| |
| |||||||
Log-Analyse und Auswertung: Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.03.2014, 22:14
| #1 |
 |  Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. Guten Abend, Vor etwa 2 Wochen ist mir erstmals aufgefallen, dass mein Computer beim Öffnen von Websites langsamer als gewöhnlich ist. Außerdem erscheinen in dem Feld unten links, wo immer so etwas steht wie: "verbinden mit: www.google.de" o.ä., immer ganz kurz Sachen wie: Übertragen der Daten von "akamaihd" (so in etwa) oder seit kurzem auch: "amazonaws". Ich meine es gibt auch noch weitere von diesen Adressen, hab mir die Namen aber so schnell nicht merken können. Ich habe daraufhin sämtliche Programme, die ich in den Tagen zuvor installiert habe deinstalliert, meinen Browser komplett neuinstalliert und ADWcleaner durchlaufen lassen. Bei ADWcleaner gab es keinerlei Funde. Danach war die Rechnergeschwindigkeit für ein oder zwei tage normal, danach ging alles wieder von Vorne los. Abgesehen von der Geschwindigkeit gibt es keine Problem o.ä. Ich bin mir nicht sicher ob es wirklich ein Problem ist oder ob ich Gespenster sehe. Ich habe die Information nach der Checkliste zusammengestellt. Schritt 1 hat problemlos geklappt, allerdings wurde der Computer nach dem Scan einmal neugestartet. Schritt 2 funktionierte auch problemlos, das Logfile füge ich unten an, allerdings weiß ich nicht genau wie man die Datei Addition.txt generiert. Schritt 3 hat auch funktioniert, das Logfile ist ebenfalls unten eingefügt. Ich wäre sehr dankbar, wenn mir jemand helfen mag. Im Voraus vielen Dank!! Gruß Daniel Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Daniel (administrator) on DANIEL-PC on 14-03-2014 21:29:30
Running from C:\Users\Daniel\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(ZTE) C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dropbox, Inc.) C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Daniel\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [312936 2011-04-22] (NVIDIA Corporation)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-28] (Intel(R) Corporation)
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [RemoteControl9] - c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-10-29] (cyberlink)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [172624 2014-03-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-541065689-311852328-1367447640-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1242448 2011-12-16] (Valve Corporation)
HKU\S-1-5-21-541065689-311852328-1367447640-1001\...\MountPoints2: {195b030e-2a7d-11e3-89f4-848f69b0bb45} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-541065689-311852328-1367447640-1001\...\MountPoints2: {195b0321-2a7d-11e3-89f4-848f69b0bb45} - E:\.\Setup.exe AUTORUN=1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {F80EFB33-2D2D-48F6-A01A-27D972EC4F23} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=36d36bf6-9d45-4385-ab42-14e31132ac62&apn_sauid=5662B196-9AE3-4B46-AEFA-DA9F1E284167
SearchScopes: HKCU - {F80EFB33-2D2D-48F6-A01A-27D972EC4F23} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=36d36bf6-9d45-4385-ab42-14e31132ac62&apn_sauid=5662B196-9AE3-4B46-AEFA-DA9F1E284167
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120629231946.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120629231946.dll No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox
FF NewTab: about:blank
FF SelectedSearchEngine: Startpage HTTPS
FF Homepage: https://anonymous-proxy-servers.net/
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 4001
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 4001
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 4001
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 4001
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 4001
FF NetworkProxy: "type", 1
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HTTPS-Everywhere - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2014-03-14]
FF Extension: Cookie Monster - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2014-03-14]
FF Extension: DownloadHelper - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-14]
FF Extension: JonDoFox - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2013-12-10]
FF Extension: NoScript - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-09]
FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-28]
FF Extension: ProfileSwitcher - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2013-10-28]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-02-15]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon [2013-02-12]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
==================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [116816 2014-03-07] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-29] (CyberLink)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-28] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [138752 2013-10-06] (Huawei Technologies Co., Ltd.)
