Avira hat Trojaner TR/Matsnu.EB.133 gefunden
Hallo ihr,
gestern hat mein Avira beim Scann den Trojaner TR/Matsnu.EB.133 gefunden und in Quarantäne gesteckt.
Könnt ihr mir helfen ihn zu löschen?
Danus
Hier meine Logfiles. Bericht von Avira konnte ich nicht exportieren. Vielleicht hilft das: Code:
Die Datei 'C:\Users\Jens\AppData\Local\Microsoft\Windows Live Mail\Gmx (jens-t 190\Sent Items\6CC87EE7-00000297.eml'
enthielt einen Virus oder unerwünschtes Programm 'TR/Matsnu.EB.133' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55b26834.qua' verschoben!
defogger_disable: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:16 on 12/06/2014 (Jens)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014
Ran by Jens (administrator) on JENS-PC on 12-06-2014 00:18:28
Running from C:\Users\Jens\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Jens\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\PDF Pro 10\vspdfprsrv.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2721576 2011-06-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [vspdfprsrv.exe] => C:\Program Files (x86)\PDF Pro 10\vspdfprsrv.exe [7215616 2014-01-07] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Wunderlist] => C:\Program Files (x86)\Wunderlist2\Wunderlist.exe [13012064 2013-09-30] (6 Wunderkinder GmbH)
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\Run: [Spotify Web Helper] => C:\Users\Jens\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-13] (Spotify Ltd)
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-04-01] (Sony)
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\MountPoints2: {827c8216-b201-11e3-a033-e8039a3f6de1} - F:\setup_ut2004.exe
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
Startup: C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
FireFox:
========
FF ProfilePath: C:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\oro2dqvp.default
FF Homepage: www.faz.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\oro2dqvp.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\oro2dqvp.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\oro2dqvp.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\oro2dqvp.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\oro2dqvp.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\oro2dqvp.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\oro2dqvp.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\oro2dqvp.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR HKLM-x32\...\Chrome\Extension: [bbffdhejhaoiflnpooogkckfdcmmjppn] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx []
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-22] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-12] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-20] (Windows (R) 2003 DDK 3790 provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-12 00:18 - 2014-06-12 00:19 - 00016664 _____ () C:\Users\Jens\Desktop\FRST.txt
2014-06-12 00:18 - 2014-06-12 00:18 - 00000000 ____D () C:\FRST
2014-06-12 00:17 - 2014-06-12 00:17 - 02081792 _____ (Farbar) C:\Users\Jens\Desktop\FRST64.exe
2014-06-12 00:16 - 2014-06-12 00:16 - 00000470 _____ () C:\Users\Jens\Desktop\defogger_disable.log
2014-06-12 00:14 - 2014-06-12 00:14 - 00050477 _____ () C:\Users\Jens\Desktop\Defogger.exe
2014-06-11 21:06 - 2014-06-11 22:57 - 00059488 _____ () C:\Users\Jens\Desktop\IDM.pptx
2014-06-11 18:09 - 2014-06-11 18:09 - 00000000 ____D () C:\Users\Jens\AppData\Local\{028DB964-2BDB-4B8B-8063-7E4664D56DEA}
2014-06-11 11:40 - 2014-06-11 11:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 10:18 - 2014-06-10 10:18 - 00000000 ____D () C:\Users\Jens\AppData\Local\{B44340F2-FDD2-4CE3-9F4F-790E4DC59E21}
2014-06-05 11:56 - 2014-06-05 11:56 - 00000000 ____D () C:\Users\Jens\AppData\Local\{7A724AA3-1601-470B-BC74-557085D6E54D}
2014-06-04 21:04 - 2014-06-04 21:04 - 00000000 ____D () C:\Users\Jens\AppData\Local\{EAA75A9F-6AFB-44E8-BFF6-36C2E07A2640}
2014-06-04 17:18 - 2014-06-04 17:18 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-04 17:18 - 2014-06-04 17:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-04 17:18 - 2014-06-04 17:18 - 00000000 ____D () C:\Users\Jens\AppData\Local\Skype
2014-06-04 17:18 - 2014-06-04 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-04 08:36 - 2014-06-04 08:36 - 00000000 ____D () C:\Users\Jens\AppData\Local\{2587E135-428C-48FD-93C2-87BB85E6F2CC}
2014-06-03 15:58 - 2014-06-03 15:58 - 00000000 ____D () C:\Users\Jens\AppData\Local\{10B84735-4B6F-4BA1-AF27-69AF7101A4C1}
2014-06-02 21:59 - 2014-06-02 21:59 - 00000000 ____D () C:\Users\Jens\AppData\Local\{C762A05E-2B3C-4FCF-9B62-020B35EA6817}
2014-06-02 20:28 - 2014-06-04 09:24 - 00000000 ____D () C:\Users\Jens\Desktop\Youth Academies
