR - Extension: Click to activate/deactivate ProxTube = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclefogcenncfmmekelnpgpehiglcjln\1.2.4_0\
CHR - Extension: ZenMate for Google Chrome\u2122 = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme\2.9_0\
CHR - Extension: AdBlock = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0\
CHR - Extension: IP-Adresse = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjndloejlcbpkholmagjbddfkjmmploh\1.10_0\
CHR - Extension: Porsche = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3_0\
CHR - Extension: IP-Adresse = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml\7.1_0\
CHR - Extension: Downloaders = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\
CHR - Extension: Norton Identity Protection = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Chrome In-App Payments service = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: YouTube Unblocker = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.4.4_0\
CHR - Extension: Type Fu = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\okboeogmnhjpgbeaokfogelclpblaemo\2.0.0_0\
CHR - Extension: Google Mail = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012.11.22 17:56:51 | 000,003,308 | ---- | M]) - D:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
O1 - Hosts: 127.0.0.1 hh-software.com
O1 - Hosts: 127.0.0.1 www.hh-software.com
O1 - Hosts: 57 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ASUS Browser Extension x64) - {78234974-0C4B-4111-BDEB-D9A104418772} - D:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.)
O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - D:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ASUS Browser Extension x86) - {78234974-0C4B-4111-BDEB-D9A104418771} - D:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - D:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [ASUSQuickGesture(x64)] D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.)
O4:64bit: - HKLM..\Run: [ASUSQuickGesture(x86)] D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.)
O4:64bit: - HKLM..\Run: [ASUSTPLoader(x64)] D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (AsusTek)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] D:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] D:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] D:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] D:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] D:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ATKMEDIA] D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKOSD2] D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HControlUser] D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [USB3MON] D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_928877A4C7DF6A5F4EDCBFA23A443A70] D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = D:\Users\Hindersmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{592C9F95-DECF-4FD6-A9A3-A11C6947E061}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - D:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (D:\Windows\system32\nvinitx.dll) - D:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (d:\windows\syswow64\nvinit.dll) - d:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) - D:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - D:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - D:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4ec2eb6d-1938-11e2-82ef-c485083c725f}\Shell - "" = AutoRun
O33 - MountPoints2\{4ec2eb6d-1938-11e2-82ef-c485083c725f}\Shell\AutoRun\command - "" = F:\Password.exe
O33 - MountPoints2\{f82d4048-a2d6-11e2-bbb4-c485083c725f}\Shell - "" = AutoRun
O33 - MountPoints2\{f82d4048-a2d6-11e2-bbb4-c485083c725f}\Shell\AutoRun\command - "" = F:\auvisio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.09.12 21:38:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\Hindersmann\Desktop\OTL.exe
[2013.09.12 16:45:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\SysNative\drivers\mbam.sys
[2013.09.12 16:45:21 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.09.12 16:45:21 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.09.12 16:40:56 | 000,000,000 | ---D | C] -- D:\ProgramData\Spybot - Search & Destroy
[2013.09.11 17:28:25 | 000,391,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013.09.11 17:28:24 | 000,526,336 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\ieui.dll
[2013.09.11 17:28:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesetup.dll
[2013.09.11 17:28:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\iesetup.dll
[2013.09.11 17:28:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\iernonce.dll
[2013.09.11 17:28:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iernonce.dll
[2013.09.11 17:28:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.09.11 17:28:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesysprep.dll
[2013.09.11 17:28:08 | 000,051,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\ie4uinit.exe
[2013.09.11 17:28:05 | 000,136,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\iesysprep.dll
[2013.09.11 17:28:05 | 000,089,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.09.11 17:27:54 | 000,603,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\msfeeds.dll
[2013.09.11 17:27:53 | 003,959,296 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\jscript9.dll
[2013.09.11 17:27:53 | 000,855,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\jscript.dll
[2013.09.11 17:27:53 | 000,690,688 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2013.09.11 16:55:13 | 000,155,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\drivers\ataport.sys
[2013.09.11 16:55:12 | 003,968,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntkrnlpa.exe
[2013.09.11 16:55:12 | 003,913,664 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntoskrnl.exe
[2013.09.11 16:55:11 | 005,550,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\ntoskrnl.exe
[2013.09.11 16:55:11 | 001,732,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\ntdll.dll
[2013.09.11 16:55:11 | 001,161,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\kernel32.dll
[2013.09.11 16:55:11 | 000,424,448 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\KernelBase.dll
[2013.09.11 16:55:11 | 000,362,496 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\wow64win.dll
[2013.09.11 16:55:11 | 000,338,432 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\conhost.exe
[2013.09.11 16:55:11 | 000,243,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\wow64.dll
