Windows 7: PUA/Somoto.Gen
Hallo Zusammen,
mein Antivirusprogramm hat mir soeben den Fund "PUA/Somoto.Gen" gemeldet und diesen in Quarantäne verschoben. Arbeite in einem separaten, zugriffsbeschränkten Account. Es konnte lediglich der FRST-Scan durchgeführt werden, da die Deaktivierung des Antivirusprogramms für den GMER-Scan nicht möglich ist, der Zugriff endet stets mit der Meldung: "Auf das angegebene Geräte, bzw. den Pfad oder dieDatei konnte nicht zugegriffen werden." Zusätzlich mündet der Versuch eines Benutzerwechsels in einem Blackscreen. Nach Neustart befinde ich mich nun im Benutzerkonto des Administrators, Deaktivierung von AntiVir auch hier nicht möglich.
Vielen Dank im Voraus für etwaige Hilfestellungen!
Im Folgenden der FRST-Scan. FRST.txt:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by ACER (administrator) on FLORIAN on 12-04-2015 19:05:44
Running from C:\Users\ACER\Desktop
Loaded Profiles: ACER (Available profiles: ACER & Florian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
( ) C:\Windows\System32\lxeacoms.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-17] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-15] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2013-11-12] (Raptr, Inc)
HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe [960688 2015-02-05] (Adobe Systems Incorporated)
HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\EXPERT~1.scr
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Hosts: 127.0.0.1 hansesim.local
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\cgozwaas.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\ACER\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-02-28] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-07-18]
Chrome:
=======
CHR Profile: C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-25]
CHR Extension: (Google Docs) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-25]
CHR Extension: (Google Drive) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-14]
CHR Extension: (YouTube) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-25]
CHR Extension: (Google Search) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-25]
CHR Extension: (Google Sheets) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-25]
CHR Extension: (Google Wallet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25]
CHR Extension: (Gmail) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-25]
StartMenuInternet: Google Chrome - C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-07] (Adobe Systems Incorporated)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
S2 MySQLServer; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14241 2013-05-26] () [File not signed]
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S3 Origin Client Service; C:\Games\Origin\OriginClientService.exe [1900400 2014-11-19] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-09-24] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-03] (Avira Operations GmbH & Co. KG)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-12 19:05 - 2015-04-12 19:07 - 00019245 _____ () C:\Users\ACER\Desktop\FRST.txt
2015-04-12 19:05 - 2015-04-12 19:05 - 02096640 _____ (Farbar) C:\Users\ACER\Downloads\FRST64.exe
2015-04-12 19:05 - 2015-04-12 19:05 - 02096640 _____ (Farbar) C:\Users\ACER\Desktop\FRST64.exe
2015-04-12 19:02 - 2015-04-12 19:02 - 00000000 ____D () C:\Users\ACER\AppData\Local\Macromedia
2015-04-12 18:59 - 2015-04-12 19:00 - 00000000 ____D () C:\Users\ACER\AppData\Local\Mozilla
2015-04-12 18:44 - 2015-04-12 18:44 - 00380416 _____ () C:\Users\Florian\Desktop\Gmer-19357.exe
2015-04-12 18:20 - 2015-04-12 18:21 - 00045174 _____ () C:\Users\Florian\Desktop\Addition.txt
2015-04-12 18:18 - 2015-04-12 18:21 - 00030311 _____ () C:\Users\Florian\Desktop\FRST.txt
2015-04-12 18:17 - 2015-04-12 19:05 - 00000000 ____D () C:\FRST
2015-04-12 18:16 - 2015-04-12 18:16 - 02096640 _____ (Farbar) C:\Users\Florian\Downloads\FRST64.exe
2015-04-12 18:16 - 2015-04-12 18:16 - 02096640 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2015-04-09 21:26 - 2015-04-09 21:27 - 31462447 _____ () C:\Users\Florian\Downloads\offline-SWTARC.zip
2015-04-07 18:20 - 2015-04-07 18:22 - 08157098 _____ () C:\Users\Florian\Downloads\apache-tomcat-7.0.33.zip
2015-04-07 14:45 - 2015-04-07 14:45 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\JetBrains