2014-06-02 09:58 - 2014-06-02 09:59 - 00000000 ____D () C:\Users\Jens\AppData\Local\{DD9C2541-B020-406C-B187-A2349581632E}
2014-06-01 19:32 - 2014-06-01 19:32 - 00000000 ____D () C:\Users\Jens\AppData\Local\{97B5AABA-095D-4A6E-B6B9-499C74680F63}
2014-05-29 22:09 - 2014-06-06 10:16 - 00000000 ____D () C:\Users\Jens\Desktop\Marken
2014-05-29 20:05 - 2014-05-29 20:05 - 00000000 ____D () C:\Users\Jens\AppData\Local\{43858F07-0EA6-4F30-A9CD-A79F72943DB6}
2014-05-28 10:02 - 2014-05-28 10:02 - 00000000 ____D () C:\Users\Jens\AppData\Local\{067A9022-0F3E-48B6-AD12-DAD49A17312D}
2014-05-27 23:11 - 2014-06-02 10:08 - 00000000 ____D () C:\Users\Jens\Desktop\OnePiece
2014-05-27 21:43 - 2014-05-27 21:44 - 00000000 ____D () C:\Users\Jens\AppData\Local\{E87EA96F-C7B9-4060-93D9-8F4E101FBF51}
2014-05-27 15:57 - 2014-05-27 15:57 - 00001986 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-05-27 09:17 - 2014-05-27 09:17 - 00000000 ____D () C:\Users\Jens\AppData\Local\{8FF0A09E-F39B-4118-90CB-A01BE17C5600}
2014-05-26 20:31 - 2014-05-26 20:31 - 00000000 ____D () C:\Users\Jens\AppData\Local\{0C8EDF41-DCA1-45CD-9D8A-38D7D95BE0BC}
2014-05-22 20:14 - 2014-05-22 20:14 - 00000140 _____ () C:\Users\Jens\Desktop\kitereise.txt
2014-05-22 10:51 - 2014-05-22 10:51 - 00000000 ____D () C:\Users\Jens\AppData\Local\{DD9F43A1-D856-4403-95E9-361C895B8395}
2014-05-21 17:18 - 2014-06-04 20:33 - 00000000 ____D () C:\Users\Jens\Desktop\Hyaci
2014-05-21 16:03 - 2014-05-21 16:03 - 00000000 ____D () C:\Users\Jens\AppData\Local\{7E84604B-182C-497E-BDFC-46FBE1C6BA60}
2014-05-20 21:07 - 2014-05-20 21:07 - 00000000 ____D () C:\Users\Jens\AppData\Local\{7ABD0EFB-464A-48A5-A080-2DD9DD46348E}
2014-05-20 09:07 - 2014-05-20 09:07 - 00000000 ____D () C:\Users\Jens\AppData\Local\{CD6D6B1C-03A8-487B-9164-93AA5A0073B9}
2014-05-19 16:30 - 2014-05-19 16:30 - 00000000 ____D () C:\Users\Jens\AppData\Local\{C79DA6C2-6E34-49DE-9A7C-8FF18F120013}
2014-05-18 22:39 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-18 22:39 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-18 22:39 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-18 22:39 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-18 22:39 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-18 22:39 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-18 14:44 - 2014-05-29 10:36 - 00000000 ____D () C:\Users\Jens\Desktop\KLM
2014-05-18 13:07 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-18 13:07 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-18 13:07 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-18 13:07 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-18 13:07 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-18 13:07 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-18 13:07 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-18 13:07 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-18 13:07 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-18 13:07 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-05-18 13:07 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-18 13:07 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-18 13:07 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-18 13:07 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-18 13:07 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-18 13:07 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-18 13:07 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-18 13:07 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-18 13:07 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-18 13:07 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-18 13:07 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-18 13:07 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-18 13:07 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-18 13:07 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-18 13:07 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-18 13:07 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-18 13:07 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-18 13:07 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-18 13:07 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-18 13:07 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-05-18 13:07 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-05-18 13:07 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-18 13:07 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-18 13:07 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-18 13:07 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-18 13:07 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-18 13:07 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-18 13:07 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-05-18 13:07 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-05-18 13:07 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-05-18 13:07 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-05-18 13:07 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-18 13:07 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-05-18 13:07 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-18 13:07 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-18 12:56 - 2014-06-05 11:47 - 00000000 ____D () C:\Users\Jens\AppData\Roaming\DropboxMaster