[2013.09.11 16:55:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\winsrv.dll
[2013.09.11 16:55:11 | 000,112,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\smss.exe
[2013.09.11 16:55:11 | 000,043,520 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\csrsrv.dll
[2013.09.11 16:55:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\setup16.exe
[2013.09.11 16:55:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\ntvdm64.dll
[2013.09.11 16:55:11 | 000,014,336 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntvdm64.dll
[2013.09.11 16:55:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\wow64cpu.dll
[2013.09.11 16:55:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\instnm.exe
[2013.09.11 16:55:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\apisetschema.dll
[2013.09.11 16:55:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\apisetschema.dll
[2013.09.11 16:55:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.09.11 16:55:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.09.11 16:55:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.09.11 16:55:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.09.11 16:55:11 | 000,005,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\wow32.dll
[2013.09.11 16:55:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.09.11 16:55:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\user.exe
[2013.09.11 16:54:09 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\shdocvw.dll
[2013.09.08 12:44:10 | 000,000,000 | ---D | C] -- D:\Users\Hindersmann\Desktop\5-076 Übungsdateien
[2013.09.05 22:11:07 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\SequoiaView
[2013.09.05 20:43:58 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.09.05 20:43:51 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft Silverlight
[2013.09.03 18:41:04 | 000,000,000 | ---D | C] -- D:\Users\Hindersmann\DigSig
[2013.08.30 10:52:49 | 000,433,752 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys
[2013.08.30 10:52:48 | 001,139,800 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys
[2013.08.30 10:52:48 | 000,796,760 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys
[2013.08.30 10:52:48 | 000,493,656 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys
[2013.08.30 10:52:48 | 000,224,416 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys
[2013.08.30 10:52:48 | 000,169,048 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys
[2013.08.30 10:52:48 | 000,036,952 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys
[2013.08.30 10:52:48 | 000,023,448 | R--- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symelam.sys
[2013.08.30 10:50:00 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\drivers\N360x64\1404000.028
[2013.08.29 23:30:11 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Symantec Shared
[2013.08.29 23:26:59 | 000,177,312 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.08.29 23:26:59 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Symantec Shared
[2013.08.29 23:26:59 | 000,000,000 | ---D | C] -- D:\Program Files\Symantec
[2013.08.29 23:23:22 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\drivers\N360x64
[2013.08.29 23:23:20 | 000,000,000 | R--D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013.08.29 23:23:20 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Norton 360
[2013.08.29 23:23:20 | 000,000,000 | ---D | C] -- D:\ProgramData\Norton
[2013.08.29 23:18:57 | 000,000,000 | ---D | C] -- D:\ProgramData\NortonInstaller
[2013.08.29 23:18:57 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\NortonInstaller
[2013.08.16 08:31:52 | 000,000,000 | ---D | C] -- D:\Users\Hindersmann\Desktop\Elektrotechnik
[2013.08.15 22:06:30 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\MRT
[2013.08.14 15:49:07 | 001,472,512 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\crypt32.dll
[2013.08.14 15:49:07 | 000,224,256 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\wintrust.dll
[2013.08.14 15:49:07 | 000,139,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\cryptnet.dll
[2013.08.14 15:48:49 | 001,888,768 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\WMVDECOD.DLL
[2013.08.14 15:48:48 | 001,620,992 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\WMVDECOD.DLL
[2013.08.14 15:48:26 | 001,217,024 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\rpcrt4.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.09.12 21:38:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Hindersmann\Desktop\OTL.exe
[2013.09.12 21:26:37 | 001,806,990 | ---- | M] () -- D:\Windows\SysNative\PerfStringBackup.INI
[2013.09.12 21:26:37 | 000,773,946 | ---- | M] () -- D:\Windows\SysNative\perfh007.dat
[2013.09.12 21:26:37 | 000,728,618 | ---- | M] () -- D:\Windows\SysNative\perfh009.dat
[2013.09.12 21:26:37 | 000,177,318 | ---- | M] () -- D:\Windows\SysNative\perfc007.dat
[2013.09.12 21:26:37 | 000,150,098 | ---- | M] () -- D:\Windows\SysNative\perfc009.dat
[2013.09.12 21:26:34 | 000,015,600 | -H-- | M] () -- D:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.09.12 21:26:34 | 000,015,600 | -H-- | M] () -- D:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.09.12 21:19:40 | 000,001,116 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.09.12 21:19:39 | 000,000,530 | ---- | M] () -- D:\Windows\tasks\MATLAB R2013a Startup Accelerator.job
[2013.09.12 21:19:29 | 000,000,828 | ---- | M] () -- D:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.09.12 21:19:24 | 000,000,212 | ---- | M] () -- D:\Windows\tasks\AutoKMS.job
[2013.09.12 21:19:22 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013.09.12 20:54:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013.09.12 20:46:01 | 000,001,120 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.09.12 16:44:28 | 000,000,085 | ---- | M] () -- D:\Windows\wininit.ini
[2013.09.11 17:35:25 | 005,052,760 | ---- | M] () -- D:\Windows\SysNative\FNTCACHE.DAT
[2013.09.11 17:31:37 | 002,230,099 | ---- | M] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB
[2013.09.08 13:23:00 | 000,000,830 | ---- | M] () -- D:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.09.08 12:53:00 | 000,000,202 | ---- | M] () -- D:\Windows\tasks\AutoKMSDaily.job
[2013.08.30 10:54:49 | 000,177,312 | ---- | M] (Symantec Corporation) -- D:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.08.30 10:54:49 | 000,007,631 | ---- | M] () -- D:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.08.30 10:54:49 | 000,000,854 | ---- | M] () -- D:\Windows\SysNative\drivers\SYMEVENT64x86.INF
 
