| |
| |||||||
Log-Analyse und Auswertung: Windows 7: rvzr-a-akamaihd stört in MozillaWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
30.11.2013, 22:04
| #1 |
| |  Windows 7: rvzr-a-akamaihd stört in Mozilla Hallo Forum! Wie wohl auch viele andere habe ich das Problem mit dem rvzr-a-akamaihd Virus, bei mir tritt er im Mozilla auf. Nachdem ich gerade die Logfiles erstellt habe und mir sie anschaute, erschien der BlueScreen und windows hat sich heruntergefahren. Um den Virus langfristig zu entfernen, erbitte ich individuelle Hilfe durch das Forum - Danke! PS: Da der Text zu lang war, befinden sich FRST und Addition im Anhang. Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-30 21:41:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\iFlo\AppData\Local\Temp\kwldrpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[1828] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1824] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef776dc88 5 bytes JMP 000007fff75600d8
.text C:\Windows\system32\Dwm.exe[2256] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef776de10 5 bytes JMP 000007fff7560110
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2388] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\ProgramData\DatacardService\DCSHelper.exe[2772] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2820] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Windows\System32\igfxpers.exe[3748] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3432] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3744] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3088] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3476] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3808] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[1912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Windows\system32\wbem\unsecapp.exe[3912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Windows\System32\StikyNot.exe[3216] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe[2572] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3764] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[1552] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3624] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[1932] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075001465 2 bytes [00, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750014bb 2 bytes [00, 75]
.text ... * 2
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076f5af40 7 bytes JMP 000000016fff0260
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076f64a60 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076f82990 5 bytes JMP 000000016fff01f0
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076f8efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076fb99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076fc94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000076fc9640 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076fea500 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefef789e0 8 bytes JMP 000007fffd1a01f0
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefef7be40 8 bytes JMP 000007fffd1a01b8
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Windows\system32\taskeng.exe[3496] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Program Files\EgisTec IPS\PMMUpdate.exe[4280] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd1b2db0 5 bytes JMP 000007fffd1a0180
.text C:\Program Files\EgisTec IPS\PMMUpdate.exe[4280] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd1b37d0 7 bytes JMP 000007fffd1a00d8
.text C:\Program Files\EgisTec IPS\PMMUpdate.exe[4280] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd1b8ef0 6 bytes JMP 000007fffd1a0148
.text C:\Program Files\EgisTec IPS\PMMUpdate.exe[4280] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd1caf60 5 bytes JMP 000007fffd1a0110
.text C:\Program Files\EgisTec IPS\PMMUpdate.exe[4280] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd6c7490 11 bytes JMP 000007fffd1a0228
.text C:\Program Files\EgisTec IPS\PMMUpdate.exe[4280] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd6dbf00 7 bytes JMP 000007fffd1a0260
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075ee1eee 7 bytes JMP 00000001707f16b3
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075ee5b85 7 bytes JMP 00000001707f11cc
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ef13e1 7 bytes JMP 00000001707f12a8
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075efea0d 7 bytes JMP 00000001707f1262
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075f0b1d3 5 bytes JMP 00000001707f15c8
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075f888b4 7 bytes JMP 00000001707f1357
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075f88939 5 bytes JMP 00000001707f16f4
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075f88c8f 5 bytes JMP 00000001707f101e
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075191d1b 5 bytes JMP 00000001707f11e5
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075191dc9 5 bytes JMP 00000001707f1019
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075192aa4 5 bytes JMP 00000001707f1573
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075192d0a 5 bytes JMP 00000001707f128f
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000074d2e9a2 5 bytes JMP 00000001707f15e1
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000074d2ebdc 5 bytes JMP 00000001707f11a9
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076028a29 5 bytes JMP 00000001707f1046
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076034572 5 bytes JMP 00000001707f10c8
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007604e567 5 bytes JMP 00000001707f1433
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076087a5c 5 bytes JMP 00000001707f15f0
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b75ea5 5 bytes JMP 00000001707f1618