S3 ewusbnet; C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys [138752 2013-10-06] (Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2013-10-06] (Huawei Technologies Co., Ltd.)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [121600 2013-10-06] (Huawei Technologies Co., Ltd.)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2010-12-12] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]
U3 uwdirpod; \??\C:\Users\Daniel\AppData\Local\Temp\uwdirpod.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-14 21:27 - 2014-03-14 21:27 - 00050645 _____ () C:\Users\Daniel\Desktop\Gmer.txt
2014-03-14 21:19 - 2014-03-14 21:19 - 00380416 _____ () C:\Users\Daniel\Downloads\ye1xljj3.exe
2014-03-14 21:10 - 2014-03-14 21:29 - 00019848 _____ () C:\Users\Daniel\Downloads\FRST.txt
2014-03-14 21:10 - 2014-03-14 21:10 - 02157056 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2014-03-14 20:29 - 2014-03-14 20:29 - 00050477 _____ () C:\Users\Daniel\Downloads\Defogger.exe
2014-03-14 20:29 - 2014-03-14 20:29 - 00000474 _____ () C:\Users\Daniel\Downloads\defogger_disable.log
2014-03-14 20:29 - 2014-03-14 20:29 - 00000000 _____ () C:\Users\Daniel\defogger_reenable
2014-03-14 16:03 - 2014-03-14 16:03 - 30814600 _____ (JonDos GmbH) C:\Users\Daniel\Downloads\JonDoFox290.paf(1).exe
2014-03-14 12:18 - 2014-03-14 12:18 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-13 11:36 - 2014-03-13 11:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-13 11:35 - 2014-03-13 11:35 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Avira
2014-03-13 11:29 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-13 11:29 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-13 11:29 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-13 11:25 - 2014-03-13 11:29 - 00000000 ____D () C:\ProgramData\Avira
2014-03-13 11:25 - 2014-03-13 11:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-13 11:20 - 2014-03-13 11:20 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-12 22:33 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 22:33 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 22:33 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 22:33 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 22:33 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 22:33 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 22:33 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 22:33 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 22:33 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 22:33 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 22:33 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 22:33 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 22:33 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 22:33 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 22:33 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 22:33 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 22:33 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 22:33 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 22:33 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 22:33 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 22:33 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 22:33 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 22:33 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 22:33 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 22:33 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 22:33 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 22:33 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 22:33 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 22:33 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 22:33 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 22:33 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 22:33 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 22:33 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 22:33 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 22:33 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 22:33 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 22:33 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 22:33 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 22:33 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 22:33 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 22:33 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 22:33 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 22:33 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 22:33 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 22:31 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 22:31 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 22:31 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 22:31 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 21:25 - 2014-03-11 21:26 - 01949184 _____ () C:\Users\Daniel\Downloads\adwcleaner_3.021.exe
2014-03-10 13:14 - 2014-03-07 16:00 - 00000000 ____D () C:\Users\Daniel\Desktop\KORR_1
2014-03-01 23:26 - 2014-03-01 23:26 - 00000000 ____D () C:\Users\Daniel\Desktop\Gordie Tentrees
2014-03-01 22:58 - 2014-03-01 22:58 - 02734688 _____ () C:\Users\Daniel\Downloads\SetupCloneCD5314.exe
2014-03-01 22:58 - 2008-03-01 23:08 - 00000000 ____D () C:\Program Files (x86)\SlySoft
2014-03-01 22:54 - 2014-03-01 22:54 - 00613200 _____ (Chip Digital GmbH) C:\Users\Daniel\Downloads\Virtual CloneDrive - CHIP-Downloader.exe
2014-02-23 23:21 - 2014-02-23 23:25 - 137004504 _____ () C:\Users\Daniel\Downloads\avira_free_antivirus1403_de.exe