========== Files Created - No Company Name ==========
 
[2013.09.12 16:44:25 | 000,000,085 | ---- | C] () -- D:\Windows\wininit.ini
[2013.09.01 17:37:10 | 002,230,099 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB
[2013.08.30 10:56:51 | 000,014,818 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\VT20130115.021
[2013.08.30 10:52:49 | 000,008,067 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symnet64.cat
[2013.08.30 10:52:48 | 000,009,670 | R--- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symelam64.cat
[2013.08.30 10:52:48 | 000,007,667 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.cat
[2013.08.30 10:52:48 | 000,007,593 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\iron.cat
[2013.08.30 10:52:48 | 000,007,589 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.cat
[2013.08.30 10:52:48 | 000,007,587 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.cat
[2013.08.30 10:52:48 | 000,003,434 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symefa.inf
[2013.08.30 10:52:48 | 000,002,852 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symds.inf
[2013.08.30 10:52:48 | 000,001,440 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symnet.inf
[2013.08.30 10:52:48 | 000,001,437 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.inf
[2013.08.30 10:52:48 | 000,001,420 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.inf
[2013.08.30 10:52:48 | 000,000,996 | R--- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symelam.inf
[2013.08.30 10:52:48 | 000,000,853 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.inf
[2013.08.30 10:52:48 | 000,000,767 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\iron.inf
[2013.08.30 10:50:00 | 000,008,067 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.cat
[2013.08.30 10:50:00 | 000,008,063 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.cat
[2013.08.30 10:50:00 | 000,000,172 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\isolate.ini
[2013.08.29 23:26:59 | 000,007,631 | ---- | C] () -- D:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.08.29 23:26:59 | 000,000,854 | ---- | C] () -- D:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.07.15 22:39:22 | 000,000,600 | ---- | C] () -- D:\Users\Hindersmann\AppData\Local\PUTTY.RND
[2013.04.05 07:31:10 | 000,000,184 | ---- | C] () -- D:\Windows\AutoKMS.ini
[2013.03.12 19:56:24 | 000,000,132 | ---- | C] () -- D:\Users\Hindersmann\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2013.02.27 21:09:23 | 000,087,704 | ---- | C] () -- D:\Windows\cadkasdeinst01.exe
[2013.02.25 21:48:30 | 000,000,151 | ---- | C] () -- D:\Windows\wiso.ini
[2012.11.23 02:41:21 | 000,000,057 | ---- | C] () -- D:\ProgramData\Ament.ini
[2012.11.20 21:49:22 | 000,002,850 | ---- | C] () -- D:\Windows\hpwmdl22.dat.temp
[2012.11.20 21:26:39 | 000,222,950 | ---- | C] () -- D:\Windows\hpwins22.dat
[2012.11.20 21:26:39 | 000,002,850 | ---- | C] () -- D:\Windows\hpwmdl22.dat
[2012.11.11 22:02:25 | 000,007,606 | ---- | C] () -- D:\Users\Hindersmann\AppData\Local\Resmon.ResmonCfg