==================== One Month Modified Files and Folders =======
2014-06-12 00:19 - 2014-06-12 00:18 - 00016664 _____ () C:\Users\Jens\Desktop\FRST.txt
2014-06-12 00:19 - 2012-02-13 16:21 - 00000000 ____D () C:\Users\Jens\AppData\Local\Temp
2014-06-12 00:18 - 2014-06-12 00:18 - 00000000 ____D () C:\FRST
2014-06-12 00:17 - 2014-06-12 00:17 - 02081792 _____ (Farbar) C:\Users\Jens\Desktop\FRST64.exe
2014-06-12 00:16 - 2014-06-12 00:16 - 00000470 _____ () C:\Users\Jens\Desktop\defogger_disable.log
2014-06-12 00:14 - 2014-06-12 00:14 - 00050477 _____ () C:\Users\Jens\Desktop\Defogger.exe
2014-06-11 23:40 - 2011-10-11 18:59 - 01796777 _____ () C:\windows\WindowsUpdate.log
2014-06-11 23:39 - 2012-02-14 12:38 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-11 23:02 - 2012-02-15 22:29 - 00000000 ____D () C:\Users\Jens\AppData\Local\CrashDumps
2014-06-11 22:57 - 2014-06-11 21:06 - 00059488 _____ () C:\Users\Jens\Desktop\IDM.pptx
2014-06-11 21:39 - 2012-02-14 12:38 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-11 20:08 - 2014-02-08 00:24 - 00000000 ____D () C:\Users\Jens\Desktop\Gedichte u. Geschichten
2014-06-11 18:09 - 2014-06-11 18:09 - 00000000 ____D () C:\Users\Jens\AppData\Local\{028DB964-2BDB-4B8B-8063-7E4664D56DEA}
2014-06-11 15:35 - 2012-09-11 09:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 11:40 - 2014-06-11 11:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 10:54 - 2009-07-14 06:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-11 10:54 - 2009-07-14 06:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-11 10:53 - 2013-03-30 10:00 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{228FEB73-88D3-4813-9B38-52B297716840}
2014-06-11 10:43 - 2013-06-03 14:00 - 00045262 _____ () C:\windows\setupact.log
2014-06-11 10:43 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-10 16:11 - 2012-11-21 19:22 - 00000000 ____D () C:\Users\Jens\AppData\Roaming\Winamp
2014-06-10 10:18 - 2014-06-10 10:18 - 00000000 ____D () C:\Users\Jens\AppData\Local\{B44340F2-FDD2-4CE3-9F4F-790E4DC59E21}
2014-06-10 09:24 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-06-06 10:16 - 2014-05-29 22:09 - 00000000 ____D () C:\Users\Jens\Desktop\Marken
2014-06-05 14:05 - 2012-12-03 22:42 - 00000000 ___RD () C:\Users\Jens\Dropbox
2014-06-05 11:56 - 2014-06-05 11:56 - 00000000 ____D () C:\Users\Jens\AppData\Local\{7A724AA3-1601-470B-BC74-557085D6E54D}
2014-06-05 11:48 - 2012-12-03 22:40 - 00000000 ____D () C:\Users\Jens\AppData\Roaming\Dropbox
2014-06-05 11:47 - 2014-05-18 12:56 - 00000000 ____D () C:\Users\Jens\AppData\Roaming\DropboxMaster
2014-06-04 21:04 - 2014-06-04 21:04 - 00000000 ____D () C:\Users\Jens\AppData\Local\{EAA75A9F-6AFB-44E8-BFF6-36C2E07A2640}
2014-06-04 20:34 - 2012-02-13 17:38 - 00000000 ____D () C:\Users\Jens\AppData\Roaming\Skype
2014-06-04 20:33 - 2014-05-21 17:18 - 00000000 ____D () C:\Users\Jens\Desktop\Hyaci
2014-06-04 17:19 - 2012-02-13 17:38 - 00000000 ____D () C:\Users\Jens\Documents\Youcam
2014-06-04 17:18 - 2014-06-04 17:18 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-04 17:18 - 2014-06-04 17:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-04 17:18 - 2014-06-04 17:18 - 00000000 ____D () C:\Users\Jens\AppData\Local\Skype
2014-06-04 17:18 - 2014-06-04 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-04 17:18 - 2012-02-13 16:30 - 00000000 ____D () C:\ProgramData\Skype
2014-06-04 09:24 - 2014-06-02 20:28 - 00000000 ____D () C:\Users\Jens\Desktop\Youth Academies
2014-06-04 08:36 - 2014-06-04 08:36 - 00000000 ____D () C:\Users\Jens\AppData\Local\{2587E135-428C-48FD-93C2-87BB85E6F2CC}
2014-06-03 15:58 - 2014-06-03 15:58 - 00000000 ____D () C:\Users\Jens\AppData\Local\{10B84735-4B6F-4BA1-AF27-69AF7101A4C1}
2014-06-02 21:59 - 2014-06-02 21:59 - 00000000 ____D () C:\Users\Jens\AppData\Local\{C762A05E-2B3C-4FCF-9B62-020B35EA6817}
2014-06-02 17:22 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-06-02 10:10 - 2014-03-24 22:53 - 00000000 ____D () C:\Users\Jens\Desktop\HR-Management
2014-06-02 10:08 - 2014-05-27 23:11 - 00000000 ____D () C:\Users\Jens\Desktop\OnePiece
2014-06-02 09:59 - 2014-06-02 09:58 - 00000000 ____D () C:\Users\Jens\AppData\Local\{DD9C2541-B020-406C-B187-A2349581632E}