.text C:\Users\iFlo\Desktop\gmer_2.1.19163.exe[1924] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075ba9d0b 5 bytes JMP 00000001707f123f
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f95bc36b
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f95bc36b (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
01.12.2013, 09:15
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: rvzr-a-akamaihd stört in Mozilla Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
01.12.2013, 14:45
| #3 |
| | Windows 7: rvzr-a-akamaihd stört in Mozilla Hallo,
__________________wie gesagt, der Text war zu groß und die GMER.txt sogar zu groß für den Anhang. Auf meinen eigenen Post antworten wollte ich nicht, da davor gewarnt wurde. Ich wusste leider nicht, wie ich sonst vorgehen sollte. Vielen Dank für die Antwort. Hier die Berichte: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.01.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 iFlo :: IFLO-PC [Administrator] Schutz: Aktiviert 01.12.2013 14:04:46 mbam-log-2013-12-01 (14-04-46).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 269348 Laufzeit: 9 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.013 - Bericht erstellt am 01/12/2013 um 14:18:48
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : iFlo - IFLO-PC
# Gestartet von : C:\Users\iFlo\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v25.0.1 (de)
[ Datei : C:\Users\iFlo\AppData\Roaming\Mozilla\Firefox\Profiles\1cxbrtc3.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\iFlo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4495 octets] - [30/11/2013 13:18:56]
AdwCleaner[R1].txt - [1033 octets] - [30/11/2013 13:40:33]
AdwCleaner[R2].txt - [1154 octets] - [30/11/2013 16:42:59]
AdwCleaner[R3].txt - [1209 octets] - [01/12/2013 14:17:35]
AdwCleaner[S0].txt - [4456 octets] - [30/11/2013 13:30:13]
AdwCleaner[S1].txt - [1095 octets] - [30/11/2013 13:41:15]
AdwCleaner[S2].txt - [1131 octets] - [01/12/2013 14:18:48]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1191 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by iFlo on 01.12.2013 at 14:28:05,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.12.2013 at 14:36:17,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2013
Ran by iFlo (administrator) on IFLO-PC on 01-12-2013 14:36:47
Running from C:\Users\iFlo\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dropbox, Inc.) C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated)
HKLM\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-21] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {952a4387-e876-11e2-be45-1c7508e463d2} - F:\LaunchU3.exe -a
MountPoints2: {a7eced97-e7b4-11e2-bdc0-90004e717cdf} - F:\AutoRun.exe
MountPoints2: {a7ecedb0-e7b4-11e2-bdc0-90004e717cdf} - G:\AutoRun.exe
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [266496 2011-06-17] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [266448 2013-05-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [214448 2013-05-12] (NVIDIA Corporation)
Startup: C:\Users\iFlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ecosia.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2B34DFA4-BC7A-46C6-B3DB-AD41946F7844}: [NameServer]139.7.30.125 139.7.30.126
FireFox:
========
FF ProfilePath: C:\Users\iFlo\AppData\Roaming\Mozilla\Firefox\Profiles\1cxbrtc3.default
FF SearchEngineOrder.1: Ask Search
FF Homepage: www.ecosia.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\iFlo\AppData\Roaming\Mozilla\Firefox\Profiles\1cxbrtc3.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\iFlo\AppData\Roaming\Mozilla\Firefox\Profiles\1cxbrtc3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: ftd - C:\Users\iFlo\AppData\Roaming\Mozilla\Firefox\Profiles\1cxbrtc3.default\Extensions\ftd@ftd.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Extension: (YouTube) - C:\Users\iFlo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\iFlo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\iFlo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-30] (Avira Operations GmbH & Co. KG)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-07-31] (Ellora Assets Corp.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-11-30] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2013-07-08] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203544 2013-02-06] (DEVGURU Co., LTD.(www.devguru.co.kr))
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 mfehidk01; \Device\mfehidk01.sys [x]
S3 NPF; system32\drivers\NPF.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-01 14:36 - 2013-12-01 14:36 - 00000624 _____ C:\Users\iFlo\Desktop\JRT.txt
2013-12-01 14:26 - 2013-12-01 14:26 - 01034531 _____ (Thisisu) C:\Users\iFlo\Desktop\JRT.exe
2013-12-01 14:23 - 2013-12-01 14:23 - 00001271 _____ C:\Users\iFlo\Desktop\AdwCleaner[S2].txt
2013-12-01 14:16 - 2013-12-01 14:16 - 01091882 _____ C:\Users\iFlo\Desktop\adwcleaner.exe
2013-12-01 14:02 - 2013-12-01 14:02 - 00001077 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-01 14:00 - 2013-12-01 14:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\iFlo\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-11-30 22:05 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-30 22:05 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-30 22:05 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-30 22:05 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-30 22:05 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-30 22:05 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-30 22:05 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-30 22:05 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-30 22:05 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-30 22:05 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-30 21:45 - 2013-11-30 21:45 - 505173185 _____ C:\Windows\MEMORY.DMP
2013-11-30 21:45 - 2013-11-30 21:45 - 00285968 _____ C:\Windows\Minidump\113013-24164-01.dmp