[2012.10.21 14:46:25 | 000,001,456 | ---- | C] () -- D:\Users\Hindersmann\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.10.13 16:17:12 | 000,035,237 | ---- | C] () -- D:\Users\Hindersmann\AppData\Local\recently-used.xbel
[2012.10.11 23:35:52 | 000,003,072 | ---- | C] () -- D:\Users\Hindersmann\AppData\Local\file__0.localstorage
[2012.10.01 15:58:39 | 001,807,160 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.30 22:06:31 | 000,176,128 | ---- | C] () -- D:\Windows\SysWow64\lffax60n.dll
[2012.09.30 22:06:31 | 000,141,824 | ---- | C] () -- D:\Windows\SysWow64\lfcmp60n.dll
[2012.09.30 22:06:31 | 000,110,080 | ---- | C] () -- D:\Windows\SysWow64\lfpng60n.dll
[2012.09.30 22:06:31 | 000,046,080 | ---- | C] () -- D:\Windows\SysWow64\lftif60n.dll
[2012.09.30 22:06:31 | 000,043,008 | ---- | C] () -- D:\Windows\SysWow64\ltfil60n.dll
[2012.09.30 22:06:31 | 000,023,552 | ---- | C] () -- D:\Windows\SysWow64\lfpcx60n.dll
[2012.09.30 22:06:31 | 000,022,528 | ---- | C] () -- D:\Windows\SysWow64\lfpct60n.dll
[2012.09.30 22:06:31 | 000,022,528 | ---- | C] () -- D:\Windows\SysWow64\lfeps60n.dll
[2012.09.30 22:06:31 | 000,022,016 | ---- | C] () -- D:\Windows\SysWow64\lfbmp60n.dll
[2012.09.30 22:06:31 | 000,020,480 | ---- | C] () -- D:\Windows\SysWow64\lfpsd60n.dll
[2012.09.30 22:06:31 | 000,019,968 | ---- | C] () -- D:\Windows\SysWow64\lftga60n.dll
[2012.09.30 22:06:31 | 000,019,456 | ---- | C] () -- D:\Windows\SysWow64\lfwpg60n.dll
[2012.09.30 22:06:31 | 000,019,456 | ---- | C] () -- D:\Windows\SysWow64\lfwmf60n.dll
[2012.09.30 22:06:31 | 000,018,432 | ---- | C] () -- D:\Windows\SysWow64\lfmsp60n.dll
[2012.09.30 22:06:31 | 000,017,920 | ---- | C] () -- D:\Windows\SysWow64\lfmac60n.dll
[2012.09.30 22:06:31 | 000,017,920 | ---- | C] () -- D:\Windows\SysWow64\implode.dll
[2012.09.30 22:06:31 | 000,005,378 | ---- | C] () -- D:\Windows\PSPICEEV.INI
[2012.06.13 19:34:28 | 000,755,572 | ---- | C] () -- D:\Windows\SysWow64\igkrng700.bin
[2012.06.13 19:34:22 | 000,559,972 | ---- | C] () -- D:\Windows\SysWow64\igfcg700m.bin
[2012.06.13 19:34:18 | 000,058,880 | ---- | C] () -- D:\Windows\SysWow64\igdde32.dll
[2012.06.13 19:34:14 | 013,026,816 | ---- | C] () -- D:\Windows\SysWow64\ig7icd32.dll
[2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- D:\Windows\SysWow64\IusEventLog.dll
[2012.02.20 11:31:06 | 000,019,968 | ---- | C] () -- D:\Windows\SysWow64\DptfPolicyConfigTDPService.exe
[2012.02.20 11:31:06 | 000,018,944 | ---- | C] () -- D:\Windows\SysWow64\DptfParticipantProcessorService.exe
[2012.02.20 11:31:06 | 000,012,288 | ---- | C] () -- D:\Windows\SysWow64\DptfPolicyConfigTDPDll.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- D:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = D:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = D:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = D:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1072 bytes -> D:\Users\Hindersmann\AppData\Local\epDmpGdpihRZQ:uPYHcBRiwDMRwNxgN1AwTc

