Liebscherm | 10.12.2014 13:57 | Ich teile das mal auf sonst wirds zu lang.
Frst Additions-Log: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2014
Ran by Blablubb at 2014-12-10 12:25:05
Running from C:\Users\Blablubb\Videos\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Advantage Database Server for Windows v10.10 (HKLM-x32\...\{79981601-1EF3-4419-9779-3AAB18F9BB7A}) (Version: 10.10.0017 - iAnywhere, Inc.)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version: - )
Agenda Software (HKLM-x32\...\Aguninst) (Version: - )
Anno 2070 (HKLM-x32\...\Steam App 48240) (Version: - BlueByte / related Design)
ArcaniA – Gothic 4 (HKLM-x32\...\Steam App 39690) (Version: - Spellbound Studios)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Baldur's Gate: Enhanced Edition (HKLM-x32\...\Steam App 228280) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Blackguards (HKLM-x32\...\Steam App 249650) (Version: - Daedalic Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.8.8006 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{689FD579-0642-4D3E-AB61-F63B79C5075A}) (Version: 0.8.8.8006 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Brütal Legend (HKLM-x32\...\Steam App 225260) (Version: - Double Fine Productions)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - )
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version: - Crytek Studios)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0.30 - ITSG GmbH)
dakota.ag (x32 Version: 6.0.30 - ITSG GmbH) Hidden
Darksiders II (HKLM-x32\...\Steam App 50650) (Version: - Vigil Games)
Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version: - Hidden Path Entertainment)
Defiance (HKLM-x32\...\Steam App 224600) (Version: - )
DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)
Demonicon (HKLM-x32\...\Steam App 215630) (Version: - )
Divine Divinity (HKLM-x32\...\Steam App 214170) (Version: - )
Divinity: Dragon Commander (HKLM-x32\...\Steam App 243950) (Version: - Larian Studios)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version: - Larian Studios)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dragon Age II (HKLM-x32\...\{4D565319-8B91-41CB-961C-0DDC86101AC5}) (Version: 1.00 - Electronic Arts, Inc.)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version: - BioWare)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.1 - Electronic Arts)
Duden Patch 3261 (HKLM-x32\...\{BACAF5AB-C67D-4A4F-B470-AD032E2FEAEE}) (Version: 9.0.0 - Bibliographisches Institut GmbH)
Duden-Rechtschreibprüfung (HKLM-x32\...\{2085B2F0-3806-4E3C-933B-45212C1EAC80}) (Version: 9.0.0 - Bibliographisches Institut GmbH)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.14949 - Landesfinanzdirektion Thüringen)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio)
Fallen Enchantress (HKLM-x32\...\Steam App 216390) (Version: - Stardock Entertainment)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Free to Play (HKLM-x32\...\Steam App 245550) (Version: - Valve)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Homefront (HKLM-x32\...\Steam App 55100) (Version: - THQ)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) Network Connections 17.0.200.2 (HKLM\...\PROSetDX) (Version: 17.0.200.2 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Codec Pack 9.7.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.7.0 - )
Lexware Elster (HKLM-x32\...\{3CDE9277-9569-4098-A07C-293B1D86E27D}) (Version: 15.02.00.0011 - Haufe-Lexware GmbH & Co.KG)
Lexware faktura+auftrag 2013 (HKLM-x32\...\{00AB7335-3CEF-4747-9CC7-41C600A7E0E9}) (Version: 17.03.01.0150 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{C5F9841A-CE4B-4D57-AB97-D7A82910E1F6}) (Version: 4.51.00.0091 - Haufe-Lexware GmbH & Co.KG)
Lexware Installations Dienst (HKLM-x32\...\{1071B240-540B-420C-A40F-EF0AF5CD4892}) (Version: 3.51.00.0022 - Haufe-Lexware GmbH & Co.KG)
Lexware lohn+gehalt 2014 (HKLM-x32\...\{acf94d34-e64b-4fd5-b695-c4ce539316d6}) (Version: 18.51.0.64 - Haufe-Lexware GmbH & Co.KG)
Lexware lohn+gehalt 2014 (x32 Version: 18.51.00.0064 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios AB)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1014 - Marvell)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.)