2014-06-01 19:32 - 2014-06-01 19:32 - 00000000 ____D () C:\Users\Jens\AppData\Local\{97B5AABA-095D-4A6E-B6B9-499C74680F63}
2014-05-29 20:05 - 2014-05-29 20:05 - 00000000 ____D () C:\Users\Jens\AppData\Local\{43858F07-0EA6-4F30-A9CD-A79F72943DB6}
2014-05-29 10:36 - 2014-05-18 14:44 - 00000000 ____D () C:\Users\Jens\Desktop\KLM
2014-05-28 10:02 - 2014-05-28 10:02 - 00000000 ____D () C:\Users\Jens\AppData\Local\{067A9022-0F3E-48B6-AD12-DAD49A17312D}
2014-05-27 21:44 - 2014-05-27 21:43 - 00000000 ____D () C:\Users\Jens\AppData\Local\{E87EA96F-C7B9-4060-93D9-8F4E101FBF51}
2014-05-27 17:00 - 2012-12-03 22:42 - 00001013 _____ () C:\Users\Jens\Desktop\Dropbox.lnk
2014-05-27 17:00 - 2012-12-03 22:41 - 00000000 ____D () C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-27 15:57 - 2014-05-27 15:57 - 00001986 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-05-27 15:57 - 2014-04-29 17:11 - 00220766 _____ () C:\windows\DPINST.LOG
2014-05-27 15:57 - 2014-04-29 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-05-27 15:56 - 2011-10-11 03:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-27 09:17 - 2014-05-27 09:17 - 00000000 ____D () C:\Users\Jens\AppData\Local\{8FF0A09E-F39B-4118-90CB-A01BE17C5600}
2014-05-26 20:31 - 2014-05-26 20:31 - 00000000 ____D () C:\Users\Jens\AppData\Local\{0C8EDF41-DCA1-45CD-9D8A-38D7D95BE0BC}
2014-05-22 20:14 - 2014-05-22 20:14 - 00000140 _____ () C:\Users\Jens\Desktop\kitereise.txt
2014-05-22 10:52 - 2013-11-04 20:42 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-05-22 10:52 - 2013-11-04 20:42 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-05-22 10:51 - 2014-05-22 10:51 - 00000000 ____D () C:\Users\Jens\AppData\Local\{DD9F43A1-D856-4403-95E9-361C895B8395}
2014-05-21 16:03 - 2014-05-21 16:03 - 00000000 ____D () C:\Users\Jens\AppData\Local\{7E84604B-182C-497E-BDFC-46FBE1C6BA60}
2014-05-20 21:07 - 2014-05-20 21:07 - 00000000 ____D () C:\Users\Jens\AppData\Local\{7ABD0EFB-464A-48A5-A080-2DD9DD46348E}
2014-05-20 09:07 - 2014-05-20 09:07 - 00000000 ____D () C:\Users\Jens\AppData\Local\{CD6D6B1C-03A8-487B-9164-93AA5A0073B9}
2014-05-19 18:17 - 2014-04-15 16:42 - 00000000 ____D () C:\Users\Jens\Desktop\Planspiel
2014-05-19 16:30 - 2014-05-19 16:30 - 00000000 ____D () C:\Users\Jens\AppData\Local\{C79DA6C2-6E34-49DE-9A7C-8FF18F120013}
2014-05-19 16:28 - 2012-04-17 13:48 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-19 16:28 - 2012-02-14 12:38 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-19 16:27 - 2012-02-13 16:30 - 00000000 ___RD () C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-19 16:27 - 2012-02-13 16:30 - 00000000 ___RD () C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 16:22 - 2014-05-09 22:31 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-18 22:41 - 2012-02-13 19:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-18 22:38 - 2013-08-01 17:37 - 00000000 ____D () C:\windows\system32\MRT
2014-05-18 22:36 - 2012-03-01 13:07 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-18 13:00 - 2012-02-14 12:48 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-17 17:58 - 2011-10-11 03:44 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-05-17 17:58 - 2011-10-11 03:44 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-05-17 17:58 - 2009-07-14 07:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
Files to move or delete:
====================
C:\Users\Jens\backup_test.bat
Some content of TEMP:
====================
C:\Users\Jens\AppData\Local\Temp\avgnt.exe
C:\Users\Jens\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo74y7z.dll
C:\Users\Work\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-02 17:14
==================== End Of Log ============================
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014
Ran by Jens at 2014-06-12 00:19:22
Running from C:\Users\Jens\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis (HKLM-x32\...\{9024FE65-46B8-4C8A-9D98-8DCB6BD5F598}) (Version: 15.4.5722.2 - Microsoft Corporation)
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.270 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Bing HRS Toolbar (HKLM-x32\...\{E3C4BB23-1D38-4A9C-9731-F086800533E9}) (Version: 3.6.5 - Microsoft Corporation)
Brother HL-5250DN (HKLM-x32\...\{C2C280CF-8E36-48F9-B23B-F169F1B86B4E}) (Version: 1.00 - Brother)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
Canon iP4200 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4200) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4417 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.1.16.14 - Samsung Electronics Co., Ltd.)
Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.36 - Samsung)
ETDWare PS/2-X64 10.0.7.2_WHQL (HKLM\...\Elantech) (Version: 10.0.7.2 - ELAN Microelectronic Corp.)