2015-04-07 14:44 - 2015-04-07 14:44 - 00000000 ____D () C:\Users\Florian\.AndroidStudio
2015-04-07 14:43 - 2015-04-07 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-04-07 11:57 - 2015-04-07 12:20 - 856233768 _____ (Google Inc.) C:\Users\Florian\Downloads\android-studio-bundle-135.1740770-windows.exe
2015-04-06 20:10 - 2015-04-06 20:10 - 00000000 ____D () C:\Users\Florian\Documents\Visual Studio 2010
2015-04-04 21:22 - 2015-04-04 21:22 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 21:22 - 2015-04-04 21:22 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 12:39 - 2015-04-05 09:17 - 00000000 ____D () C:\Program Files (x86)\Thunderbird
2015-03-31 16:11 - 2015-03-31 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-31 10:45 - 2015-03-31 18:29 - 00205126 _____ () C:\Windows\PFRO.log
2015-03-30 12:32 - 2015-03-30 12:32 - 00000183 _____ () C:\Users\Florian\Downloads\100373742194.sdx
2015-03-30 12:26 - 2015-03-30 12:27 - 13782032 _____ (Microsoft Corporation) C:\Users\Florian\Downloads\vssdk_full.exe
2015-03-30 12:19 - 2015-03-31 15:40 - 00036133 _____ () C:\Users\Florian\Downloads\SecureDownloadManager.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-12 19:03 - 2012-08-16 02:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-12 19:00 - 2009-07-14 06:45 - 00024432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 19:00 - 2009-07-14 06:45 - 00024432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 18:59 - 2012-10-28 13:24 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Mozilla
2015-04-12 18:58 - 2013-08-24 23:04 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Avira
2015-04-12 18:57 - 2012-01-11 13:13 - 01953147 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 18:56 - 2013-12-09 16:06 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Raptr
2015-04-12 18:54 - 2012-03-17 19:09 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Adobe
2015-04-12 18:53 - 2012-03-17 18:48 - 00067408 _____ () C:\Users\ACER\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-12 18:52 - 2013-03-08 19:19 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 18:52 - 2012-03-17 18:49 - 00001429 _____ () C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-12 18:51 - 2014-10-17 11:19 - 00005544 _____ () C:\Windows\setupact.log
2015-04-12 18:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 18:10 - 2013-03-08 19:19 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-11 10:54 - 2012-08-03 21:01 - 00000000 ____D () C:\Users\Florian\AppData\Local\Adobe
2015-04-09 01:47 - 2012-08-28 02:58 - 00000000 ____D () C:\Aktien
2015-04-08 20:39 - 2015-01-04 20:15 - 00000000 ____D () C:\Users\Florian\.android
2015-04-08 09:57 - 2012-07-28 20:54 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Mozilla
2015-04-07 18:23 - 2012-07-29 13:44 - 00000000 ____D () C:\Tools
2015-04-07 14:44 - 2012-07-27 17:22 - 00000000 ____D () C:\Users\Florian
2015-04-06 20:07 - 2014-10-08 15:37 - 00000034 _____ () C:\Users\Florian\AppData\Roaming\AdobeWLCMCache.dat
2015-04-06 18:59 - 2012-12-06 13:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-31 16:17 - 2012-11-03 01:49 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira
2015-03-31 16:11 - 2012-11-03 01:43 - 00000000 ____D () C:\ProgramData\Avira
2015-03-31 10:58 - 2012-03-17 18:47 - 00000000 ____D () C:\Users\ACER
2015-03-31 10:45 - 2013-07-15 15:52 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-29 18:15 - 2012-01-11 21:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-03-29 18:15 - 2012-01-11 21:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-03-29 18:15 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-15 14:44 - 2014-08-23 14:48 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-03-15 13:03 - 2014-09-29 00:57 - 00000962 _____ () C:\Users\Florian\Desktop\Studienorganisator Semester II.lnk
2015-03-13 12:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
==================== Files in the root of some directories =======
2014-10-01 15:24 - 2014-10-01 15:24 - 0000218 _____ () C:\Users\ACER\AppData\Local\recently-used.xbel
2013-05-14 15:54 - 2014-10-17 11:16 - 0007619 _____ () C:\Users\ACER\AppData\Local\Resmon.ResmonCfg
2012-07-18 23:16 - 2012-07-18 23:16 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-01-11 13:32 - 2012-01-11 13:35 - 0015131 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-12-31 14:00 - 2014-12-31 14:00 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2014-08-23 14:48 - 2014-08-23 14:48 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-09-02 15:28 - 2014-10-16 12:00 - 0002520 _____ () C:\ProgramData\lxea.log