Might & Magic VI (HKLM-x32\...\Steam App 243380) (Version: - )
Might & Magic X - Legacy (HKLM-x32\...\Steam App 238750) (Version: - Ubisoft)
Might & Magic: Heroes VI (HKLM-x32\...\Steam App 48220) (Version: - Blackhole)
Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Mystery Case Files - Flucht aus Ravenhearst Sammleredition 1.0.0.0 (HKLM-x32\...\Mystery Case Files - Flucht aus Ravenhearst Sammleredition 1.0.0.0) (Version: - )
Neverwinter (HKLM-x32\...\Steam App 109600) (Version: - )
NVIDIA 3D Vision Controller-Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Of Orcs And Men (HKLM-x32\...\Steam App 216910) (Version: - Cyanide Studio-Spiders Studios)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
Return to Castle Wolfenstein (HKLM-x32\...\Return to Castle Wolfenstein) (Version: 1.0 - Activision, Inc.)
Rise of Venice (HKLM-x32\...\Steam App 227020) (Version: - )
Risen 3 - Titan Lords (HKLM-x32\...\Steam App 249230) (Version: - Piranha Bytes)
Saints Row 2 (HKLM-x32\...\Steam App 9480) (Version: - Volition)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Secure Download Manager (HKLM-x32\...\{AA57D6F1-6360-4397-B2D9-B21C69863D97}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
SpellForce 2 - Faith in Destiny (HKLM-x32\...\Steam App 65530) (Version: - )
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.14 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Strike Suit Zero (HKLM-x32\...\Steam App 209540) (Version: - Born Ready Games Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
Supreme Commander: Forged Alliance (HKLM-x32\...\Steam App 9420) (Version: - )
sv.net (HKLM-x32\...\sv.net) (Version: 14.1 - ITSG GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
Titan Quest: Immortal Throne (HKLM-x32\...\Steam App 4550) (Version: - IronLore)
Torchlight (HKLM-x32\...\Steam App 41500) (Version: - Runic Games)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Vampire: The Masquerade - Bloodlines (HKLM-x32\...\Steam App 2600) (Version: - Troika Games)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3503846040-2763449873-3200168035-1000_Classes\CLSID\{25EE6EB9-0CE5-3070-924F-79BCFFE7D1AF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3503846040-2763449873-3200168035-1000_Classes\CLSID\{388F93A0-9310-3EBA-90FB-361A2C5D8447}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3503846040-2763449873-3200168035-1000_Classes\CLSID\{AFD6BFDC-F329-41BB-9C53-764B965DD483}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Restore Points =========================
10-12-2014 10:11:56 Removed Cisco AnyConnect Secure Mobility Client
10-12-2014 10:52:05 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {10091113-94F4-4951-A0DD-BC2E29A73B22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-24] (Google Inc.)
Task: {17B42110-C05B-406B-8FD7-507A4D25FFCB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-24] (Google Inc.)