Evernote v. 5.2 (HKLM-x32\...\{090931D6-A2F4-11E3-AD9C-00163E98E7D0}) (Version: 5.2.0.2946 - Evernote Corp.)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.5.628 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.5.628 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Internet-TV für Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
PDF Pro 10 (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 10.8.0000 - PDF Pro Software)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
Samsung SPP-2020 Series (HKLM-x32\...\Samsung SPP-2020 Series) (Version: - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.6.201404170858 - Sony Mobile Communications AB)
Sony PC Companion 2.10.206 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.206 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX kontrola za daljinske veze (HKLM-x32\...\{8985AE5E-622A-4980-8BF8-0A1830643220}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem (HKLM-x32\...\{A3A775C9-5A63-4C55-8FDD-427A5B8F5D2B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wunderlist (HKLM-x32\...\{e3e67430-6aeb-445a-8e8c-e8d9702b58d0}) (Version: 2.3.0.26 - 6 Wunderkinder GmbH)
Wunderlist (x32 Version: 2.3.0.26 - 6 Wunderkinder GmbH) Hidden
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation)
원격 연결을 위한 Windows Live Mesh ActiveX 컨트롤 (HKLM-x32\...\{61920449-0393-4707-B7DD-E6C0013C8B2C}) (Version: 15.4.5722.2 - Microsoft Corporation)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Restore Points =========================
29-04-2014 15:10:50 Sony PC Companion
29-04-2014 15:12:54 Sony PC Companion
29-04-2014 17:07:40 Installed Sony Mobile Drivers
03-05-2014 21:15:24 Windows Update
09-05-2014 20:30:43 Windows Update
18-05-2014 20:34:28 Windows Update
02-06-2014 15:21:31 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {120BCC3C-0E70-4F4B-97B3-730C36063045} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {138511B7-E44F-4289-8F23-C146C7FF6A9F} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-19] (Samsung Electronics Co., Ltd.)
Task: {2DFCD5D1-5B79-4CB3-B559-6D97C2EC1D40} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-19] (SAMSUNG Electronics co., LTD.)
Task: {3346EB51-5C8B-4C2E-92BD-FCF89620D6E7} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {5B2B8577-3057-4B61-AC4C-C47475A077D8} - System32\Tasks\{5EE9DB6C-CCD1-4766-9248-8F2A8BF48F24} => Firefox.exe hxxp://ui.skype.com/ui/0/6.0.0.126/de/abandoninstall?page=tsProgressBar
Task: {664651A4-3756-480D-8A64-79DE89C2916C} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {769BD9CA-58B1-40D4-BBFF-6DAE9250AC48} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC)
Task: {A4CF5630-2D45-4D87-AC3D-98420472C3CA} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-07-30] (SAMSUNG Electronics)
Task: {B0AB2D5F-5374-4E2C-8BD0-B981E8F1F8D8} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-22] (Samsung Electronics Co., Ltd.)
Task: {C1A19806-8599-4534-BC3A-06287400E46B} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2011-09-15] (Samsung)
Task: {C20FA5D8-B040-45B7-A39C-759DD8FE9682} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {D60AF5EA-B7F4-4AA9-9886-E1C36FD71042} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {D68BA58B-8B6C-406C-ABE7-9AFDD5B1DFE7} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-28] (Samsung Electronics)
Task: {E2DE0B9F-135F-4498-84AE-D26C364103F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-14] (Google Inc.)
Task: {E8D91BA5-977B-4A58-899E-FC4FD4E09E2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-14] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-12-23 15:47 - 2006-12-04 02:26 - 00022016 _____ () C:\windows\System32\SPPB2l6.DLL
2014-02-02 22:14 - 2013-12-19 20:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-18 18:33 - 2014-01-07 12:24 - 07215616 _____ () C:\Program Files (x86)\PDF Pro 10\vspdfprsrv.exe
2014-04-29 17:10 - 2013-10-31 12:35 - 00070880 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2011-07-21 07:51 - 2010-12-16 11:37 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2011-03-04 13:49 - 2011-03-04 13:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2014-04-29 17:10 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-04-29 17:10 - 2013-09-13 11:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2014-04-29 17:10 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2014-03-06 15:42 - 2014-03-06 15:42 - 00528384 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2011-10-11 03:12 - 2011-02-16 18:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2014-03-18 18:33 - 2014-01-07 12:24 - 01200128 _____ () C:\Program Files (x86)\PDF Pro 10\TMSlite170.bpl
2014-03-18 18:33 - 2013-12-16 19:14 - 00090112 _____ () C:\Program Files (x86)\PDF Pro 10\vspropsaver170.bpl
2014-03-18 18:33 - 2014-01-07 12:24 - 05164544 _____ () C:\Program Files (x86)\PDF Pro 10\vspdfcore170.bpl
2014-03-18 18:33 - 2013-12-16 19:14 - 02544640 _____ () C:\Program Files (x86)\PDF Pro 10\vsvector170.bpl
