Hi, danke für deine Geduld.
Okay, defogger hat erst ein paar Probleme gemacht,, hier sind die logs :
defogger Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:06 on 31/10/2013 (Jessica)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- FRST
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by Jessica (administrator) on WILMA on 31-10-2013 11:38:03
Running from C:\Users\Jessica\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Somoto) C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
() C:\Windows\system32\dmwu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV2.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
() C:\Windows\SysWOW64\jmdp\stij.exe
() C:\Windows\System32\ljkb\stij.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
() C:\Users\Jessica\AppData\Local\Lollipop\Lollipop.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(glindorus) C:\Program Files (x86)\glindorus\updateglindorus.exe
(Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
(Smartbar) C:\Users\Jessica\AppData\Local\Smartbar\Application\SnapDo.exe
(Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jessica\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886416 2012-03-02] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [InstantUpdate] - C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe [124520 2012-04-06] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Jessica\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-04] (Google Inc.)
HKCU\...\Run: [SDP] - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto)
HKCU\...\Run: [lollipop] - C:\Users\Jessica\AppData\Local\Lollipop\Lollipop.exe [2438656 2013-10-31] ()
HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\Jessica\AppData\Local\Smartbar\Application\SnapDo.exe [21536 2013-08-29] (Smartbar)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-24] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573584 2012-10-19] (Ask)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll c:\windows\system32\nvinitx.dll [1952224 2013-10-22] ()
AppInit_DLLs-x32: c:\progra~3\bitguard\271769~1.27\{c16c1~1\bitguard.dll c:\windows\syswow64\nvinit.dll [215360 2012-03-05] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=5145a1ef-17e4-36f6-2598-29202e84357e&searchtype=hp&installDate=31/10/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=5145a1ef-17e4-36f6-2598-29202e84357e&searchtype=ds&q={searchTerms}&installDate=31/10/2013
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B090C018859F3909&affID=119557&tsp=5034
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=5145a1ef-17e4-36f6-2598-29202e84357e&searchtype=ds&q={searchTerms}&installDate=31/10/2013
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=5145a1ef-17e4-36f6-2598-29202e84357e&searchtype=ds&q={searchTerms}&installDate=31/10/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=5145a1ef-17e4-36f6-2598-29202e84357e&searchtype=ds&q={searchTerms}&installDate=31/10/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=5145a1ef-17e4-36f6-2598-29202e84357e&searchtype=ds&q={searchTerms}&installDate=31/10/2013
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=5145a1ef-17e4-36f6-2598-29202e84357e&searchtype=ds&q={searchTerms}&installDate=31/10/2013
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B090C018859F3909&affID=119557&tsp=5034
BHO: Plus-HD-1.6 - {11111111-1111-1111-1111-110311201102} - C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll (Plus HD)
BHO: LyricsSay-15 - {11111111-1111-1111-1111-110411391106} - C:\Program Files (x86)\LyricsSay-15\LyricsSay-15-bho64.dll (Showpass)
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO-x32: Plus-HD-1.6 - {11111111-1111-1111-1111-110311201102} - C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll (Plus HD)
BHO-x32: LyricsSay-15 - {11111111-1111-1111-1111-110411391106} - C:\Program Files (x86)\LyricsSay-15\LyricsSay-15-bho.dll (Showpass)
BHO-x32: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: glindorus - {9598e82a-7e09-4438-b425-b9e9718c3c73} - C:\Program Files (x86)\glindorus\glindorusBHO.dll (glindorus)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR HomePage: hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=DE&userid=5145a1ef-17e4-36f6-2598-29202e84357e&searchtype=hp&installDate={installDate}
CHR RestoreOnStartup: "urls_to_restore_on_startup": [
CHR Plugin: (Shockwave Flash) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Jessica\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Jessica\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Avira Toolbar) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.19.38091_0
CHR Extension: (glindorus) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ammjbfijeglcdlnlnhlkdhgjnlgmpehe\1.0.0
CHR Extension: (Delta Toolbar) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.6.2_1
CHR Extension: (Plus-HD-1.6) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.90_0
CHR Extension: (Wajam) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0
