| Candyman2k13 | 19.01.2013 21:36 |
Hallo,
erstmal vielen, vielen Dank für die Unterstützung. Ob erfolg oder nicht, ich finde es prima das man sich soviel Zeit nimmt und die Mühe macht anderen hierbei zu helfen.
Hier nun zu den logs.
1. Gmer: Code:
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-19 21:20:54
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BPVT-22ZEST0 rev.01.01A01 298,09GB
Running: z3rtdkk6.exe; Driver: C:\Users\Sabrina\AppData\Local\Temp\aglirfob.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b31401 2 bytes [B3, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1808] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b31419 2 bytes [B3, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b31431 2 bytes [B3, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b3144a 2 bytes [B3, 77]
.text ... * 9
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1808] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b314dd 2 bytes [B3, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b314f5 2 bytes [B3, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1808] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b3150d 2 bytes [B3, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b31525 2 bytes [B3, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b3153d 2 bytes [B3, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1808] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b31555 2 bytes [B3, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b3156d 2 bytes [B3, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b31585 2 bytes [B3, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1808] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b3159d 2 bytes [B3, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b315b5 2 bytes [B3, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b315cd 2 bytes [B3, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b316b2 2 bytes [B3, 77]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1808] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b316bd 2 bytes [B3, 77]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 000000006d3e11a8 2 bytes [3E, 6D]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000006d3e127d 2 bytes [3E, 6D]
.text ... * 6
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 000000006d3e13a8 2 bytes [3E, 6D]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 000000006d3e1422 2 bytes [3E, 6D]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 000000006d3e1498 2 bytes [3E, 6D]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4 000000006f751825 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4 000000006f751830 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4 000000006f75183b 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4 000000006f751846 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4 000000006f751851 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4 000000006f75185c 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4 000000006f751867 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4 000000006f751872 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4 000000006f75187d 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4 000000006f751888 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4 000000006f751893 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4 000000006f75189e 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4 000000006f7518a9 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4 000000006f7518b4 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4 000000006f7518bf 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4 000000006f7518ca 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4 000000006f7518d5 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4 000000006f7518e0 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4 000000006f7518eb 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4 000000006f7518f6 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4 000000006f751901 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4 000000006f75190c 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4 000000006f751917 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4 000000006f751922 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4 000000006f75192d 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4 000000006f751938 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4 000000006f751943 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4 000000006f75194e 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4 000000006f751959 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4 000000006f751964 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4 000000006f75196f 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4 000000006f75197a 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4 000000006f751985 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4 000000006f751990 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4 000000006f75199b 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4 000000006f7519a6 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4 000000006f7519b1 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4 000000006f7519bc 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4 000000006f7519c7 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4 000000006f7519d2 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4 000000006f7519dd 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4 000000006f7519e8 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4 000000006f7519f3 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4 000000006f7519fe 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4 000000006f751a09 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4 000000006f751a14 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4 000000006f751a1f 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4 000000006f751a2a 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4 000000006f751a35 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4 000000006f751a40 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4 000000006f751a4b 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4 000000006f751a56 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4 000000006f751a61 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4 000000006f751a6c 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4 000000006f751a77 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4 000000006f751a82 2 bytes [75, 6F]
.text C:\Windows\PLFSetI.exe[2392] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52 000000006f751ab2 2 bytes [75, 6F]
.text C:\Users\Sabrina\AppData\Local\Facebook\Update\FacebookUpdate.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b31401 2 bytes [B3, 77]
.text C:\Users\Sabrina\AppData\Local\Facebook\Update\FacebookUpdate.exe[2576] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b31419 2 bytes [B3, 77]
.text C:\Users\Sabrina\AppData\Local\Facebook\Update\FacebookUpdate.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b31431 2 bytes [B3, 77]
.text C:\Users\Sabrina\AppData\Local\Facebook\Update\FacebookUpdate.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b3144a 2 bytes [B3, 77]
.text ... * 9
.text C:\Users\Sabrina\AppData\Local\Facebook\Update\FacebookUpdate.exe[2576] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b314dd 2 bytes [B3, 77]
.text C:\Users\Sabrina\AppData\Local\Facebook\Update\FacebookUpdate.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b314f5 2 bytes [B3, 77]
.text C:\Users\Sabrina\AppData\Local\Facebook\Update\FacebookUpdate.exe[2576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b3150d 2 bytes [B3, 77]
.text C:\Users\Sabrina\AppData\Local\Facebook\Update\FacebookUpdate.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b31525 2 bytes [B3, 77]
.text C:\Users\Sabrina\AppData\Local\Facebook\Update\FacebookUpdate.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b3153d 2 bytes [B3, 77]
.text C:\Users\Sabrina\AppData\Local\Facebook\Update\FacebookUpdate.exe[2576] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b31555 2 bytes [B3, 77]
.text C:\Users\Sabrina\AppData\Local\Facebook\Update\FacebookUpdate.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b3156d 2 bytes [B3, 77]
.text C:\Users\Sabrina\AppData\Local\Facebook\Update\FacebookUpdate.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b31585 2 bytes [B3, 77]
.text C:\Users\Sabrina\AppData\Local\Facebook\Update\FacebookUpdate.exe[2576] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b3159d 2 bytes [B3, 77]
.text C:\Users\Sabrina\AppData\Local\Facebook\Update\FacebookUpdate.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b315b5 2 bytes [B3, 77]
.text C:\Users\Sabrina\AppData\Local\Facebook\Update\FacebookUpdate.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b315cd 2 bytes [B3, 77]
.text C:\Users\Sabrina\AppData\Local\Facebook\Update\FacebookUpdate.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b316b2 2 bytes [B3, 77]
.text C:\Users\Sabrina\AppData\Local\Facebook\Update\FacebookUpdate.exe[2576] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b316bd 2 bytes [B3, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b31401 2 bytes [B3, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3032] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b31419 2 bytes [B3, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b31431 2 bytes [B3, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b3144a 2 bytes [B3, 77]
.text ... * 9