2014-03-18 18:33 - 2014-01-07 12:24 - 02974720 _____ () C:\Program Files (x86)\PDF Pro 10\BBlite170.bpl
2014-03-18 18:33 - 2014-01-07 12:24 - 00025600 _____ () C:\Program Files (x86)\PDF Pro 10\vstrees170.bpl
2014-03-18 18:33 - 2014-01-07 12:24 - 00066560 _____ () C:\Program Files (x86)\PDF Pro 10\vsprinters170.bpl
2014-03-18 18:33 - 2013-12-16 19:14 - 00064512 _____ () C:\Program Files (x86)\PDF Pro 10\vspdfprinter170.bpl
2014-03-18 18:33 - 2013-12-16 19:14 - 01951288 _____ () C:\Program Files (x86)\PDF Pro 10\js32.dll
2014-03-18 18:33 - 2014-01-07 12:24 - 00078848 _____ () C:\Program Files (x86)\PDF Pro 10\expertpdfcore170.bpl
2014-03-18 18:33 - 2014-01-07 12:24 - 00572928 _____ () C:\Program Files (x86)\PDF Pro 10\vspdfeditor170.bpl
2014-02-24 17:56 - 2014-02-24 17:56 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-02-24 17:56 - 2014-02-24 17:56 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2011-10-11 03:12 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2011-10-11 03:23 - 2010-05-07 16:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-02 07:20 - 2009-11-02 07:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 07:23 - 2009-11-02 07:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-06-11 11:40 - 2014-06-11 11:40 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/11/2014 11:02:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 10.11.15.0, Zeitstempel: 0x52a6776c
Name des fehlerhaften Moduls: nvd3d9wrap.dll, Version: 9.18.13.3221, Zeitstempel: 0x52b32490
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00005170
ID des fehlerhaften Prozesses: 0x15c
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3
Error: (06/11/2014 11:02:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 10.11.15.0, Zeitstempel: 0x52a6776c
Name des fehlerhaften Moduls: nvspcap.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52a67618
Ausnahmecode: 0xc0000005
Fehleroffset: 0x033ae510
ID des fehlerhaften Prozesses: 0x15c
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3
Error: (06/11/2014 10:48:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SWMAgent.exe, Version: 1.1.16.14, Zeitstempel: 0x4e71639d
Name des fehlerhaften Moduls: SWMAgent.exe, Version: 1.1.16.14, Zeitstempel: 0x4e71639d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001fbe8
ID des fehlerhaften Prozesses: 0x1358
Startzeit der fehlerhaften Anwendung: 0xSWMAgent.exe0
Pfad der fehlerhaften Anwendung: SWMAgent.exe1
Pfad des fehlerhaften Moduls: SWMAgent.exe2
Berichtskennung: SWMAgent.exe3
Error: (06/11/2014 10:48:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SWMAgent.exe, Version: 1.1.16.14, Zeitstempel: 0x4e71639d
Name des fehlerhaften Moduls: SWMAgent.exe, Version: 1.1.16.14, Zeitstempel: 0x4e71639d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001fbe8
ID des fehlerhaften Prozesses: 0xac0
Startzeit der fehlerhaften Anwendung: 0xSWMAgent.exe0
Pfad der fehlerhaften Anwendung: SWMAgent.exe1
Pfad des fehlerhaften Moduls: SWMAgent.exe2
Berichtskennung: SWMAgent.exe3
Error: (06/11/2014 10:45:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/10/2014 03:12:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 10.11.15.0, Zeitstempel: 0x52a6776c
Name des fehlerhaften Moduls: nvd3d9wrap.dll, Version: 9.18.13.3221, Zeitstempel: 0x52b32490
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00005170
ID des fehlerhaften Prozesses: 0xb24
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3
Error: (06/10/2014 03:12:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 10.11.15.0, Zeitstempel: 0x52a6776c
Name des fehlerhaften Moduls: nvspcap.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52a67618
Ausnahmecode: 0xc0000005
Fehleroffset: 0x051be510
ID des fehlerhaften Prozesses: 0xb24
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3
Error: (06/10/2014 03:11:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/10/2014 09:25:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/10/2014 09:25:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SWMAgent.exe, Version: 1.1.16.14, Zeitstempel: 0x4e71639d
Name des fehlerhaften Moduls: SWMAgent.exe, Version: 1.1.16.14, Zeitstempel: 0x4e71639d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001fbe8
ID des fehlerhaften Prozesses: 0xd84
Startzeit der fehlerhaften Anwendung: 0xSWMAgent.exe0
Pfad der fehlerhaften Anwendung: SWMAgent.exe1
Pfad des fehlerhaften Moduls: SWMAgent.exe2
Berichtskennung: SWMAgent.exe3
System errors:
=============
Error: (06/11/2014 07:55:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.
Error: (06/11/2014 10:47:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error: (06/11/2014 10:45:07 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/11/2014 10:43:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (06/10/2014 11:28:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (06/10/2014 07:53:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.