CHR Extension: (LyricsSay-15) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfopijhanoceijcfpaileppfklbeggk\1.25.6_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Jessica\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.10.0.crx
CHR HKLM-x32\...\Chrome\Extension: [ammjbfijeglcdlnlnhlkdhgjnlgmpehe] - C:\Program Files (x86)\glindorus\ammjbfijeglcdlnlnhlkdhgjnlgmpehe.crx
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Jessica\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Jessica\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 BitGuard; C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2864096 2013-10-22] ()
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1754928 2013-10-15] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-16] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 Update glindorus; C:\Program Files (x86)\glindorus\updateglindorus.exe [65312 2013-10-05] (glindorus)
R2 WajamUpdaterV2; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV2.exe [113152 2013-10-10] (Wajam)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [76960 2012-02-27] (Atheros)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-31 11:37 - 2013-10-31 11:37 - 00000000 ____D C:\FRST
2013-10-31 11:35 - 2013-10-31 11:35 - 00002639 _____ C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-10-31 11:34 - 2013-10-31 11:38 - 00001938 _____ C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lollipop.lnk
2013-10-31 11:34 - 2013-10-31 11:35 - 00000000 ____D C:\Users\Jessica\AppData\Local\Smartbar
2013-10-31 11:34 - 2013-10-31 11:34 - 00000000 ____D C:\Users\Jessica\AppData\Local\Lollipop
2013-10-31 11:34 - 2013-10-31 11:34 - 00000000 ____D C:\Program Files (x86)\glindorus
2013-10-30 11:35 - 2013-10-31 11:30 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-10-30 11:28 - 2013-10-30 11:28 - 00752096 _____ C:\Users\Jessica\Desktop\ZipExtractorSetup.exe
2013-10-30 11:26 - 2013-10-30 11:26 - 00169272 _____ (Firseria·s·l·) C:\Users\Jessica\Desktop\Setup (1).exe
2013-10-30 11:25 - 2013-10-30 11:25 - 01956614 _____ (Farbar) C:\Users\Jessica\Desktop\FRST64.exe
2013-10-30 11:23 - 2013-10-30 11:23 - 00001129 _____ C:\Users\Jessica\Desktop\Continue Zip Extractor Installation.lnk
2013-10-28 20:03 - 2013-10-28 20:03 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-10-27 15:46 - 2013-10-27 15:46 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-10-27 15:46 - 2013-10-27 15:46 - 00000000 ____D C:\Windows\system32\ljkb
2013-10-25 16:54 - 2013-10-25 16:55 - 00000000 ____D C:\Users\Jessica\Desktop\Bett Ebay Kleinanzeigen
2013-10-20 15:59 - 2013-10-20 15:59 - 00169272 _____ (Firseria·s·l·) C:\Users\Jessica\Downloads\Setup.exe
2013-10-13 21:15 - 2013-10-13 21:20 - 00000000 ____D C:\Users\Jessica\Desktop\Wii Ebay Kleinanzeigen
2013-10-13 20:48 - 2013-10-31 11:35 - 00002614 _____ C:\Users\Jessica\Desktop\Search.lnk
2013-10-13 20:48 - 2013-10-31 11:30 - 00001958 _____ C:\Windows\Tasks\LyricsSay-15-chromeinstaller.job
2013-10-13 20:48 - 2013-10-31 11:30 - 00001906 _____ C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job
2013-10-13 20:48 - 2013-10-31 11:30 - 00001344 _____ C:\Windows\Tasks\LyricsSay-15-updater.job
2013-10-13 20:48 - 2013-10-31 11:30 - 00001294 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2013-10-13 20:48 - 2013-10-31 11:30 - 00001250 _____ C:\Windows\Tasks\LyricsSay-15-codedownloader.job
2013-10-13 20:48 - 2013-10-31 11:30 - 00001198 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2013-10-13 20:48 - 2013-10-31 11:30 - 00001150 _____ C:\Windows\Tasks\LyricsSay-15-enabler.job
2013-10-13 20:48 - 2013-10-31 11:30 - 00001098 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2013-10-13 20:48 - 2013-10-28 21:30 - 00000000 ____D C:\ProgramData\BitGuard
2013-10-13 20:48 - 2013-10-13 20:48 - 00004374 _____ C:\Windows\System32\Tasks\LyricsSay-15-updater
2013-10-13 20:48 - 2013-10-13 20:48 - 00004324 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-updater
2013-10-13 20:48 - 2013-10-13 20:48 - 00004280 _____ C:\Windows\System32\Tasks\LyricsSay-15-codedownloader
2013-10-13 20:48 - 2013-10-13 20:48 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader
2013-10-13 20:48 - 2013-10-13 20:48 - 00004180 _____ C:\Windows\System32\Tasks\LyricsSay-15-enabler
2013-10-13 20:48 - 2013-10-13 20:48 - 00004128 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-enabler
2013-10-13 20:48 - 2013-10-13 20:48 - 00003390 _____ C:\Windows\System32\Tasks\EPUpdater
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\Delta
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\BabSolution
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Users\Jessica\AppData\Local\Wajam
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Users\Jessica\AppData\Local\avgchrome
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\ProgramData\DSearchLink
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.6
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Program Files (x86)\LyricsSay-15
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Program Files (x86)\Delta