2014-08-23 14:48 - 2014-12-31 13:58 - 0001714 _____ () C:\ProgramData\lxeaJSW.log
2014-08-23 14:44 - 2014-10-17 10:16 - 0009510 _____ () C:\ProgramData\lxeascan.log
2014-12-31 14:00 - 2014-12-31 14:00 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-07-27 17:01 - 2012-07-27 17:02 - 0000032 _____ () C:\ProgramData\PS.log
2014-08-23 14:43 - 2014-08-23 14:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
Some content of TEMP:
====================
C:\Users\ACER\AppData\Local\Temp\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe
C:\Users\ACER\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\ACER\AppData\Local\Temp\avgnt.exe
C:\Users\ACER\AppData\Local\Temp\Cleanup.dll
C:\Users\ACER\AppData\Local\Temp\difxapi.dll
C:\Users\Florian\AppData\Local\Temp\avgnt.exe
C:\Users\Florian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2jp2ns.dll
C:\Users\Florian\AppData\Local\Temp\FileSystemView.dll
C:\Users\Florian\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-07 15:48
==================== End Of Log ============================
--- --- ---
--- --- --- Addition.txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
Ran by ACER at 2015-04-12 19:07:40
Running from C:\Users\ACER\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0902.2011 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.1.0.070 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Airline Tycoon Evolution (HKLM-x32\...\{16E43D5F-5296-4D53-B303-9D951AFE510F}) (Version: - )
Aleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version: - )
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Astah Community 6.6.3 (HKLM\...\astah* community_is1) (Version: - Change Vision, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
AVR Jungo USB (HKLM-x32\...\{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}) (Version: 10.4 - Atmel)
AVR QTouch Studio (HKLM-x32\...\{7BE9E558-BE53-4939-9565-A0BEA2F839D0}) (Version: 4.4.1 - Atmel)
AVR Studio 5.1 (HKLM-x32\...\{D574D18C-9D52-4B4B-9647-AE6B89FD3F70}) (Version: 5.1.208 - Atmel)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
BaseX (HKLM-x32\...\BaseX) (Version: - BaseX Team)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.3.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.3 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.3 - Broadcom Corporation)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EditPlus 3 (HKLM-x32\...\EditPlus 3) (Version: - ES-Computing)
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Facebook Messenger 2.1.4801.0 (HKLM-x32\...\{823ECDD2-E8E9-4E46-AB97-44516A27288E}) (Version: 2.1.4801.0 - Facebook)
FlashFXP 4 (HKLM-x32\...\FlashFXP 4) (Version: 4.4.4.2046 - OpenSight Software LLC)
flatex fx (HKLM-x32\...\flatex fx) (Version: 4.00 - MetaQuotes Software Corp.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version: - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GanttProject (HKLM-x32\...\GanttProject) (Version: - )
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 7 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170050}) (Version: 1.7.0.50 - Oracle)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
JavaFX 2.1.1 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JavaFX 2.1.1 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.27 - Alliance Software Pty Ltd)
Market Samurai (x32 Version: 0.93.27 - Alliance Software Pty Ltd) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{c81217f5-344b-4b07-895e-97468942d363}) (Version: 12.0.30501 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla)
Mozilla Thunderbird 14.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 14.0 (x86 de)) (Version: 14.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultiBit 0.5.14 (HKLM-x32\...\MultiBit 0.5.14) (Version: 0.5.14 - )
MySQL Installer (HKLM-x32\...\{2D6DCDB3-9D02-4ED9-A67C-C76DB4682DE1}) (Version: 1.2.0.0 - Oracle Corporation)
MySQL Workbench 5.2 CE (HKLM-x32\...\{48A9B9DD-66B9-4846-AA7C-825A5729B643}) (Version: 5.2.47 - Oracle Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
Node.js (HKLM\...\{E292EB4D-988D-42CE-B042-68E7A83603BA}) (Version: 0.10.26 - Joyent, Inc. and other Node contributors)
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.0.2.2064 - Electronic Arts, Inc.)