2014-02-23 22:31 - 2014-02-23 22:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Daniel\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-23 22:06 - 2014-02-23 22:07 - 05049344 _____ (Crawler.com ) C:\Users\Daniel\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-02-15 11:26 - 2014-03-13 11:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 11:08 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 11:08 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 11:09 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 11:09 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 11:09 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 11:09 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 11:09 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 11:09 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 11:09 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 11:09 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 11:09 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 11:09 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 11:09 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 11:09 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 11:09 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 11:09 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 11:09 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 11:09 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 11:09 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 11:09 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 11:09 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 11:09 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 11:09 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 11:09 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 11:09 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 11:09 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 11:08 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 11:08 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 11:08 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 11:08 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
==================== One Month Modified Files and Folders =======
2014-03-14 21:29 - 2014-03-14 21:10 - 00019848 _____ () C:\Users\Daniel\Downloads\FRST.txt
2014-03-14 21:29 - 2013-11-29 22:42 - 00000000 ____D () C:\FRST
2014-03-14 21:27 - 2014-03-14 21:27 - 00050645 _____ () C:\Users\Daniel\Desktop\Gmer.txt
2014-03-14 21:19 - 2014-03-14 21:19 - 00380416 _____ () C:\Users\Daniel\Downloads\ye1xljj3.exe
2014-03-14 21:10 - 2014-03-14 21:10 - 02157056 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2014-03-14 20:51 - 2011-10-22 14:36 - 01981790 _____ () C:\Windows\WindowsUpdate.log
2014-03-14 20:29 - 2014-03-14 20:29 - 00050477 _____ () C:\Users\Daniel\Downloads\Defogger.exe
2014-03-14 20:29 - 2014-03-14 20:29 - 00000474 _____ () C:\Users\Daniel\Downloads\defogger_disable.log
2014-03-14 20:29 - 2014-03-14 20:29 - 00000000 _____ () C:\Users\Daniel\defogger_reenable
2014-03-14 20:29 - 2011-10-26 17:56 - 00000000 ____D () C:\Users\Daniel
2014-03-14 16:19 - 2013-09-01 11:09 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Dropbox
2014-03-14 16:15 - 2013-09-01 11:14 - 00000000 ___RD () C:\Users\Daniel\Dropbox
2014-03-14 16:04 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-14 16:04 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-14 16:03 - 2014-03-14 16:03 - 30814600 _____ (JonDos GmbH) C:\Users\Daniel\Downloads\JonDoFox290.paf(1).exe
2014-03-14 15:57 - 2011-12-16 17:39 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-14 15:56 - 2011-10-22 14:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-14 15:56 - 2010-11-21 04:47 - 00624040 _____ () C:\Windows\PFRO.log
2014-03-14 15:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-14 15:56 - 2009-07-14 05:51 - 00114882 _____ () C:\Windows\setupact.log
2014-03-14 13:07 - 2010-11-21 07:50 - 00652246 _____ () C:\Windows\system32\perfh007.dat
2014-03-14 13:07 - 2010-11-21 07:50 - 00129254 _____ () C:\Windows\system32\perfc007.dat
2014-03-14 13:07 - 2009-07-14 06:13 - 01514416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 12:18 - 2014-03-14 12:18 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-13 11:36 - 2014-03-13 11:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-13 11:36 - 2014-02-15 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-13 11:36 - 2011-10-26 19:25 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Mozilla
2014-03-13 11:35 - 2014-03-13 11:35 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Avira
2014-03-13 11:29 - 2014-03-13 11:25 - 00000000 ____D () C:\ProgramData\Avira
2014-03-13 11:29 - 2014-03-13 11:25 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-13 11:20 - 2014-03-13 11:20 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-13 11:18 - 2009-07-14 05:45 - 00473176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 11:17 - 2013-03-14 22:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 11:17 - 2013-03-14 22:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 11:16 - 2013-11-29 21:23 - 00000000 ____D () C:\AdwCleaner
2014-03-13 10:52 - 2011-10-26 20:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 00:01 - 2013-09-29 09:59 - 00000000 ____D () C:\Users\Daniel\Documents\Reisebuch Fahrradtouren M.-V
2014-03-11 21:26 - 2014-03-11 21:25 - 01949184 _____ () C:\Users\Daniel\Downloads\adwcleaner_3.021.exe
2014-03-11 21:12 - 2011-10-22 22:11 - 00000000 ____D () C:\ProgramData\Skype
2014-03-10 12:53 - 2011-10-22 22:26 - 00000000 ____D () C:\ProgramData\Sonic
2014-03-07 16:00 - 2014-03-10 13:14 - 00000000 ____D () C:\Users\Daniel\Desktop\KORR_1
2014-03-01 23:26 - 2014-03-01 23:26 - 00000000 ____D () C:\Users\Daniel\Desktop\Gordie Tentrees
2014-03-01 23:25 - 2008-03-01 23:15 - 00000812 _____ () C:\Windows\cdplayer.ini
2014-03-01 23:19 - 2008-03-01 23:15 - 00000000 ____D () C:\Users\Daniel\Desktop\The Piano Guys
2014-03-01 22:58 - 2014-03-01 22:58 - 02734688 _____ () C:\Users\Daniel\Downloads\SetupCloneCD5314.exe
2014-03-01 22:54 - 2014-03-01 22:54 - 00613200 _____ (Chip Digital GmbH) C:\Users\Daniel\Downloads\Virtual CloneDrive - CHIP-Downloader.exe
2014-03-01 22:53 - 2014-01-15 19:22 - 00006144 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-01 12:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-01 07:05 - 2014-03-12 22:33 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-12 22:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-12 22:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-12 22:33 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-12 22:33 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-12 22:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-12 22:33 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-12 22:33 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-12 22:33 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-12 22:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-12 22:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-12 22:33 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-12 22:33 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 22:33 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-12 22:33 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-12 22:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 22:33 