2013-10-13 20:47 - 2013-10-13 20:48 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-10-13 20:47 - 2013-10-13 20:47 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\Babylon
2013-10-13 20:47 - 2013-10-13 20:47 - 00000000 ____D C:\ProgramData\Babylon
2013-10-13 20:46 - 2013-10-13 20:46 - 01855072 _____ (Irfan Skiljan) C:\Users\Jessica\Downloads\iview436_setup.exe
2013-10-12 19:46 - 2013-10-13 09:15 - 00000000 ____D C:\Users\Jessica\Desktop\Küche Ebay Kleinanzeigen
2013-10-11 21:40 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 21:40 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 21:40 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 21:40 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 21:40 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 21:40 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 21:40 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 21:40 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 21:40 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 21:40 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 21:40 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 21:40 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 21:40 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 21:40 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 21:40 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 21:40 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 21:40 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 21:40 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 21:40 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 21:40 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 21:40 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 21:40 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 21:40 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 21:40 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 21:40 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 21:40 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 21:40 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 21:40 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 21:40 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 21:40 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 21:40 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 12:14 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 12:14 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 12:14 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 12:14 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 12:14 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 12:14 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 12:14 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 12:13 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 12:13 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 12:13 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 12:13 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 12:13 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 12:13 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 12:13 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 12:13 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 12:13 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 12:13 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 12:13 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 12:13 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 12:13 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 12:13 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 12:13 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 12:13 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 12:13 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 12:13 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 12:13 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 12:13 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 12:13 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 12:13 - 2013-08-01 10:19 - 00984512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 12:13 - 2013-08-01 10:19 - 00265152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-10-10 12:13 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 12:13 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 12:13 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 12:13 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 12:13 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 12:13 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 12:13 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 12:13 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 12:13 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 12:13 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 12:13 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 12:13 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 12:13 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 12:13 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 12:13 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 12:13 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 12:13 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