Task: {45064CCA-CABF-458A-9D53-77613C931912} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {A724C35D-0F18-40E1-BE70-CBCDE4FFEA3D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {AEA38557-13BE-45EA-B293-117D35DC321B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AFAF100E-E317-4EE4-ABBD-8034F529EF9F} - System32\Tasks\{CC9526A6-B67B-4BDD-9533-21A986144898} => E:\Spiele\Call of Duty 4 - Modern Warfare\iw3mp.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-12-03 15:44 - 2013-12-03 15:44 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2013-01-10 01:07 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-10-26 11:56 - 2012-10-26 11:56 - 00314368 _____ () C:\Program Files (x86)\Duden\Duden-Rechtschreibpruefung\MBControls.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2013-01-10 00:58 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-01-10 00:55 - 2012-02-07 17:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-12-02 10:25 - 2014-12-02 10:25 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-10 07:52 - 2014-12-10 07:52 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
2014-06-15 16:58 - 2014-06-15 16:58 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-15 16:58 - 2014-06-15 16:58 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-15 16:58 - 2014-06-15 16:58 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Agenda-Arbeitsplatz => C:\AGENDA\AgendaAP\PROG\agendaap32.exe
MSCONFIG\startupreg: BlackBerryLink.exe => "C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe" /minimize
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: RIM PeerManager => "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: Steam => "E:\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: zinit32 => C:\Windows\ZInit32.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-3503846040-2763449873-3200168035-500 - Administrator - Disabled)
Blablubb (S-1-5-21-3503846040-2763449873-3200168035-1000 - Administrator - Enabled) => C:\Users\Blablubb
Gast (S-1-5-21-3503846040-2763449873-3200168035-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3503846040-2763449873-3200168035-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/10/2014 00:02:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (12/10/2014 00:02:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/10/2014 00:02:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/10/2014 11:57:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/10/2014 11:56:54 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (12/10/2014 11:50:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/10/2014 11:00:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/10/2014 10:59:25 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (12/10/2014 10:59:25 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (12/10/2014 10:59:25 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (12/10/2014 11:56:54 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (12/10/2014 10:53:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (12/10/2014 10:52:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (12/10/2014 10:09:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (12/10/2014 07:19:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (12/09/2014 07:52:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (12/08/2014 07:25:41 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (12/07/2014 09:14:00 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (12/07/2014 09:13:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (12/07/2014 09:13:58 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Microsoft Office Sessions:
=========================
Error: (12/10/2014 00:02:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (12/10/2014 00:02:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/10/2014 00:02:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/10/2014 11:57:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/10/2014 11:56:54 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (12/10/2014 11:50:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (12/10/2014 11:00:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Blablubb\Downloads\esetsmartinstaller_deu(1).exe
Error: (12/10/2014 10:59:25 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (12/10/2014 10:59:25 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (12/10/2014 10:59:25 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
CodeIntegrity Errors:
===================================
Date: 2014-12-10 11:57:02.156
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-10 10:53:39.742
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-10 10:09:25.964
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-10 07:19:32.191
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-09 20:08:32.745
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-09 07:52:19.026
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-08 07:25:45.580
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-07 20:40:37.600
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 15:29:26.911
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-06 13:02:20.937
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 18%
Total physical RAM: 16335.16 MB
Available physical RAM: 13360.15 MB
Total Pagefile: 32668.5 MB
Available Pagefile: 29201.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:7.99 GB) NTFS
Drive d: (lohn_gehalt_1850) (CDROM) (Total:0.33 GB) (Free:0 GB) CDFS
Drive e: (Spiele) (Fixed) (Total:931.51 GB) (Free:407.21 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: C89DE8A8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E9B46EC0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Gmer-Log: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-10 12:43:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Samsung_ rev.DXT0 111,79GB