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-12 22:33 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 22:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 22:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 22:33 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-12 22:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 22:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-12 22:33 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-12 22:33 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-12 22:33 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 22:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-12 22:33 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-12 22:33 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-12 22:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 22:33 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 22:33 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 22:33 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 22:33 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 22:33 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 22:33 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 22:33 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 22:33 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 22:33 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-26 16:24 - 2011-02-11 11:22 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-25 11:41 - 2014-03-13 11:29 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-25 11:41 - 2014-03-13 11:29 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-25 11:41 - 2014-03-13 11:29 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-23 23:25 - 2014-02-23 23:21 - 137004504 _____ () C:\Users\Daniel\Downloads\avira_free_antivirus1403_de.exe
2014-02-23 22:31 - 2014-02-23 22:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Daniel\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-23 22:07 - 2014-02-23 22:06 - 05049344 _____ (Crawler.com ) C:\Users\Daniel\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-02-20 23:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-02-15 11:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\APNStub.exe
C:\Users\Daniel\AppData\Local\Temp\AskSLib.dll
C:\Users\Daniel\AppData\Local\Temp\avgnt.exe
C:\Users\Daniel\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Daniel\AppData\Local\Temp\COMAP.EXE
C:\Users\Daniel\AppData\Local\Temp\contentDATs.exe
C:\Users\Daniel\AppData\Local\Temp\dvdshrink.3.2.de.(decss-frei).setup.exe
C:\Users\Daniel\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Daniel\AppData\Local\Temp\i4jdel0.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\mfc80.dll
C:\Users\Daniel\AppData\Local\Temp\mfc80u.dll
C:\Users\Daniel\AppData\Local\Temp\mfcm80.dll
C:\Users\Daniel\AppData\Local\Temp\mfcm80u.dll
C:\Users\Daniel\AppData\Local\Temp\MSN5F22.exe
C:\Users\Daniel\AppData\Local\Temp\msvcm80.dll
C:\Users\Daniel\AppData\Local\Temp\msvcp80.dll
C:\Users\Daniel\AppData\Local\Temp\msvcr80.dll
C:\Users\Daniel\AppData\Local\Temp\OSU.exe
C:\Users\Daniel\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Daniel\AppData\Local\Temp\Quarantine.exe
C:\Users\Daniel\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Daniel\AppData\Local\Temp\SIntf16.dll
C:\Users\Daniel\AppData\Local\Temp\SIntf32.dll
C:\Users\Daniel\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Daniel\AppData\Local\Temp\Uninstaller.exe
C:\Users\Daniel\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\Daniel\AppData\Local\Temp\WTGXMLUtil.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-10 14:39
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-14 21:27:49
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB
Running: ye1xljj3.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\uwdirpod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800039b4000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800039b402f 18 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075021465 2 bytes [02, 75]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750214bb 2 bytes [02, 75]
.text ... * 2
.text C:\Windows\system32\Dwm.exe[2832] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd522db0 5 bytes JMP 000007fffd510180
.text C:\Windows\system32\Dwm.exe[2832] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5237d0 7 bytes JMP 000007fffd5100d8
.text C:\Windows\system32\Dwm.exe[2832] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd528ef0 6 bytes JMP 000007fffd510148
.text C:\Windows\system32\Dwm.exe[2832] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53af60 5 bytes JMP 000007fffd510110
.text C:\Windows\system32\Dwm.exe[2832] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd6289e0 8 bytes JMP 000007fffd5101f0
.text C:\Windows\system32\Dwm.exe[2832] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd62be40 8 bytes JMP 000007fffd5101b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1488] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000772defe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1488] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773099b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1488] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773194d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1488] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077319640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1488] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007733a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3020] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000772defe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3020] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773099b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3020] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773194d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3020] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077319640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3020] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007733a500 7 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[3184] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000772defe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[3184] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773099b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[3184] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773194d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[3184] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077319640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[3184] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007733a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3464] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd522db0 5 bytes JMP 000007fffd510180