Error: (06/10/2014 03:11:22 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/10/2014 03:10:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (06/10/2014 09:25:23 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/10/2014 09:24:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Microsoft Office Sessions:
=========================
Error: (06/11/2014 11:02:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe10.11.15.052a6776cnvd3d9wrap.dll9.18.13.322152b32490c00000050000517015c01cf85b839c372e6C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dllb788eb63-f1ab-11e3-95b3-e8039a3f6de1
Error: (06/11/2014 11:02:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe10.11.15.052a6776cnvspcap.dll_unloaded0.0.0.052a67618c0000005033ae51015c01cf85b839c372e6C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dllae69e2d2-f1ab-11e3-95b3-e8039a3f6de1
Error: (06/11/2014 10:48:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SWMAgent.exe1.1.16.144e71639dSWMAgent.exe1.1.16.144e71639dc00000050001fbe8135801cf8551f607e0c0C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exeC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe34901170-f145-11e3-95b3-e8039a3f6de1
Error: (06/11/2014 10:48:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SWMAgent.exe1.1.16.144e71639dSWMAgent.exe1.1.16.144e71639dc00000050001fbe8ac001cf855147c16a8eC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exeC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe2940da3c-f145-11e3-95b3-e8039a3f6de1
Error: (06/11/2014 10:45:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/10/2014 03:12:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe10.11.15.052a6776cnvd3d9wrap.dll9.18.13.322152b32490c000000500005170b2401cf84ad5c95455cC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dllec2fe254-f0a0-11e3-8052-e8039a3f6de1
Error: (06/10/2014 03:12:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe10.11.15.052a6776cnvspcap.dll_unloaded0.0.0.052a67618c0000005051be510b2401cf84ad5c95455cC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dllde36dde4-f0a0-11e3-8052-e8039a3f6de1
Error: (06/10/2014 03:11:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/10/2014 09:25:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/10/2014 09:25:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SWMAgent.exe1.1.16.144e71639dSWMAgent.exe1.1.16.144e71639dc00000050001fbe8d8401cf847d14ebba53C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exeC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe5e3c800b-f070-11e3-bfcd-e8039a3f6de1
CodeIntegrity Errors:
===================================
Date: 2013-10-21 19:18:01.048
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-21 19:18:01.048
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-21 19:18:01.048
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-21 19:18:01.008
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-21 19:18:00.998
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-21 19:18:00.998
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-15 22:47:27.919
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-15 22:47:27.919
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-15 22:47:27.919
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-15 22:47:27.899
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 6057.55 MB
Available physical RAM: 3951.48 MB
Total Pagefile: 12113.27 MB
Available Pagefile: 9388.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:183 GB) (Free:87.39 GB) NTFS
Drive d: () (Fixed) (Total:259.59 GB) (Free:98.7 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: A90831CD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=183 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=260 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23 GB) - (Type=27)
==================== End Of Log ============================
Gmer Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-12 00:36:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AR1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Jens\AppData\Local\Temp\kxldypoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033f5000 45 bytes [00, 00, 88, 00, 49, 6F, 20, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800033f502f 17 bytes [00, 03, 00, 85, 0E, 49, 6F, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\windows\system32\kernel32.dll!RegSetValueExW 000000007775a400 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000077763f20 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\windows\system32\kernel32.dll!RegDeleteValueW 000000007777ffb0 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007778f2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777b9a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777c94c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000777c9630 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777e87e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefdb87490 11 bytes JMP 000007fffd870228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\windows\system32\ole32.dll!CoSetProxyBlanket 000007fefdb9bf00 7 bytes JMP 000007fffd870260
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffb789e0 8 bytes JMP 000007fffd8701f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[2828] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffb7be40 8 bytes JMP 000007fffd8701b8
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2868] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076791f0e 7 bytes JMP 0000000170cb1695
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2868] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076795bad 7 bytes JMP 0000000170cb11a9
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2868] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000767a1409 7 bytes JMP 0000000170cb128a
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2868] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000767aea45 7 bytes JMP 0000000170cb1244
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2868] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000767bb21b 5 bytes JMP 0000000170cb15aa
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2868] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076838e24 7 bytes JMP 0000000170cb1339
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2868] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076838ea9 5 bytes JMP 0000000170cb16d6
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2868] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768391ff 5 bytes JMP 0000000170cb170d
.text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[3164] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076791f0e 7 bytes JMP 0000000170cb1695
.text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[3164] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076795bad 7 bytes JMP 0000000170cb11a9
.text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[3164] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000767a1409 7 bytes JMP 0000000170cb128a
.text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[3164] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000767aea45 7 bytes JMP 0000000170cb1244
.text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[3164] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000767bb21b 5 bytes JMP 0000000170cb15aa
.text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[3164] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076838e24 7 bytes JMP 0000000170cb1339
.text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[3164] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076838ea9 5 bytes JMP 0000000170cb16d6
.text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[3164] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768391ff 5 bytes JMP 0000000170cb170d
.text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[3172] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076791f0e 7 bytes JMP 0000000170cb1695
.text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[3172] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076795bad 7 bytes JMP 0000000170cb11a9
.text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[3172] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000767a1409 7 bytes JMP 0000000170cb128a
.text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[3172] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000767aea45 7 bytes JMP 0000000170cb1244
.text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[3172] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000767bb21b 5 bytes JMP 0000000170cb15aa
.text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[3172] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076838e24 7 bytes JMP 0000000170cb1339
.text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[3172] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076838ea9 5 bytes JMP 0000000170cb16d6
.text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[3172] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768391ff 5 bytes JMP 0000000170cb170d
.text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3204] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076791f0e 7 bytes JMP 0000000170cb1695