==================== One Month Modified Files and Folders =======
2013-10-31 11:39 - 2009-07-14 05:45 - 00024192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-31 11:39 - 2009-07-14 05:45 - 00024192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-31 11:38 - 2013-10-31 11:34 - 00001938 _____ C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lollipop.lnk
2013-10-31 11:37 - 2013-10-31 11:37 - 00000000 ____D C:\FRST
2013-10-31 11:37 - 2012-05-04 10:37 - 01839578 _____ C:\Windows\WindowsUpdate.log
2013-10-31 11:36 - 2012-05-04 20:25 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-10-31 11:36 - 2012-05-04 20:25 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-10-31 11:36 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-31 11:35 - 2013-10-31 11:35 - 00002639 _____ C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-10-31 11:35 - 2013-10-31 11:34 - 00000000 ____D C:\Users\Jessica\AppData\Local\Smartbar
2013-10-31 11:35 - 2013-10-13 20:48 - 00002614 _____ C:\Users\Jessica\Desktop\Search.lnk
2013-10-31 11:34 - 2013-10-31 11:34 - 00000000 ____D C:\Users\Jessica\AppData\Local\Lollipop
2013-10-31 11:34 - 2013-10-31 11:34 - 00000000 ____D C:\Program Files (x86)\glindorus
2013-10-31 11:34 - 2012-08-04 15:12 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-203217726-1171049402-2537477199-1001UA.job
2013-10-31 11:30 - 2013-10-30 11:35 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-10-31 11:30 - 2013-10-13 20:48 - 00001958 _____ C:\Windows\Tasks\LyricsSay-15-chromeinstaller.job
2013-10-31 11:30 - 2013-10-13 20:48 - 00001906 _____ C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job
2013-10-31 11:30 - 2013-10-13 20:48 - 00001344 _____ C:\Windows\Tasks\LyricsSay-15-updater.job
2013-10-31 11:30 - 2013-10-13 20:48 - 00001294 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2013-10-31 11:30 - 2013-10-13 20:48 - 00001250 _____ C:\Windows\Tasks\LyricsSay-15-codedownloader.job
2013-10-31 11:30 - 2013-10-13 20:48 - 00001198 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2013-10-31 11:30 - 2013-10-13 20:48 - 00001150 _____ C:\Windows\Tasks\LyricsSay-15-enabler.job
2013-10-31 11:30 - 2013-10-13 20:48 - 00001098 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2013-10-31 11:30 - 2013-09-10 10:46 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-31 11:30 - 2012-05-04 10:44 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-10-31 11:29 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-31 11:29 - 2009-07-14 05:51 - 00108591 _____ C:\Windows\setupact.log
2013-10-30 11:28 - 2013-10-30 11:28 - 00752096 _____ C:\Users\Jessica\Desktop\ZipExtractorSetup.exe
2013-10-30 11:26 - 2013-10-30 11:26 - 00169272 _____ (Firseria·s·l·) C:\Users\Jessica\Desktop\Setup (1).exe
2013-10-30 11:25 - 2013-10-30 11:25 - 01956614 _____ (Farbar) C:\Users\Jessica\Desktop\FRST64.exe
2013-10-30 11:23 - 2013-10-30 11:23 - 00001129 _____ C:\Users\Jessica\Desktop\Continue Zip Extractor Installation.lnk
2013-10-30 11:20 - 2013-09-10 10:46 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-30 11:19 - 2012-09-25 19:19 - 00000000 ____D C:\Users\Jessica\AppData\Local\CrashDumps
2013-10-29 06:01 - 2012-03-28 19:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-28 22:47 - 2012-03-28 19:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-28 21:30 - 2013-10-13 20:48 - 00000000 ____D C:\ProgramData\BitGuard
2013-10-28 21:30 - 2010-11-21 04:47 - 00032140 _____ C:\Windows\PFRO.log
2013-10-28 20:03 - 2013-10-28 20:03 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-10-27 20:34 - 2012-08-04 15:12 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-203217726-1171049402-2537477199-1001Core.job
2013-10-27 15:46 - 2013-10-27 15:46 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-10-27 15:46 - 2013-10-27 15:46 - 00000000 ____D C:\Windows\system32\ljkb
2013-10-27 14:35 - 2013-05-09 07:51 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-10-27 07:58 - 2013-05-09 07:51 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-10-25 16:55 - 2013-10-25 16:54 - 00000000 ____D C:\Users\Jessica\Desktop\Bett Ebay Kleinanzeigen
2013-10-20 15:59 - 2013-10-20 15:59 - 00169272 _____ (Firseria·s·l·) C:\Users\Jessica\Downloads\Setup.exe
2013-10-19 15:16 - 2012-05-04 10:44 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-10-15 10:05 - 2013-05-09 07:51 - 01754928 _____ C:\Windows\system32\dmwu.exe
2013-10-15 09:59 - 2013-05-09 07:51 - 00033792 _____ (IncrediMail, Ltd.) C:\Windows\system32\ImHttpComm.dll
2013-10-14 05:15 - 2013-09-10 10:46 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-14 05:15 - 2013-09-10 10:46 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-13 21:20 - 2013-10-13 21:15 - 00000000 ____D C:\Users\Jessica\Desktop\Wii Ebay Kleinanzeigen
2013-10-13 20:48 - 2013-10-13 20:48 - 00004374 _____ C:\Windows\System32\Tasks\LyricsSay-15-updater