Pencil (HKLM-x32\...\Pencil) (Version: - Evolus Co., Ltd.)
PlanetSide 2 (HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\...\soe-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.1.8-1.0.4843.13 - raidcall.com)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6446 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Talend Open Studio (HKLM-x32\...\Talend Open Studio) (Version: - )
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireshark 1.8.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.8.3 - The Wireshark developer community, hxxp://www.wireshark.org)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-2 - BitNami)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
==================== Restore Points =========================
03-04-2015 13:46:01 Windows Update
04-04-2015 21:22:10 Windows Update
10-04-2015 10:15:53 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-03-28 15:31 - 00000850 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 hansesim.local
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {18B95E93-9A92-49A0-A60B-174EDAED8388} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {22F0D562-947D-45A6-BBC0-B46251ED59F2} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {28BE3017-4CB2-4193-B484-1E9354EC376B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2A85C90A-9A6A-4379-88A9-512E8D3B284A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {33EE17E5-0CFA-4F01-9C86-344AD3C1A4FE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {49BB2F0B-854C-49DC-A726-619E30483D11} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2011-08-09] (Acer)
Task: {5A45B0A1-41F4-4BEB-87B2-4EE3609A60C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {5A6E3495-EFC9-4400-A5F3-37F10BFB97F9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {83F55C03-B4BC-43B2-A412-F6219BCFBC47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.)
Task: {C567C572-5BF9-4D53-8528-910409FE3CA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.)
Task: {DAA0B56D-E6B0-4322-80B4-EFC67E1BB9EF} - System32\Tasks\AdobeAAMUpdater-1.0-FLORIAN-Florian => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {E0421B5D-B4C6-433C-A613-37CEF1A3B262} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cf8d6175046c23.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cfedd9bb8b6043.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cfff51dbee0e2e.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1d04090329cb4ae.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-08-23 14:45 - 2009-11-04 08:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-15 19:11 - 2014-09-24 17:28 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-19 16:57 - 2014-12-19 16:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2009-01-21 17:45 - 2009-01-21 17:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2014-12-19 16:57 - 2014-12-19 16:57 - 05979808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2011-04-24 03:29 - 2011-04-24 03:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2015-01-07 22:27 - 2015-01-07 22:27 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2015-01-07 22:27 - 2015-01-07 22:27 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2015-01-07 22:27 - 2015-01-07 22:27 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2012-06-22 23:53 - 2012-06-22 23:53 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2012-06-22 23:24 - 2012-06-22 23:24 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2012-06-22 23:39 - 2012-06-22 23:39 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2012-06-22 23:55 - 2012-06-22 23:55 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00124928 _____ () C:\Program Files (x86)\Raptr\_elementtree.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2012-02-06 22:28 - 2012-02-06 22:28 - 00031744 _____ () C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd
2012-02-06 22:28 - 2012-02-06 22:28 - 00010752 _____ () C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd
2012-02-06 22:28 - 2012-02-06 22:28 - 00011264 _____ () C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd
2011-05-10 21:01 - 2011-05-10 21:01 - 00030208 _____ () C:\Program Files (x86)\Raptr\simplejson._speedups.pyd
2012-06-22 23:59 - 2012-06-22 23:59 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2012-10-27 09:53 - 2012-10-27 09:53 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 01:06 - 2010-11-23 01:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2015-02-03 18:32 - 2015-02-03 18:32 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AMDCleanup => C:\Grafiktreiber\AMDCleanupUtil.exe silent
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
MSCONFIG\startupreg: lxeamon.exe => "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
==================== Accounts: =============================
ACER (S-1-5-21-2040030199-1763219053-3685502851-1000 - Administrator - Enabled) => C:\Users\ACER
Administrator (S-1-5-21-2040030199-1763219053-3685502851-500 - Administrator - Disabled)
Florian (S-1-5-21-2040030199-1763219053-3685502851-1001 - Limited - Enabled) => C:\Users\Florian