2013-11-30 21:45 - 2013-11-30 21:45 - 00000000 ____D C:\Windows\Minidump
2013-11-30 21:41 - 2013-11-30 21:41 - 00101778 _____ C:\Users\iFlo\Desktop\Gmer.txt
2013-11-30 21:27 - 2013-11-30 21:27 - 00377856 _____ C:\Users\iFlo\Desktop\gmer_2.1.19163.exe
2013-11-30 21:27 - 2013-11-30 21:27 - 00020162 _____ C:\Users\iFlo\Desktop\Addition.txt
2013-11-30 21:25 - 2013-12-01 14:36 - 00016583 _____ C:\Users\iFlo\Desktop\FRST.txt
2013-11-30 21:25 - 2013-11-30 21:25 - 00000000 ____D C:\FRST
2013-11-30 21:24 - 2013-11-30 21:24 - 01959070 _____ (Farbar) C:\Users\iFlo\Desktop\FRST64.exe
2013-11-30 21:23 - 2013-11-30 21:23 - 00050477 _____ C:\Users\iFlo\Desktop\Defogger.exe
2013-11-30 21:23 - 2013-11-30 21:23 - 00000470 _____ C:\Users\iFlo\Desktop\defogger_disable.log
2013-11-30 21:23 - 2013-11-30 21:23 - 00000000 _____ C:\Users\iFlo\defogger_reenable
2013-11-30 20:53 - 2013-11-30 20:53 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-30 20:37 - 2013-11-30 20:37 - 00001205 _____ C:\Users\iFlo\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-11-30 20:37 - 2013-11-30 20:37 - 00000000 ____D C:\Users\iFlo\AppData\Roaming\IObit
2013-11-30 20:37 - 2013-11-30 20:37 - 00000000 ____D C:\ProgramData\ProductData
2013-11-30 20:37 - 2013-11-30 20:37 - 00000000 ____D C:\ProgramData\IObit
2013-11-30 20:37 - 2013-11-30 20:37 - 00000000 ____D C:\Program Files (x86)\IObit
2013-11-30 16:24 - 2013-11-30 16:24 - 00000000 ____D C:\Windows\ERUNT
2013-11-30 15:51 - 2013-12-01 14:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-30 15:51 - 2013-11-30 15:51 - 00000000 ____D C:\Users\iFlo\AppData\Roaming\Malwarebytes
2013-11-30 15:51 - 2013-11-30 15:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-30 15:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-30 13:18 - 2013-12-01 14:18 - 00000000 ____D C:\AdwCleaner
2013-11-30 13:02 - 2013-11-30 13:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-30 11:35 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-30 11:35 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-30 11:35 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-30 11:34 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-30 11:34 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-30 11:34 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-30 11:34 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-30 11:34 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-30 11:34 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-30 11:34 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-30 11:34 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-30 11:34 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-30 11:34 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-30 11:34 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-30 11:34 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-30 11:34 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-30 11:34 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-30 11:34 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-30 11:34 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-30 11:34 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-30 11:34 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-30 11:34 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-30 11:34 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-30 11:34 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-30 11:34 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-30 11:34 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-30 11:34 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-30 11:34 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-30 11:34 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-30 11:34 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-28 14:34 - 2013-11-28 14:34 - 00000000 ____D C:\Users\iFlo\Downloads\querprofile-am-52974595
2013-11-28 14:33 - 2013-11-28 14:33 - 58641786 _____ C:\Users\iFlo\Downloads\querprofile-am-linearbeschleuniger-92wss_pwzsw6.zip
2013-11-22 17:57 - 2013-11-22 17:57 - 00008844 _____ C:\Users\iFlo\AppData\Local\recently-used.xbel
2013-11-17 18:15 - 2013-11-17 18:15 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-11-17 16:09 - 2013-11-30 11:18 - 00000000 ____D C:\Users\iFlo\AppData\Roaming\HTC
2013-11-17 16:08 - 2013-11-30 11:19 - 00000000 ____D C:\Users\iFlo\AppData\Local\HTC MediaHub
2013-11-17 16:08 - 2013-11-17 16:09 - 00000000 ____D C:\Users\iFlo\Documents\HTC
2013-11-17 16:08 - 2013-11-17 16:08 - 00000000 ____D C:\Users\iFlo\.android
2013-11-17 16:00 - 2013-11-30 11:21 - 00000000 ____D C:\Program Files (x86)\HTC
2013-11-17 16:00 - 2013-11-17 16:00 - 00000000 ____D C:\ProgramData\HTC
2013-11-17 14:44 - 2013-11-29 22:24 - 00000000 ___HD C:\Users\iFlo\Downloads\b
2013-11-07 16:03 - 2013-11-07 22:36 - 103000967 _____ C:\Windows\SysWOW64\吝㒓!
==================== One Month Modified Files and Folders =======
2013-12-01 14:37 - 2013-11-30 21:25 - 00016583 _____ C:\Users\iFlo\Desktop\FRST.txt
2013-12-01 14:36 - 2013-12-01 14:36 - 00000624 _____ C:\Users\iFlo\Desktop\JRT.txt
2013-12-01 14:28 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-01 14:28 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-01 14:26 - 2013-12-01 14:26 - 01034531 _____ (Thisisu) C:\Users\iFlo\Desktop\JRT.exe
2013-12-01 14:23 - 2013-12-01 14:23 - 00001271 _____ C:\Users\iFlo\Desktop\AdwCleaner[S2].txt
2013-12-01 14:23 - 2013-10-19 19:40 - 00000000 ___RD C:\Users\iFlo\Dropbox
2013-12-01 14:23 - 2013-10-19 19:37 - 00000000 ____D C:\Users\iFlo\AppData\Roaming\Dropbox
2013-12-01 14:20 - 2013-02-21 21:20 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 14:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-01 14:20 - 2009-07-14 05:51 - 00094567 _____ C:\Windows\setupact.log
2013-12-01 14:19 - 2013-02-15 14:20 - 01206624 _____ C:\Windows\WindowsUpdate.log
2013-12-01 14:18 - 2013-11-30 13:18 - 00000000 ____D C:\AdwCleaner