.text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3204] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076795bad 7 bytes JMP 0000000170cb11a9
.text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3204] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000767a1409 7 bytes JMP 0000000170cb128a
.text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3204] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000767aea45 7 bytes JMP 0000000170cb1244
.text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3204] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000767bb21b 5 bytes JMP 0000000170cb15aa
.text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3204] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076838e24 7 bytes JMP 0000000170cb1339
.text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3204] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076838ea9 5 bytes JMP 0000000170cb16d6
.text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3204] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768391ff 5 bytes JMP 0000000170cb170d
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3232] C:\windows\system32\kernel32.dll!RegSetValueExW 000000007775a400 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3232] C:\windows\system32\kernel32.dll!RegQueryValueExW 0000000077763f20 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3232] C:\windows\system32\kernel32.dll!RegDeleteValueW 000000007777ffb0 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3232] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007778f2e0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3232] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000777b9a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3232] C:\windows\system32\kernel32.dll!K32GetModuleInformation 00000000777c94c0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3232] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000777c9630 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3232] C:\windows\system32\kernel32.dll!RegSetValueExA 00000000777e87e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3232] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd882db0 5 bytes JMP 000007fffd870180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3232] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd8837d0 7 bytes JMP 000007fffd8700d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3232] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd888ef0 6 bytes JMP 000007fffd870148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3232] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd89af60 5 bytes JMP 000007fffd870110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3232] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feffb789e0 8 bytes JMP 000007fffd8701f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3232] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feffb7be40 8 bytes JMP 000007fffd8701b8
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3324] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076791f0e 7 bytes JMP 0000000170cb1695
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3324] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076795bad 7 bytes JMP 0000000170cb11a9
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3324] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000767a1409 7 bytes JMP 0000000170cb128a
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3324] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000767aea45 7 bytes JMP 0000000170cb1244
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3324] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000767bb21b 5 bytes JMP 0000000170cb15aa
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3324] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076838e24 7 bytes JMP 0000000170cb1339
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3324] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076838ea9 5 bytes JMP 0000000170cb16d6
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3324] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768391ff 5 bytes JMP 0000000170cb170d
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3324] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077541d29 5 bytes JMP 0000000170cb11c2
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3324] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077541dd7 5 bytes JMP 0000000170cb1014
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3324] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077542ab1 5 bytes JMP 0000000170cb1555
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3324] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077542d17 5 bytes JMP 0000000170cb1271
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076791f0e 7 bytes JMP 0000000170cb1695
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076795bad 7 bytes JMP 0000000170cb11a9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000767a1409 7 bytes JMP 0000000170cb128a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000767aea45 7 bytes JMP 0000000170cb1244
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000767bb21b 5 bytes JMP 0000000170cb15aa
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076838e24 7 bytes JMP 0000000170cb1339
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076838ea9 5 bytes JMP 0000000170cb16d6
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768391ff 5 bytes JMP 0000000170cb170d
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077541d29 5 bytes JMP 0000000170cb11c2
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077541dd7 5 bytes JMP 0000000170cb1014
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077542ab1 5 bytes JMP 0000000170cb1555
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077542d17 5 bytes JMP 0000000170cb1271
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000076d68a29 5 bytes JMP 0000000170cb1726
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076d74572 5 bytes JMP 0000000170cb10a0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076d8e567 5 bytes JMP 0000000170cb1415
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076dc7a5c 5 bytes JMP 0000000170cb15d2
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000774ce96b 5 bytes JMP 0000000170cb15c3
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000774ceba5 5 bytes JMP 0000000170cb1186
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077285ea5 5 bytes JMP 0000000170cb15fa
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000772b9d0b 5 bytes JMP 0000000170cb121c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5192] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076791f0e 7 bytes JMP 0000000170cb1695
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\kernel32.dll!RegSetValueExW 0000000076795bad 7 bytes JMP 0000000170cb11a9
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\kernel32.dll!RegSetValueExA 00000000767a1409 7 bytes JMP 0000000170cb128a
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\kernel32.dll!RegDeleteValueW 00000000767aea45 7 bytes JMP 0000000170cb1244
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 00000000767bb21b 5 bytes JMP 0000000170cb15aa
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076838e24 7 bytes JMP 0000000170cb1339
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076838ea9 5 bytes JMP 0000000170cb16d6
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000768391ff 5 bytes JMP 0000000170cb170d
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000077541d29 5 bytes JMP 0000000170cb11c2
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000077541dd7 5 bytes JMP 0000000170cb1014
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000077542ab1 5 bytes JMP 0000000170cb1555
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000077542d17 5 bytes JMP 0000000170cb1271
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000774ce96b 5 bytes JMP 0000000170cb15c3
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000774ceba5 5 bytes JMP 0000000170cb1186
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\USER32.dll!CreateWindowExW 0000000076d68a29 5 bytes JMP 0000000170cb1726
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076d74572 5 bytes JMP 0000000170cb10a0
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000076d8e567 5 bytes JMP 0000000170cb1415
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076dc7a5c 5 bytes JMP 0000000170cb15d2
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077285ea5 5 bytes JMP 0000000170cb15fa
.text C:\Users\Jens\Desktop\Gmer-19357.exe[4328] C:\windows\syswow64\ole32.dll!CoCreateInstance 00000000772b9d0b 5 bytes JMP 0000000170cb121c
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e003e75
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f59338f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca97107b376
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e003e75 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f59338f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca97107b376 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