Running: 7fom2kp7.exe; Driver: C:\Users\Blablubb\AppData\Local\Temp\pftiikog.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 000000006e4c17fa 2 bytes CALL 758411a9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 000000006e4c1860 2 bytes CALL 758411a9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 000000006e4c1942 2 bytes JMP 75347089 C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000006e4c194d 2 bytes JMP 7534cba6 C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ba1401 2 bytes JMP 7586b21b C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ba1419 2 bytes JMP 7586b346 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ba1431 2 bytes JMP 758e8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ba144a 2 bytes CALL 758448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ba14dd 2 bytes JMP 758e87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075ba14f5 2 bytes JMP 758e8978 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ba150d 2 bytes JMP 758e8698 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075ba1525 2 bytes JMP 758e8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ba153d 2 bytes JMP 7585fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ba1555 2 bytes JMP 758668ef C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ba156d 2 bytes JMP 758e8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ba1585 2 bytes JMP 758e8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ba159d 2 bytes JMP 758e865c C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ba15b5 2 bytes JMP 7585fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ba15cd 2 bytes JMP 7586b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075ba16b2 2 bytes JMP 758e8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075ba16bd 2 bytes JMP 758e85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ba1401 2 bytes JMP 7586b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2288] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ba1419 2 bytes JMP 7586b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ba1431 2 bytes JMP 758e8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ba144a 2 bytes CALL 758448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2288] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ba14dd 2 bytes JMP 758e87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075ba14f5 2 bytes JMP 758e8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ba150d 2 bytes JMP 758e8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075ba1525 2 bytes JMP 758e8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ba153d 2 bytes JMP 7585fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2288] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ba1555 2 bytes JMP 758668ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ba156d 2 bytes JMP 758e8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ba1585 2 bytes JMP 758e8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ba159d 2 bytes JMP 758e865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ba15b5 2 bytes JMP 7585fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ba15cd 2 bytes JMP 7586b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075ba16b2 2 bytes JMP 758e8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075ba16bd 2 bytes JMP 758e85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ba1401 2 bytes JMP 7586b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[4596] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ba1419 2 bytes JMP 7586b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ba1431 2 bytes JMP 758e8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ba144a 2 bytes CALL 758448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[4596] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ba14dd 2 bytes JMP 758e87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075ba14f5 2 bytes JMP 758e8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[4596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ba150d 2 bytes JMP 758e8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075ba1525 2 bytes JMP 758e8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ba153d 2 bytes JMP 7585fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[4596] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ba1555 2 bytes JMP 758668ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ba156d 2 bytes JMP 758e8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ba1585 2 bytes JMP 758e8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[4596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ba159d 2 bytes JMP 758e865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ba15b5 2 bytes JMP 7585fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ba15cd 2 bytes JMP 7586b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075ba16b2 2 bytes JMP 758e8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075ba16bd 2 bytes JMP 758e85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ba1401 2 bytes JMP 7586b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4140] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ba1419 2 bytes JMP 7586b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ba1431 2 bytes JMP 758e8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ba144a 2 bytes CALL 758448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4140] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ba14dd 2 bytes JMP 758e87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075ba14f5 2 bytes JMP 758e8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ba150d 2 bytes JMP 758e8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075ba1525 2 bytes JMP 758e8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ba153d 2 bytes JMP 7585fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4140] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ba1555 2 bytes JMP 758668ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ba156d 2 bytes JMP 