2013-12-01 14:16 - 2013-12-01 14:16 - 01091882 _____ C:\Users\iFlo\Desktop\adwcleaner.exe
2013-12-01 14:02 - 2013-12-01 14:02 - 00001077 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-01 14:02 - 2013-11-30 15:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 14:01 - 2013-12-01 14:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\iFlo\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-11-30 23:42 - 2013-02-21 21:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-30 22:05 - 2013-02-20 17:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-30 22:04 - 2013-07-27 21:00 - 00000000 ____D C:\Windows\system32\MRT
2013-11-30 22:02 - 2013-02-20 17:08 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-30 21:45 - 2013-11-30 21:45 - 505173185 _____ C:\Windows\MEMORY.DMP
2013-11-30 21:45 - 2013-11-30 21:45 - 00285968 _____ C:\Windows\Minidump\113013-24164-01.dmp
2013-11-30 21:45 - 2013-11-30 21:45 - 00000000 ____D C:\Windows\Minidump
2013-11-30 21:41 - 2013-11-30 21:41 - 00101778 _____ C:\Users\iFlo\Desktop\Gmer.txt
2013-11-30 21:27 - 2013-11-30 21:27 - 00377856 _____ C:\Users\iFlo\Desktop\gmer_2.1.19163.exe
2013-11-30 21:27 - 2013-11-30 21:27 - 00020162 _____ C:\Users\iFlo\Desktop\Addition.txt
2013-11-30 21:25 - 2013-11-30 21:25 - 00000000 ____D C:\FRST
2013-11-30 21:24 - 2013-11-30 21:24 - 01959070 _____ (Farbar) C:\Users\iFlo\Desktop\FRST64.exe
2013-11-30 21:23 - 2013-11-30 21:23 - 00050477 _____ C:\Users\iFlo\Desktop\Defogger.exe
2013-11-30 21:23 - 2013-11-30 21:23 - 00000470 _____ C:\Users\iFlo\Desktop\defogger_disable.log
2013-11-30 21:23 - 2013-11-30 21:23 - 00000000 _____ C:\Users\iFlo\defogger_reenable
2013-11-30 21:23 - 2013-02-19 17:46 - 00000000 ____D C:\Users\iFlo
2013-11-30 20:55 - 2013-02-15 23:13 - 00697082 _____ C:\Windows\system32\perfh007.dat
2013-11-30 20:55 - 2013-02-15 23:13 - 00148346 _____ C:\Windows\system32\perfc007.dat
2013-11-30 20:55 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-30 20:53 - 2013-11-30 20:53 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-30 20:37 - 2013-11-30 20:37 - 00001205 _____ C:\Users\iFlo\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-11-30 20:37 - 2013-11-30 20:37 - 00000000 ____D C:\Users\iFlo\AppData\Roaming\IObit
2013-11-30 20:37 - 2013-11-30 20:37 - 00000000 ____D C:\ProgramData\ProductData
2013-11-30 20:37 - 2013-11-30 20:37 - 00000000 ____D C:\ProgramData\IObit
2013-11-30 20:37 - 2013-11-30 20:37 - 00000000 ____D C:\Program Files (x86)\IObit
2013-11-30 16:24 - 2013-11-30 16:24 - 00000000 ____D C:\Windows\ERUNT
2013-11-30 16:21 - 2010-11-21 04:47 - 00023104 _____ C:\Windows\PFRO.log
2013-11-30 15:51 - 2013-11-30 15:51 - 00000000 ____D C:\Users\iFlo\AppData\Roaming\Malwarebytes
2013-11-30 15:51 - 2013-11-30 15:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-30 13:41 - 2013-02-20 16:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-30 13:02 - 2013-11-30 13:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-30 11:30 - 2013-05-07 21:50 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-30 11:30 - 2013-04-19 22:41 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-30 11:30 - 2013-04-19 22:41 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-30 11:30 - 2013-04-19 22:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-30 11:30 - 2013-02-21 19:05 - 00000000 ____D C:\Users\iFlo\AppData\Local\CrashDumps
2013-11-30 11:22 - 2013-02-19 17:47 - 00090520 _____ C:\Users\iFlo\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-30 11:21 - 2013-11-17 16:00 - 00000000 ____D C:\Program Files (x86)\HTC
2013-11-30 11:20 - 2013-07-13 17:54 - 00000000 ____D C:\Users\Gast
2013-11-30 11:20 - 2012-07-17 15:02 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-11-30 11:20 - 2012-07-17 15:02 - 00000000 ____D C:\Windows\system32\Macromed
2013-11-30 11:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-30 11:19 - 2013-11-17 16:08 - 00000000 ____D C:\Users\iFlo\AppData\Local\HTC MediaHub
2013-11-30 11:19 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-30 11:18 - 2013-11-17 16:09 - 00000000 ____D C:\Users\iFlo\AppData\Roaming\HTC
2013-11-30 11:18 - 2010-11-21 08:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-30 11:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-29 22:24 - 2013-11-17 14:44 - 00000000 ___HD C:\Users\iFlo\Downloads\b
2013-11-28 20:30 - 2013-02-20 22:14 - 00000000 ____D C:\Users\iFlo\Documents\Tageblatt
2013-11-28 14:34 - 2013-11-28 14:34 - 00000000 ____D C:\Users\iFlo\Downloads\querprofile-am-52974595
2013-11-28 14:33 - 2013-11-28 14:33 - 58641786 _____ C:\Users\iFlo\Downloads\querprofile-am-linearbeschleuniger-92wss_pwzsw6.zip
2013-11-28 14:23 - 2013-03-17 14:51 - 00000000 ____D C:\Users\iFlo\AppData\Local\Windows Live
2013-11-26 16:29 - 2013-02-23 11:14 - 00000000 ____D C:\Users\iFlo\AppData\Local\Adobe
2013-11-22 17:59 - 2013-06-01 16:08 - 00000000 ____D C:\Users\iFlo\.gimp-2.8
2013-11-22 17:57 - 2013-11-22 17:57 - 00008844 _____ C:\Users\iFlo\AppData\Local\recently-used.xbel
2013-11-17 18:15 - 2013-11-17 18:15 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-11-17 16:15 - 2013-02-20 22:14 - 00000000 ____D C:\Users\iFlo\Documents\Microsoft OfficePower Point
2013-11-17 16:09 - 2013-11-17 16:08 - 00000000 ____D C:\Users\iFlo\Documents\HTC
2013-11-17 16:08 - 2013-11-17 16:08 - 00000000 ____D C:\Users\iFlo\.android
2013-11-17 16:08 - 2013-02-21 18:24 - 00000000 ____D C:\Users\iFlo\AppData\Roaming\Apple Computer
2013-11-17 16:08 - 2013-02-21 18:24 - 00000000 ____D C:\Users\iFlo\AppData\Local\Apple Computer
2013-11-17 16:01 - 2013-02-20 22:13 - 00000000 ____D C:\Users\iFlo\Documents\Adobe PDF
2013-11-17 16:00 - 2013-11-17 16:00 - 00000000 ____D C:\ProgramData\HTC
2013-11-17 14:22 - 2013-02-24 16:17 - 00000072 _____ C:\Users\Public\LMDebug.log
2013-11-10 11:34 - 2013-02-20 22:14 - 00000000 ____D C:\Users\iFlo\Documents\Microsoft Office Word
2013-11-07 22:36 - 2013-11-07 16:03 - 103000967 _____ C:\Windows\SysWOW64\吝㒓!