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5237d0 7 bytes JMP 000007fffd5100d8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd528ef0 6 bytes JMP 000007fffd510148
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53af60 5 bytes JMP 000007fffd510110
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3464] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd6289e0 8 bytes JMP 000007fffd5101f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3464] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd62be40 8 bytes JMP 000007fffd5101b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3464] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff3b7490 11 bytes JMP 000007fffd510228
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3464] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff3cbf00 7 bytes JMP 000007fffd510260
.text C:\Windows\system32\wbem\unsecapp.exe[3784] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff3b7490 11 bytes JMP 000007fffd510228
.text C:\Windows\system32\wbem\unsecapp.exe[3784] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff3cbf00 7 bytes JMP 000007fffd510260
.text C:\Program Files\Dell\QuickSet\quickset.exe[4708] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd6289e0 8 bytes JMP 000007fffd5101f0
.text C:\Program Files\Dell\QuickSet\quickset.exe[4708] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd62be40 8 bytes JMP 000007fffd5101b8
.text C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769713e1 7 bytes JMP 0000000171721e90
.text C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007698b1d3 5 bytes JMP 0000000171721da0
.text C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a088b4 7 bytes JMP 0000000171721d90
.text C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a08939 5 bytes JMP 0000000171721e80
.text C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a08c8f 5 bytes JMP 0000000171721e10
.text C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075411d1b 5 bytes JMP 0000000171722450
.text C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075411dc9 5 bytes JMP 00000001717224b0
.text C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075412aa4 5 bytes JMP 0000000171722520
.text C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075412d0a 5 bytes JMP 0000000171722670
.text C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 000000007541549c 5 bytes JMP 00000001002f0800
.text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769713e1 7 bytes JMP 0000000171721e90
.text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007698b1d3 5 bytes JMP 0000000171721da0
.text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a088b4 7 bytes JMP 0000000171721d90
.text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a08939 5 bytes JMP 0000000171721e80
.text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a08c8f 5 bytes JMP 0000000171721e10
.text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075411d1b 5 bytes JMP 0000000171722450
.text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075411dc9 5 bytes JMP 00000001717224b0
.text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075412aa4 5 bytes JMP 0000000171722520
.text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075412d0a 5 bytes JMP 0000000171722670
.text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075475ea5 5 bytes JMP 0000000171721ce0
.text C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000754a9d0b 5 bytes JMP 0000000171721c70
.text C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe[4796] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769713e1 7 bytes JMP 0000000171721e90
.text C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe[4796] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007698b1d3 5 bytes JMP 0000000171721da0
.text C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe[4796] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a088b4 7 bytes JMP 0000000171721d90
.text C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe[4796] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a08939 5 bytes JMP 0000000171721e80
.text C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe[4796] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a08c8f 5 bytes JMP 0000000171721e10
.text C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe[4796] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000755ee96b 5 bytes JMP 0000000171721a00
.text C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe[4796] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000755eeba5 5 bytes JMP 0000000171721a90
.text C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe[4940] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000755ee96b 5 bytes JMP 0000000171721a00
.text C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe[4940] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000755eeba5 5 bytes JMP 0000000171721a90
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[4980] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769713e1 7 bytes JMP 0000000171721e90
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[4980] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007698b1d3 5 bytes JMP 0000000171721da0
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[4980] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a088b4 7 bytes JMP 0000000171721d90
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[4980] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a08939 5 bytes JMP 0000000171721e80
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[4980] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a08c8f 5 bytes JMP 0000000171721e10
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[4980] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075475ea5 5 bytes JMP 0000000171721ce0
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[4980] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000754a9d0b 5 bytes JMP 0000000171721c70
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5004] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769713e1 7 bytes JMP 0000000171721e90