758e8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ba1585 2 bytes JMP 758e8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ba159d 2 bytes JMP 758e865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ba15b5 2 bytes JMP 7585fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ba15cd 2 bytes JMP 7586b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075ba16b2 2 bytes JMP 758e8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075ba16bd 2 bytes JMP 758e85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075ba1401 2 bytes JMP 7586b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075ba1419 2 bytes JMP 7586b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075ba1431 2 bytes JMP 758e8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075ba144a 2 bytes CALL 758448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075ba14dd 2 bytes JMP 758e87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075ba14f5 2 bytes JMP 758e8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075ba150d 2 bytes JMP 758e8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075ba1525 2 bytes JMP 758e8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075ba153d 2 bytes JMP 7585fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075ba1555 2 bytes JMP 758668ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075ba156d 2 bytes JMP 758e8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075ba1585 2 bytes JMP 758e8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075ba159d 2 bytes JMP 758e865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075ba15b5 2 bytes JMP 7585fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075ba15cd 2 bytes JMP 7586b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075ba16b2 2 bytes JMP 758e8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075ba16bd 2 bytes JMP 758e85f1 C:\Windows\syswow64\kernel32.dll
---- Files - GMER 2.1 ----
File C:\Program Files (x86)\Secunia\PSI\SUA\running 0 bytes
---- EOF - GMER 2.1 ---- Und schließlich noch die Mban-Log: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10.12.2014
Scan Time: 10:39:10
Logfile: MBAN__Scan_10.12.2014.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2014.12.10.05
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Blablubb
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346433
Time Elapsed: 4 min, 14 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 5
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5F189DF5-2D05-472B-9091-84D9848AE48B}{892cc6a3}, , [07267ae71c60d462f2fc1c4b897a15eb],
PUP.Optional.PerformanceOptimizer.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\892cc6a3, , [d459560bec90ba7cb0a92d9eff05b14f],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3503846040-2763449873-3200168035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [2ffedd84daa2142279649fec9271b34d],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3503846040-2763449873-3200168035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [d85574ed225aae887e81cad711f33ec2],
PUP.Optional.GetTheDiscount.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, , [b4796001d8a463d37dd983bf1de632ce],
Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3503846040-2763449873-3200168035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0C2Z1N1R0Q1D1J1C0Q1B, , [d85574ed225aae887e81cad711f33ec2]
Registry Data: 3
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:\progra~3\perfor~1\perfor~1.dll, Good: (), Bad: (c:\progra~3\perfor~1\perfor~1.dll),,[e34aa2bf8cf01026a0dfa3b26d98b050]
PUP.Optional.PerformanceOptimizer.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:\progra~3\perfor~1\perfor~1.dll, Good: (), Bad: (c:\progra~3\perfor~1\perfor~1.dll),,[3af30b5684f80630c69216b550b4e21e]
PUP.Optional.PerformanceOptimizer.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL, Good: (), Bad: (C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL),,[67c688d9720ae3534c0c5f6ce32119e7]
Folders: 3
Rogue.Multiple, C:\ProgramData\374311380, , [0e1ffc65b0cc9a9c38d258b10df6fd03],
PUP.Optional.GetTheDiscount.A, C:\ProgramData\GetTheDiscount, , [b4796001d8a463d37dd983bf1de632ce],
PUP.Optional.DownloadItKeep.A, C:\ProgramData\downloaditKeep, , [2ffed8890a728fa73c801731fa09ea16],
Files: 6
Trojan.Agent, C:\ProgramData\Performance Optimizer\PerformanceOptimizer.dll, , [e34aa2bf8cf01026a0dfa3b26d98b050],
PUP.Optional.Trovi.A, C:\Users\Blablubb\AppData\Roaming\Mozilla\Firefox\Profiles\1bxxrc49.default\searchplugins\trovi-search.xml, , [2706a1c0e597082ed6513a3ab1526997],
PUP.Optional.PerformanceOptimizer.A, C:\ProgramData\Performance Optimizer\PerformanceOptimizer.dll, , [3af30b5684f80630c69216b550b4e21e],
PUP.Optional.PerformanceOptimizer.A, C:\ProgramData\Performance Optimizer\PerformanceOptimizerSvc.dll, , [0a23a8b98cf04cea5503e6e561a3649c],
PUP.Optional.PerformanceOptimizer.A, C:\ProgramData\Performance Optimizer\PerformanceOptimizer_x64.dll, , [67c688d9720ae3534c0c5f6ce32119e7],
PUP.Optional.GetTheDiscount.A, C:\ProgramData\GetTheDiscount\GetTheDiscount.exe, , [b4796001d8a463d37dd983bf1de632ce],
Physical Sectors: 0
(No malicious items detected)
(end) Und die ESET-Online-Scanner-Log: Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3a5bac347729f04fa5ac3333fc88bea0
# engine=21485
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-10 10:47:29
# local_time=2014-12-10 11:47:29 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 6889411 41188843 0 0
# scanned=227242
# found=2
# cleaned=2
# scan_time=2758
sh=ED8E9A75884FD29DFE28481ECDBE33B1BEC0C0B5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Blablubb\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpbkjoflbamlmnckbdchadelgcmjpcc\4.87\i0aYpmEA4s.js"
sh=32AF21D11E450F85661BB8561271582148563934 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Blablubb\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpbkjoflbamlmnckbdchadelgcmjpcc\4.87\lsdb.js" |