2013-11-06 22:57 - 2013-10-19 19:40 - 00000980 _____ C:\Users\iFlo\Desktop\Dropbox.lnk
2013-11-06 22:57 - 2013-10-19 19:37 - 00000354 _____ C:\Windows\wininit.ini
2013-11-06 22:57 - 2013-10-19 19:37 - 00000000 ____D C:\Users\iFlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-06 22:57 - 2013-02-19 17:47 - 00000000 ___RD C:\Users\iFlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-05 18:24 - 2013-02-20 22:14 - 00000000 ____D C:\Users\iFlo\Documents\Microsoft Office Exel
Some content of TEMP:
====================
C:\Users\iFlo\AppData\Local\Temp\AskSLib.dll
C:\Users\iFlo\AppData\Local\Temp\avgnt.exe
C:\Users\iFlo\AppData\Local\Temp\COMAP.EXE
C:\Users\iFlo\AppData\Local\Temp\ezkn4s4q.dll
C:\Users\iFlo\AppData\Local\Temp\ForteDependencies.exe
C:\Users\iFlo\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\iFlo\AppData\Local\Temp\FreemakeYoutubeMp3Converter_3.5.3.3.exe
C:\Users\iFlo\AppData\Local\Temp\htmlayout.dll
C:\Users\iFlo\AppData\Local\Temp\ose00000.exe
C:\Users\iFlo\AppData\Local\Temp\ose00001.exe
C:\Users\iFlo\AppData\Local\Temp\pwucswe4.dll
C:\Users\iFlo\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-07 22:35
==================== End Of Log ============================
|
|
02.12.2013, 10:32
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: rvzr-a-akamaihd stört in MozillaESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.12.2013, 18:50
| #5 |
| | Windows 7: rvzr-a-akamaihd stört in Mozilla Leider ja, der Virus treibt im Mozilla weiter sein Unwesen. Die Logs: Eset Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a8350069c943914eba3ee532a0e62af3
# engine=16102
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-02 04:13:18
# local_time=2013-12-02 05:13:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 40930 19593513 33681 0
# compatibility_mode=5893 16776574 100 94 11642986 137630648 0 0
# scanned=271985
# found=0
# cleaned=0
# scan_time=7961
Code:
ATTFilter Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.9.900.117 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (25.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by iFlo (administrator) on IFLO-PC on 02-12-2013 18:04:50
Running from C:\Users\iFlo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JJGIKGR
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dropbox, Inc.) C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-05] (Acer Incorporated)
HKLM\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-21] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {952a4387-e876-11e2-be45-1c7508e463d2} - F:\LaunchU3.exe -a
MountPoints2: {a7eced97-e7b4-11e2-bdc0-90004e717cdf} - F:\AutoRun.exe
MountPoints2: {a7ecedb0-e7b4-11e2-bdc0-90004e717cdf} - G:\AutoRun.exe
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [266496 2011-06-17] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [266448 2013-05-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [214448 2013-05-12] (NVIDIA Corporation)
Startup: C:\Users\iFlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\iFlo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ecosia.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2B34DFA4-BC7A-46C6-B3DB-AD41946F7844}: [NameServer]139.7.30.125 139.7.30.126
FireFox:
========
FF ProfilePath: C:\Users\iFlo\AppData\Roaming\Mozilla\Firefox\Profiles\1cxbrtc3.default
FF SearchEngineOrder.1: Ask Search
FF Homepage: www.ecosia.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\iFlo\AppData\Roaming\Mozilla\Firefox\Profiles\1cxbrtc3.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\iFlo\AppData\Roaming\Mozilla\Firefox\Profiles\1cxbrtc3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: ftd - C:\Users\iFlo\AppData\Roaming\Mozilla\Firefox\Profiles\1cxbrtc3.default\Extensions\ftd@ftd.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Extension: (YouTube) - C:\Users\iFlo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\iFlo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\iFlo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-30] (Avira Operations GmbH & Co. KG)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-07-31] (Ellora Assets Corp.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-11-30] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2013-07-08] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203544 2013-02-06] (DEVGURU Co., LTD.(www.devguru.co.kr))
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 mfehidk01; \Device\mfehidk01.sys [x]
S3 NPF; system32\drivers\NPF.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-02 18:03 - 2013-12-02 18:03 - 00000996 _____ C:\Users\iFlo\Desktop\checkup.txt
2013-12-02 14:48 - 2013-12-02 14:48 - 00891184 _____ C:\Users\iFlo\Downloads\SecurityCheck.exe
2013-12-02 14:47 - 2013-12-02 14:47 - 02347384 _____ (ESET) C:\Users\iFlo\Desktop\esetsmartinstaller_enu.exe
2013-12-01 14:36 - 2013-12-01 14:36 - 00000624 _____ C:\Users\iFlo\Desktop\JRT.txt
2013-12-01 14:26 - 2013-12-01 14:26 - 01034531 _____ (Thisisu) C:\Users\iFlo\Desktop\JRT.exe
2013-12-01 14:23 - 2013-12-01 14:23 - 00001271 _____ C:\Users\iFlo\Desktop\AdwCleaner[S2].txt
2013-12-01 14:16 - 2013-12-01 14:16 - 01091882 _____ C:\Users\iFlo\Desktop\adwcleaner.exe