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5004] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007698b1d3 5 bytes JMP 0000000171721da0
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5004] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a088b4 7 bytes JMP 0000000171721d90
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5004] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a08939 5 bytes JMP 0000000171721e80
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5004] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a08c8f 5 bytes JMP 0000000171721e10
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075411d1b 5 bytes JMP 0000000171722450
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075411dc9 5 bytes JMP 00000001717224b0
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075412aa4 5 bytes JMP 0000000171722520
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075412d0a 5 bytes JMP 0000000171722670
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5116] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769713e1 7 bytes JMP 0000000171721e90
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5116] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007698b1d3 5 bytes JMP 0000000171721da0
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5116] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a088b4 7 bytes JMP 0000000171721d90
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5116] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a08939 5 bytes JMP 0000000171721e80
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5116] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a08c8f 5 bytes JMP 0000000171721e10
.text C:\Program Files (x86)\PDF24\pdf24.exe[4148] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000755ee96b 5 bytes JMP 0000000171721a00
.text C:\Program Files (x86)\PDF24\pdf24.exe[4148] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000755eeba5 5 bytes JMP 0000000171721a90
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769713e1 7 bytes JMP 0000000171721e90
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007698b1d3 5 bytes JMP 0000000171721da0
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a088b4 7 bytes JMP 0000000171721d90
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a08939 5 bytes JMP 0000000171721e80
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a08c8f 5 bytes JMP 0000000171721e10
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075411d1b 5 bytes JMP 0000000171722450
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075411dc9 5 bytes JMP 00000001717224b0
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075412aa4 5 bytes JMP 0000000171722520
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075412d0a 5 bytes JMP 0000000171722670
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\ole32.DLL!CoSetProxyBlanket 0000000075475ea5 5 bytes JMP 0000000171721ce0
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\ole32.DLL!CoCreateInstance 00000000754a9d0b 5 bytes JMP 0000000171721c70
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000769713e1 7 bytes JMP 0000000171721e90
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007698b1d3 5 bytes JMP 0000000171721da0
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076a088b4 7 bytes JMP 0000000171721d90
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076a08939 5 bytes JMP 0000000171721e80
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076a08c8f 5 bytes JMP 0000000171721e10
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075411d1b 5 bytes JMP 0000000171722450
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075411dc9 5 bytes JMP 00000001717224b0
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075412aa4 5 bytes JMP 0000000171722520
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075412d0a 5 bytes JMP 0000000171722670
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000755ee96b 5 bytes JMP 0000000171721a00
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000755eeba5 5 bytes JMP 0000000171721a90
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075021465 2 bytes [02, 75]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000750214bb 2 bytes [02, 75]
.text ... * 2
.text C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769713e1 7 bytes JMP 0000000171721e90
.text C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007698b1d3 5 bytes JMP 0000000171721da0
.text C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a088b4 7 bytes JMP 0000000171721d90
.text C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a08939 5 bytes JMP 0000000171721e80
.text C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a08c8f 5 bytes JMP 0000000171721e10
.text C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075411d1b 5 bytes JMP 0000000171722450
.text C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075411dc9 5 bytes JMP 00000001717224b0
.text C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075412aa4 5 bytes JMP 0000000171722520
.text C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075412d0a 5 bytes JMP 0000000171722670
.text C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000755ee96b 5 bytes JMP 0000000171721a00
.text C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000755eeba5 5 bytes JMP 0000000171721a90
.text C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075475ea5 5 bytes JMP 0000000171721ce0
.text C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000754a9d0b 5 bytes JMP 0000000171721c70
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5236] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769713e1 7 bytes JMP 0000000171721e90
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5236] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007698b1d3 5 bytes JMP 0000000171721da0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5236] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a088b4 7 bytes JMP 0000000171721d90
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5236] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a08939 5 bytes JMP 0000000171721e80
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5236] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a08c8f 5 bytes JMP 0000000171721e10
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5236] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000755ee96b 5 bytes JMP 0000000171721a00
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5236] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000755eeba5 5 bytes JMP 0000000171721a90