< End of report >
1. Malware

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Hindersmann :: HINDERSMANN-PC [Administrator]

12.09.2013 16:45:58
mbam-log-2013-09-12 (16-45-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (D:\|X:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 800242
Laufzeit: 2 Stunde(n), 1 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 8
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Keine Aktion durchgeführt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0RtGtCtH1H1L2Y0B0EtF0CtG1O -> Keine Aktion durchgeführt.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {ABD64470-0D56-11E2-866F-C485083C725F} -> Keine Aktion durchgeführt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {ABD64470-0D56-11E2-866F-C485083C725F} -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B44DC485083C725C&affID=119779&tt=250613_gr3&tsp=4924) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 6
D:\Users\Hindersmann\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\hdvidcodec.com (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 15
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
D:\Users\Hindersmann\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\HDVidCodec.lnk (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\Uninstall.lnk (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\hdvidcodec.com\HDvidCodec10.crx (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\hdvidcodec.com\b.bmp (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\hdvidcodec.com\finish.bmp (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\hdvidcodec.com\FinishHDVID.exe (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\hdvidcodec.com\HDVidCodec.exe (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\hdvidcodec.com\hdvidextsetup.exe (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\hdvidcodec.com\hdvid_temp.bmp (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\hdvidcodec.com\uninst.exe (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.

(Ende)

2. Malware

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Hindersmann :: HINDERSMANN-PC [Administrator]

12.09.2013 19:21:47
mbam-log-2013-09-12 (19-21-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (D:\|X:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 823531
Laufzeit: 55 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 3
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0RtGtCtH1H1L2Y0B0EtF0CtG1O -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {ABD64470-0D56-11E2-866F-C485083C725F} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {ABD64470-0D56-11E2-866F-C485083C725F} -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B44DC485083C725C&affID=119779&tt=250613_gr3&tsp=4924) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 5
D:\Users\Hindersmann\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 7
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Users\Hindersmann\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\HDVidCodec.lnk (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\Uninstall.lnk (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

3. Malware

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Hindersmann :: HINDERSMANN-PC [Administrator]

12.09.2013 21:33:03
mbam-log-2013-09-12 (21-33-03).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 245946
Laufzeit: 1 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:28 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129