2013-12-01 14:02 - 2013-12-01 14:02 - 00001077 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-01 14:00 - 2013-12-01 14:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\iFlo\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-11-30 22:05 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-30 22:05 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-30 22:05 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-30 22:05 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-30 22:05 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-30 22:05 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-30 22:05 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-30 22:05 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-30 22:05 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-30 22:05 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-30 22:05 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-30 22:05 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-30 21:45 - 2013-11-30 21:45 - 505173185 _____ C:\Windows\MEMORY.DMP
2013-11-30 21:45 - 2013-11-30 21:45 - 00285968 _____ C:\Windows\Minidump\113013-24164-01.dmp
2013-11-30 21:45 - 2013-11-30 21:45 - 00000000 ____D C:\Windows\Minidump
2013-11-30 21:41 - 2013-11-30 21:41 - 00101778 _____ C:\Users\iFlo\Desktop\Gmer.txt
2013-11-30 21:27 - 2013-11-30 21:27 - 00377856 _____ C:\Users\iFlo\Desktop\gmer_2.1.19163.exe
2013-11-30 21:27 - 2013-11-30 21:27 - 00020162 _____ C:\Users\iFlo\Desktop\Addition.txt
2013-11-30 21:25 - 2013-12-01 14:38 - 00037141 _____ C:\Users\iFlo\Desktop\FRST.txt
2013-11-30 21:25 - 2013-11-30 21:25 - 00000000 ____D C:\FRST
2013-11-30 21:23 - 2013-11-30 21:23 - 00050477 _____ C:\Users\iFlo\Desktop\Defogger.exe
2013-11-30 21:23 - 2013-11-30 21:23 - 00000470 _____ C:\Users\iFlo\Desktop\defogger_disable.log
2013-11-30 21:23 - 2013-11-30 21:23 - 00000000 _____ C:\Users\iFlo\defogger_reenable
2013-11-30 20:37 - 2013-11-30 20:37 - 00000000 ____D C:\Users\iFlo\AppData\Roaming\IObit
2013-11-30 20:37 - 2013-11-30 20:37 - 00000000 ____D C:\ProgramData\ProductData
2013-11-30 20:37 - 2013-11-30 20:37 - 00000000 ____D C:\ProgramData\IObit
2013-11-30 20:37 - 2013-11-30 20:37 - 00000000 ____D C:\Program Files (x86)\IObit
2013-11-30 16:24 - 2013-11-30 16:24 - 00000000 ____D C:\Windows\ERUNT
2013-11-30 15:51 - 2013-12-01 14:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-30 15:51 - 2013-11-30 15:51 - 00000000 ____D C:\Users\iFlo\AppData\Roaming\Malwarebytes
2013-11-30 15:51 - 2013-11-30 15:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-30 15:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-30 13:18 - 2013-12-01 14:18 - 00000000 ____D C:\AdwCleaner
2013-11-30 13:02 - 2013-11-30 13:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-30 11:35 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-30 11:35 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-30 11:35 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-30 11:34 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-30 11:34 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-30 11:34 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-30 11:34 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-30 11:34 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-30 11:34 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-30 11:34 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-30 11:34 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-30 11:34 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-30 11:34 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-30 11:34 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-30 11:34 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-30 11:34 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-30 11:34 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-30 11:34 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-30 11:34 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-30 11:34 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-30 11:34 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-30 11:34 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-30 11:34 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-30 11:34 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-30 11:34 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-30 11:34 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-30 11:34 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-30 11:34 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-30 11:34 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-30 11:34 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-28 14:34 - 2013-11-28 14:34 - 00000000 ____D C:\Users\iFlo\Downloads\querprofile-am-52974595
2013-11-28 14:33 - 2013-11-28 14:33 - 58641786 _____ C:\Users\iFlo\Downloads\querprofile-am-linearbeschleuniger-92wss_pwzsw6.zip
2013-11-22 17:57 - 2013-11-22 17:57 - 00008844 _____ C:\Users\iFlo\AppData\Local\recently-used.xbel
2013-11-17 18:15 - 2013-11-17 18:15 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-11-17 16:09 - 2013-11-30 11:18 - 00000000 ____D C:\Users\iFlo\AppData\Roaming\HTC
2013-11-17 16:08 - 2013-11-30 11:19 - 00000000 ____D C:\Users\iFlo\AppData\Local\HTC MediaHub
2013-11-17 16:08 - 2013-11-17 16:09 - 00000000 ____D C:\Users\iFlo\Documents\HTC
2013-11-17 16:08 - 2013-11-17 16:08 - 00000000 ____D C:\Users\iFlo\.android
2013-11-17 16:00 - 2013-11-30 11:21 - 00000000 ____D C:\Program Files (x86)\HTC
2013-11-17 16:00 - 2013-11-17 16:00 - 00000000 ____D C:\ProgramData\HTC
2013-11-17 14:44 - 2013-12-01 16:35 - 00000000 ___HD C:\Users\iFlo\Downloads\b
2013-11-07 16:03 - 2013-11-07 22:36 - 103000967 _____ C:\Windows\SysWOW64\吝㒓!