2013-10-13 20:48 - 2013-10-13 20:48 - 00004324 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-updater
2013-10-13 20:48 - 2013-10-13 20:48 - 00004280 _____ C:\Windows\System32\Tasks\LyricsSay-15-codedownloader
2013-10-13 20:48 - 2013-10-13 20:48 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader
2013-10-13 20:48 - 2013-10-13 20:48 - 00004180 _____ C:\Windows\System32\Tasks\LyricsSay-15-enabler
2013-10-13 20:48 - 2013-10-13 20:48 - 00004128 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-enabler
2013-10-13 20:48 - 2013-10-13 20:48 - 00003390 _____ C:\Windows\System32\Tasks\EPUpdater
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\Delta
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\BabSolution
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Users\Jessica\AppData\Local\Wajam
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Users\Jessica\AppData\Local\avgchrome
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\ProgramData\DSearchLink
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.6
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Program Files (x86)\LyricsSay-15
2013-10-13 20:48 - 2013-10-13 20:48 - 00000000 ____D C:\Program Files (x86)\Delta
2013-10-13 20:48 - 2013-10-13 20:47 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-10-13 20:47 - 2013-10-13 20:47 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\Babylon
2013-10-13 20:47 - 2013-10-13 20:47 - 00000000 ____D C:\ProgramData\Babylon
2013-10-13 20:46 - 2013-10-13 20:46 - 01855072 _____ (Irfan Skiljan) C:\Users\Jessica\Downloads\iview436_setup.exe
2013-10-13 19:29 - 2012-08-04 15:12 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-203217726-1171049402-2537477199-1001UA
2013-10-13 19:29 - 2012-08-04 15:12 - 00003706 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-203217726-1171049402-2537477199-1001Core
2013-10-13 14:07 - 2013-02-03 21:37 - 00000000 ____D C:\Users\Jessica\Desktop\Rezepte
2013-10-13 09:15 - 2013-10-12 19:46 - 00000000 ____D C:\Users\Jessica\Desktop\Küche Ebay Kleinanzeigen
2013-10-12 19:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 21:52 - 2009-07-14 05:45 - 00283104 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 21:51 - 2013-03-15 21:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 21:51 - 2013-03-15 21:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-07 10:25 - 2013-05-07 18:34 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-07 10:25 - 2013-03-28 06:26 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-07 10:25 - 2013-03-28 06:26 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-07 10:25 - 2013-03-28 06:26 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
Some content of TEMP:
====================
C:\Users\Jessica\AppData\Local\Temp\7z920.exe
C:\Users\Jessica\AppData\Local\Temp\avgnt.exe
C:\Users\Jessica\AppData\Local\Temp\BI_RunOnce.exe
C:\Users\Jessica\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\Jessica\AppData\Local\Temp\clearfiSetup.exe
C:\Users\Jessica\AppData\Local\Temp\DeltaTB.exe
C:\Users\Jessica\AppData\Local\Temp\dp.exe
C:\Users\Jessica\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Jessica\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Jessica\AppData\Local\Temp\ICReinstall_ZipExtractorSetup (1).exe
C:\Users\Jessica\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Jessica\AppData\Local\Temp\run.exe
C:\Users\Jessica\AppData\Local\Temp\uninstaller.exe
C:\Users\Jessica\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Jessica\AppData\Local\Temp\WSSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-27 14:53
==================== End Of Log ============================ --- --- ---
--- --- ---
Gmer Code:
GMER Logfile:
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-31 11:56:46
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST320LT0 rev.0010 298,09GB
Running: 0q2wu89h.exe; Driver: C:\Users\Jessica\AppData\Local\Temp\kgtdqpoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031a8000 64 bytes [17, 00, 48, 3B, 05, 7F, 2D, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 593 fffff800031a8041 48 bytes [01, 00, 00, 0F, 87, B5, 01, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76]
.text ... * 2
.text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[2892] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076accfca 5 bytes JMP 00000001720b5820
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2516] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076accfca 5 bytes JMP 00000001720b5820
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3328] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076accfca 5 bytes JMP 00000001720b5820
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76]
.text ... * 2
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3392] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076accfca 5 bytes JMP 00000001720b5820
.text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3928] C:\Windows\syswow64\user32.DLL!DialogBoxParamW 0000000076accfca 5 bytes JMP 00000001720b5820