Gast (S-1-5-21-2040030199-1763219053-3685502851-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2040030199-1763219053-3685502851-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/12/2015 03:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2711282
Error: (04/12/2015 03:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2711282
Error: (04/12/2015 03:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/12/2015 03:02:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10265
Error: (04/12/2015 03:02:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10265
Error: (04/12/2015 03:02:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/12/2015 03:02:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9127
Error: (04/12/2015 03:02:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9127
Error: (04/12/2015 03:02:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/12/2015 03:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7114
System errors:
=============
Error: (04/12/2015 06:51:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MySQLServer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/12/2015 06:51:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxeaCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/12/2015 06:51:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxeaCATSCustConnectService erreicht.
Error: (04/12/2015 06:51:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (04/12/2015 06:51:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 12.04.2015 um 18:50:43 unerwartet heruntergefahren.
Error: (04/11/2015 03:11:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MySQLServer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/11/2015 03:11:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxeaCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/11/2015 03:11:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxeaCATSCustConnectService erreicht.
Error: (04/11/2015 03:11:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (04/11/2015 10:53:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MySQLServer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (04/12/2015 03:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2711282
Error: (04/12/2015 03:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2711282
Error: (04/12/2015 03:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/12/2015 03:02:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10265
Error: (04/12/2015 03:02:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10265
Error: (04/12/2015 03:02:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/12/2015 03:02:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9127
Error: (04/12/2015 03:02:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9127
Error: (04/12/2015 03:02:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/12/2015 03:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7114
CodeIntegrity Errors:
===================================
Date: 2013-09-07 18:26:10.022
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-07 18:26:09.944
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-25 13:27:31.933
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-25 13:27:31.855
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-25 13:26:53.152
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-25 13:26:53.052
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-25 13:23:50.733
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-25 13:23:50.624
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-25 12:50:30.437
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-25 12:50:30.359
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD A8-3520M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 29%
Total physical RAM: 7654.11 MB
Available physical RAM: 5389.57 MB
Total Pagefile: 15306.41 MB
Available Pagefile: 12879.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:682.42 GB) (Free:497.35 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 34F575C0)
Partition 1: (Not Active) - (Size=16.1 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=682.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Scans erfolgten im Benutzerkonto des Administrators.
Vielen Dank!
--- EDIT: Kurzer Nachtrag, das Problem der Deaktivierung des AntiVir-Programms konnte noch gelöst werden. Der explizite Start des Programms "als Administrator" brachte die gewünschte Zugriffberechtigung. Vorher funktionierte es merkwürdigerweise ohne diesen Aufwand.
Im Folgenden noch der GMER-Scan. Gmer.txt: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-12 19:41:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000069 WDC_WD75 rev.01.0 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\ACER\AppData\Local\Temp\axldypob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000070ca17fa 2 bytes CALL 74b611a9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000070ca1860 2 bytes CALL 74b611a9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000070ca1942 2 bytes JMP 765f7089 C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000070ca194d 2 bytes JMP 765fcba6 C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll
---- EOF - GMER 2.1 ----
|
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
WARNUNG an die MITLESER: 