==================== One Month Modified Files and Folders =======
2013-12-02 18:03 - 2013-12-02 18:03 - 00000996 _____ C:\Users\iFlo\Desktop\checkup.txt
2013-12-02 17:42 - 2013-02-21 21:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-02 17:23 - 2013-02-15 14:20 - 01306264 _____ C:\Windows\WindowsUpdate.log
2013-12-02 14:52 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-02 14:52 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-02 14:50 - 2013-02-15 23:13 - 00700630 _____ C:\Windows\system32\perfh007.dat
2013-12-02 14:50 - 2013-02-15 23:13 - 00149394 _____ C:\Windows\system32\perfc007.dat
2013-12-02 14:50 - 2009-07-14 06:13 - 01622100 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-02 14:48 - 2013-12-02 14:48 - 00891184 _____ C:\Users\iFlo\Downloads\SecurityCheck.exe
2013-12-02 14:47 - 2013-12-02 14:47 - 02347384 _____ (ESET) C:\Users\iFlo\Desktop\esetsmartinstaller_enu.exe
2013-12-02 14:45 - 2013-10-19 19:40 - 00000000 ___RD C:\Users\iFlo\Dropbox
2013-12-02 14:45 - 2013-10-19 19:37 - 00000000 ____D C:\Users\iFlo\AppData\Roaming\Dropbox
2013-12-02 14:45 - 2013-02-21 21:20 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-02 14:44 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-02 14:44 - 2009-07-14 05:51 - 00094679 _____ C:\Windows\setupact.log
2013-12-01 18:40 - 2013-02-21 19:05 - 00000000 ____D C:\Users\iFlo\AppData\Local\CrashDumps
2013-12-01 16:35 - 2013-11-17 14:44 - 00000000 ___HD C:\Users\iFlo\Downloads\b
2013-12-01 14:48 - 2013-06-28 10:50 - 01642510 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-01 14:38 - 2013-11-30 21:25 - 00037141 _____ C:\Users\iFlo\Desktop\FRST.txt
2013-12-01 14:36 - 2013-12-01 14:36 - 00000624 _____ C:\Users\iFlo\Desktop\JRT.txt
2013-12-01 14:26 - 2013-12-01 14:26 - 01034531 _____ (Thisisu) C:\Users\iFlo\Desktop\JRT.exe
2013-12-01 14:23 - 2013-12-01 14:23 - 00001271 _____ C:\Users\iFlo\Desktop\AdwCleaner[S2].txt
2013-12-01 14:18 - 2013-11-30 13:18 - 00000000 ____D C:\AdwCleaner
2013-12-01 14:16 - 2013-12-01 14:16 - 01091882 _____ C:\Users\iFlo\Desktop\adwcleaner.exe
2013-12-01 14:02 - 2013-12-01 14:02 - 00001077 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-01 14:02 - 2013-11-30 15:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 14:01 - 2013-12-01 14:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\iFlo\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-11-30 22:05 - 2013-02-20 17:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-30 22:04 - 2013-07-27 21:00 - 00000000 ____D C:\Windows\system32\MRT
2013-11-30 22:02 - 2013-02-20 17:08 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-30 21:45 - 2013-11-30 21:45 - 505173185 _____ C:\Windows\MEMORY.DMP
2013-11-30 21:45 - 2013-11-30 21:45 - 00285968 _____ C:\Windows\Minidump\113013-24164-01.dmp
2013-11-30 21:45 - 2013-11-30 21:45 - 00000000 ____D C:\Windows\Minidump
2013-11-30 21:41 - 2013-11-30 21:41 - 00101778 _____ C:\Users\iFlo\Desktop\Gmer.txt
2013-11-30 21:27 - 2013-11-30 21:27 - 00377856 _____ C:\Users\iFlo\Desktop\gmer_2.1.19163.exe
2013-11-30 21:27 - 2013-11-30 21:27 - 00020162 _____ C:\Users\iFlo\Desktop\Addition.txt
2013-11-30 21:25 - 2013-11-30 21:25 - 00000000 ____D C:\FRST
2013-11-30 21:23 - 2013-11-30 21:23 - 00050477 _____ C:\Users\iFlo\Desktop\Defogger.exe
2013-11-30 21:23 - 2013-11-30 21:23 - 00000470 _____ C:\Users\iFlo\Desktop\defogger_disable.log
2013-11-30 21:23 - 2013-11-30 21:23 - 00000000 _____ C:\Users\iFlo\defogger_reenable
2013-11-30 21:23 - 2013-02-19 17:46 - 00000000 ____D C:\Users\iFlo
2013-11-30 20:37 - 2013-11-30 20:37 - 00000000 ____D C:\Users\iFlo\AppData\Roaming\IObit
2013-11-30 20:37 - 2013-11-30 20:37 - 00000000 ____D C:\ProgramData\ProductData
2013-11-30 20:37 - 2013-11-30 20:37 - 00000000 ____D C:\ProgramData\IObit
2013-11-30 20:37 - 2013-11-30 20:37 - 00000000 ____D C:\Program Files (x86)\IObit
2013-11-30 16:24 - 2013-11-30 16:24 - 00000000 ____D C:\Windows\ERUNT
2013-11-30 16:21 - 2010-11-21 04:47 - 00023104 _____ C:\Windows\PFRO.log
2013-11-30 15:51 - 2013-11-30 15:51 - 00000000 ____D C:\Users\iFlo\AppData\Roaming\Malwarebytes
2013-11-30 15:51 - 2013-11-30 15:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-30 13:41 - 2013-02-20 16:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-30 13:02 - 2013-11-30 13:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-30 11:30 - 2013-05-07 21:50 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-30 11:30 - 2013-04-19 22:41 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-30 11:30 - 2013-04-19 22:41 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-30 11:30 - 2013-04-19 22:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-30 11:22 - 2013-02-19 17:47 - 00090520 _____ C:\Users\iFlo\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-30 11:21 - 2013-11-17 16:00 - 00000000 ____D C:\Program Files (x86)\HTC