.text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76]
.text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76]
.text ... * 2
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2848] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076accfca 5 bytes JMP 00000001720b5820
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76]
.text ... * 2
.text C:\Windows\SysWOW64\jmdp\stij.exe[1780] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076accfca 5 bytes JMP 00000001720b5820
.text C:\Windows\SysWOW64\jmdp\stij.exe[1780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76]
.text C:\Windows\SysWOW64\jmdp\stij.exe[1780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76]
.text ... * 2
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4368] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076accfca 5 bytes JMP 00000001720b5820
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76]
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76]
.text ... * 2
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4756] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076accfca 5 bytes JMP 00000001720b5820
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76]
.text C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe[4756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5792] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076accfca 5 bytes JMP 00000001720b5820
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4328] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076accfca 5 bytes JMP 00000001720b5820
.text C:\Users\Jessica\AppData\Local\Lollipop\Lollipop.exe[4124] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076accfca 5 bytes JMP 00000001720b5820
.text C:\Users\Jessica\AppData\Local\Lollipop\Lollipop.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76]
.text C:\Users\Jessica\AppData\Local\Lollipop\Lollipop.exe[4124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6108] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076accfca 5 bytes JMP 00000001720b5820
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76]
.text ... * 2
.text C:\Program Files (x86)\glindorus\updateglindorus.exe[3140] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076accfca 5 bytes JMP 00000001720b5820
.text C:\Users\Jessica\AppData\Local\Smartbar\Application\SnapDo.exe[3684] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076accfca 5 bytes JMP 00000001720b5820
.text C:\Users\Jessica\AppData\Local\Smartbar\Application\SnapDo.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76]
.text C:\Users\Jessica\AppData\Local\Smartbar\Application\SnapDo.exe[3684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76]
.text ... * 2
.text C:\Users\Jessica\Downloads\0q2wu89h.exe[7248] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076accfca 5 bytes JMP 00000001720b5820
.text C:\Users\Jessica\Downloads\0q2wu89h.exe[7248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076651465 2 bytes [65, 76]
.text C:\Users\Jessica\Downloads\0q2wu89h.exe[7248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000766514bb 2 bytes [65, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1232:1280] 000007fefa16341c
Thread C:\Windows\system32\svchost.exe [1232:1284] 000007fefa163a2c
Thread C:\Windows\system32\svchost.exe [1232:1288] 000007fefa163768
Thread C:\Windows\system32\svchost.exe [1232:1292] 000007fefa165c20
Thread C:\Windows\system32\svchost.exe [1232:3460] 000007feef1fbd88
Thread C:\Windows\system32\svchost.exe [1232:4516] 000007fef7c75170
Thread C:\Windows\system32\svchost.exe [1232:6768] 000007fefa163900
Thread C:\Windows\system32\svchost.exe [1232:7112] 000007fef9725124
Thread C:\Windows\system32\WLANExt.exe [1328:1372] 000000018000d778
Thread C:\Windows\system32\WLANExt.exe [1328:1376] 000000018000d794
Thread C:\Windows\system32\WLANExt.exe [1328:1380] 000000018000d75c
Thread C:\Windows\system32\WLANExt.exe [1328:1384] 000000018002470c
Thread C:\Windows\system32\WLANExt.exe [1328:1388] 000007fef98e2f9c
Thread C:\Windows\System32\spoolsv.exe [1504:1844] 000007fef80510c8
Thread C:\Windows\System32\spoolsv.exe [1504:2008] 000007fef8016144
Thread C:\Windows\System32\spoolsv.exe [1504:2016] 000007fef6f55fd0
Thread C:\Windows\System32\spoolsv.exe [1504:2020] 000007fef6f43438
Thread C:\Windows\System32\spoolsv.exe [1504:2024] 000007fef6f563ec
Thread C:\Windows\System32\spoolsv.exe [1504:2032] 000007fef8375e5c
Thread C:\Windows\System32\spoolsv.exe [1504:2036] 000007fef83a5074
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6752:2500] 000007fefb132a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6752:4744] 000007fef9725124
Thread C:\Windows\System32\svchost.exe [4888:2300] 000007feea929688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c018855b6f38
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c018859f390a
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c018855b6f38 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c018859f390a (not active ControlSet)
---- EOF - GMER 2.1 ---- --- --- --- |