.text C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769713e1 7 bytes JMP 0000000171721e90
.text C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007698b1d3 5 bytes JMP 0000000171721da0
.text C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a088b4 7 bytes JMP 0000000171721d90
.text C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a08939 5 bytes JMP 0000000171721e80
.text C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a08c8f 5 bytes JMP 0000000171721e10
.text C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075411d1b 5 bytes JMP 0000000171722450
.text C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075411dc9 5 bytes JMP 00000001717224b0
.text C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075412aa4 5 bytes JMP 0000000171722520
.text C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075412d0a 5 bytes JMP 0000000171722670
.text C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075021465 2 bytes [02, 75]
.text C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750214bb 2 bytes [02, 75]
.text ... * 2
.text C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000755ee96b 5 bytes JMP 0000000171721a00
.text C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000755eeba5 5 bytes JMP 0000000171721a90
.text C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075475ea5 5 bytes JMP 0000000171721ce0
.text C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000754a9d0b 5 bytes JMP 0000000171721c70
.text C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000772defe0 5 bytes JMP 000000016fff0148
.text C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773099b0 7 bytes JMP 000000016fff00d8
.text C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773194d0 5 bytes JMP 000000016fff0180
.text C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077319640 5 bytes JMP 000000016fff0110
.text C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007733a500 7 bytes JMP 000000016fff01b8
.text C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd522db0 5 bytes JMP 000007fffd4b0180
.text C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5237d0 7 bytes JMP 000007fffd4b00d8
.text C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd528ef0 6 bytes JMP 000007fffd4b0148
.text C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53af60 5 bytes JMP 000007fffd4b0110
.text C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd6289e0 8 bytes JMP 000007fffd4b01f0
.text C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd62be40 8 bytes JMP 000007fffd4b01b8
.text C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000769713e1 7 bytes JMP 0000000171721e90
.text C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007698b1d3 5 bytes JMP 0000000171721da0
.text C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076a088b4 7 bytes JMP 0000000171721d90
.text C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076a08939 5 bytes JMP 0000000171721e80
.text C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076a08c8f 5 bytes JMP 0000000171721e10
.text C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075411d1b 5 bytes JMP 0000000171722450
.text C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075411dc9 5 bytes JMP 00000001717224b0
.text C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075412aa4 5 bytes JMP 0000000171722520
.text C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075412d0a 5 bytes JMP 0000000171722670
.text C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000755ee96b 5 bytes JMP 0000000171721a00
.text C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000755eeba5 5 bytes JMP 0000000171721a90
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1168:1104] 000007fef8fbbd88
Thread C:\Windows\system32\svchost.exe [1168:3984] 000007fef3e083d8
Thread C:\Windows\system32\svchost.exe [1168:3988] 000007fef3e083d8
Thread C:\Windows\system32\svchost.exe [1168:3992] 000007fef3e083d8
Thread C:\Windows\system32\svchost.exe [1168:3996] 000007fef3e083d8
Thread C:\Windows\system32\svchost.exe [1168:3148] 000007fef35d3f1c
Thread C:\Windows\system32\svchost.exe [1168:2412] 000007fefa761a38
Thread C:\Windows\system32\svchost.exe [1168:2408] 000007fef3dd5388
Thread C:\Windows\system32\svchost.exe [1168:3504] 000007fef3577738
Thread C:\Windows\system32\svchost.exe [1168:3508] 000007fef3561f90
Thread C:\Windows\system32\svchost.exe [1168:4340] 000007fef6c65170
Thread C:\Windows\system32\svchost.exe [1168:4320] 000007fef8df5124
Thread C:\Windows\system32\taskhost.exe [2768:3064] 000007fefb2c1010
Thread C:\Windows\system32\taskhost.exe [2768:5452] 000007fef6c65170
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4164:5752] 000007fefb592a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4164:5764] 000007fee9ae4830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4164:5908] 000007fef8df5124
Thread C:\Windows\system32\svchost.exe [4400:4500] 000007fef7065fd0
Thread C:\Windows\system32\svchost.exe [4400:4504] 000007fef70663ec
Thread C:\Windows\system32\svchost.exe [4400:4416] 000007fef1b78470
Thread C:\Windows\system32\svchost.exe [4400:2172] 000007fef1b82418
Thread C:\Windows\system32\svchost.exe [4400:5836] 000007fee8b9f130
Thread C:\Windows\system32\svchost.exe [4400:3656] 000007fef8df5124
Thread C:\Windows\system32\svchost.exe [4400:3940] 000007fee8b94734
Thread C:\Windows\system32\svchost.exe [4400:6404] 000007fee8b94734
Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [5948:5960] 000007fef10bb528
Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [5948:5964] 000007fef0f7b334
Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [5948:5996] 000007fef0f7b334
---- Processes - GMER 2.1 ----
Library C:\Users\Daniel\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [4896](2014-01-03 00:45:04) 00000000042e0000
Library C:\Users\Daniel\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [4896](2013-10-18 23:55:02) 00000000666c0000
Library C:\Users\Daniel\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [4896] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 0000000065d30000
---- EOF - GMER 2.1 ----
|
| Themen zu Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. |
| antivir, antivirus, autorun, avira, browser, checkliste, computer, desktop, firefox, ftp, home, homepage, iexplore.exe, logfile, mozilla, newtab, port, problem, proxy, realtek, registry, scan, services.exe, software, spyware, svchost.exe, system, taskhost.exe, wscript.exe |
Baum-Darstellung