2013-11-30 11:20 - 2013-07-13 17:54 - 00000000 ____D C:\Users\Gast
2013-11-30 11:20 - 2012-07-17 15:02 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-11-30 11:20 - 2012-07-17 15:02 - 00000000 ____D C:\Windows\system32\Macromed
2013-11-30 11:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-30 11:19 - 2013-11-17 16:08 - 00000000 ____D C:\Users\iFlo\AppData\Local\HTC MediaHub
2013-11-30 11:19 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-30 11:18 - 2013-11-17 16:09 - 00000000 ____D C:\Users\iFlo\AppData\Roaming\HTC
2013-11-30 11:18 - 2010-11-21 08:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-30 11:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-28 20:30 - 2013-02-20 22:14 - 00000000 ____D C:\Users\iFlo\Documents\Tageblatt
2013-11-28 14:34 - 2013-11-28 14:34 - 00000000 ____D C:\Users\iFlo\Downloads\querprofile-am-52974595
2013-11-28 14:33 - 2013-11-28 14:33 - 58641786 _____ C:\Users\iFlo\Downloads\querprofile-am-linearbeschleuniger-92wss_pwzsw6.zip
2013-11-28 14:23 - 2013-03-17 14:51 - 00000000 ____D C:\Users\iFlo\AppData\Local\Windows Live
2013-11-26 16:29 - 2013-02-23 11:14 - 00000000 ____D C:\Users\iFlo\AppData\Local\Adobe
2013-11-22 17:59 - 2013-06-01 16:08 - 00000000 ____D C:\Users\iFlo\.gimp-2.8
2013-11-22 17:57 - 2013-11-22 17:57 - 00008844 _____ C:\Users\iFlo\AppData\Local\recently-used.xbel
2013-11-17 18:15 - 2013-11-17 18:15 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-11-17 16:15 - 2013-02-20 22:14 - 00000000 ____D C:\Users\iFlo\Documents\Microsoft OfficePower Point
2013-11-17 16:09 - 2013-11-17 16:08 - 00000000 ____D C:\Users\iFlo\Documents\HTC
2013-11-17 16:08 - 2013-11-17 16:08 - 00000000 ____D C:\Users\iFlo\.android
2013-11-17 16:08 - 2013-02-21 18:24 - 00000000 ____D C:\Users\iFlo\AppData\Roaming\Apple Computer
2013-11-17 16:08 - 2013-02-21 18:24 - 00000000 ____D C:\Users\iFlo\AppData\Local\Apple Computer
2013-11-17 16:01 - 2013-02-20 22:13 - 00000000 ____D C:\Users\iFlo\Documents\Adobe PDF
2013-11-17 16:00 - 2013-11-17 16:00 - 00000000 ____D C:\ProgramData\HTC
2013-11-17 14:22 - 2013-02-24 16:17 - 00000072 _____ C:\Users\Public\LMDebug.log
2013-11-10 11:34 - 2013-02-20 22:14 - 00000000 ____D C:\Users\iFlo\Documents\Microsoft Office Word
2013-11-07 22:36 - 2013-11-07 16:03 - 103000967 _____ C:\Windows\SysWOW64\吝㒓!
2013-11-06 22:57 - 2013-10-19 19:40 - 00000980 _____ C:\Users\iFlo\Desktop\Dropbox.lnk
2013-11-06 22:57 - 2013-10-19 19:37 - 00000354 _____ C:\Windows\wininit.ini
2013-11-06 22:57 - 2013-10-19 19:37 - 00000000 ____D C:\Users\iFlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-06 22:57 - 2013-02-19 17:47 - 00000000 ___RD C:\Users\iFlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-05 18:24 - 2013-02-20 22:14 - 00000000 ____D C:\Users\iFlo\Documents\Microsoft Office Exel
Some content of TEMP:
====================
C:\Users\iFlo\AppData\Local\Temp\AskSLib.dll
C:\Users\iFlo\AppData\Local\Temp\avgnt.exe
C:\Users\iFlo\AppData\Local\Temp\COMAP.EXE
C:\Users\iFlo\AppData\Local\Temp\ezkn4s4q.dll
C:\Users\iFlo\AppData\Local\Temp\ForteDependencies.exe
C:\Users\iFlo\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\iFlo\AppData\Local\Temp\FreemakeYoutubeMp3Converter_3.5.3.3.exe
C:\Users\iFlo\AppData\Local\Temp\htmlayout.dll
C:\Users\iFlo\AppData\Local\Temp\ose00000.exe
C:\Users\iFlo\AppData\Local\Temp\ose00001.exe
C:\Users\iFlo\AppData\Local\Temp\pwucswe4.dll
C:\Users\iFlo\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-07 22:35
==================== End Of Log ============================
|
|
03.12.2013, 10:44
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: rvzr-a-akamaihd stört in Mozilla adobe updaten. Firefox deinstallieren, keine Daten behalten, neu installieren. Immer noch?
__________________ --> Windows 7: rvzr-a-akamaihd stört in Mozilla |
|
| Themen zu Windows 7: rvzr-a-akamaihd stört in Mozilla |
| .dll, acer, anti-malware, audio, bluescreen, desktop, entfernen, forum, gmer, harddisk, ics, launch, logfiles, malwarebytes, mozilla, nvidia, pmmupdate.exe, problem, realtek, registry, scan, system, system32, temp, update, virus, windows |