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3032] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b314dd 2 bytes [B3, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b314f5 2 bytes [B3, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b3150d 2 bytes [B3, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b31525 2 bytes [B3, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b3153d 2 bytes [B3, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3032] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b31555 2 bytes [B3, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b3156d 2 bytes [B3, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b31585 2 bytes [B3, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3032] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b3159d 2 bytes [B3, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b315b5 2 bytes [B3, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b315cd 2 bytes [B3, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b316b2 2 bytes [B3, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b316bd 2 bytes [B3, 77]
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b31401 2 bytes [B3, 77]
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[2060] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b31419 2 bytes [B3, 77]
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b31431 2 bytes [B3, 77]
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b3144a 2 bytes [B3, 77]
.text ... * 9
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[2060] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b314dd 2 bytes [B3, 77]
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b314f5 2 bytes [B3, 77]
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[2060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b3150d 2 bytes [B3, 77]
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b31525 2 bytes [B3, 77]
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b3153d 2 bytes [B3, 77]
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[2060] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b31555 2 bytes [B3, 77]
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b3156d 2 bytes [B3, 77]
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b31585 2 bytes [B3, 77]
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[2060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b3159d 2 bytes [B3, 77]
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b315b5 2 bytes [B3, 77]
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b315cd 2 bytes [B3, 77]
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b316b2 2 bytes [B3, 77]
.text C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe[2060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b316bd 2 bytes [B3, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b31401 2 bytes [B3, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2156] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b31419 2 bytes [B3, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b31431 2 bytes [B3, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b3144a 2 bytes [B3, 77]
.text ... * 9
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2156] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b314dd 2 bytes [B3, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b314f5 2 bytes [B3, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2156] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b3150d 2 bytes [B3, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b31525 2 bytes [B3, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b3153d 2 bytes [B3, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2156] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b31555 2 bytes [B3, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b3156d 2 bytes [B3, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b31585 2 bytes [B3, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2156] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b3159d 2 bytes [B3, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b315b5 2 bytes [B3, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b315cd 2 bytes [B3, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b316b2 2 bytes [B3, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b316bd 2 bytes [B3, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b31401 2 bytes [B3, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2540] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b31419 2 bytes [B3, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b31431 2 bytes [B3, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b3144a 2 bytes [B3, 77]
.text ... * 9
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2540] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b314dd 2 bytes [B3, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b314f5 2 bytes [B3, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b3150d 2 bytes [B3, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b31525 2 bytes [B3, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b3153d 2 bytes [B3, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2540] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b31555 2 bytes [B3, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b3156d 2 bytes [B3, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b31585 2 bytes [B3, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b3159d 2 bytes [B3, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b315b5 2 bytes [B3, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b315cd 2 bytes [B3, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b316b2 2 bytes [B3, 77]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b316bd 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\USER32.dll!DrawTextExW 000000007538149e 5 bytes JMP 00000001030b031f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\USER32.dll!DrawTextW 00000000753825cf 5 bytes JMP 00000001030b015d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075382da4 5 bytes JMP 000000016a839eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\USER32.dll!DrawTextA 000000007538aea1 5 bytes JMP 00000001030b0082
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\USER32.dll!DrawTextExA 000000007538aed8 5 bytes JMP 00000001030b0238
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007539cbf3 5 bytes JMP 000000016a988fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 00000001030aed8f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\USER32.dll!SetClipboardData 00000000753b8e57 5 bytes JMP 00000001030afdd3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000753bcb0c 5 bytes JMP 000000016a988f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000753bce64 5 bytes JMP 000000016a98901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000753cfbd1 5 bytes JMP 000000016a988ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000753cfc9d 5 bytes JMP 000000016a988e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000753cfcd6 5 bytes JMP 000000016a988dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000753cfcfa 5 bytes JMP 000000016a988d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000077228b7a 5 bytes JMP 00000001030b04ea
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\GDI32.dll!GetGlyphIndicesW 0000000077229963 5 bytes JMP 00000001030b0977
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\GDI32.dll!TextOutW 000000007722d41c 5 bytes JMP 00000001030affb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 000000007722dce4 5 bytes JMP 00000001030b0406
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\GDI32.dll!TextOutA 000000007722eda3 5 bytes JMP 00000001030afeea
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\GDI32.dll!GetGlyphIndicesA 0000000077248dbd 5 bytes JMP 00000001030b08aa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075a993ec 5 bytes JMP 000000016a9891d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000762ac664 5 bytes JMP 00000001030aeefd
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\WININET.dll!InternetCrackUrlW 00000000762d3059 5 bytes JMP 00000001030b0d86
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000762d5fef 5 bytes JMP 00000001030aee5a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000762d632d 5 bytes JMP 00000001030b100e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b31401 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b31419 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b31431 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b3144a 2 bytes [B3, 77]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b314dd 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b314f5 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b3150d 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b31525 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b3153d 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b31555 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b3156d 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b31585 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b3159d 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b315b5 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b315cd 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b316b2 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b316bd 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007095388e 5 bytes JMP 000000016a989080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 00000000709f7922 5 bytes JMP 000000016a989128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075862694 5 bytes JMP 000000016a9893c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000759f3918 5 bytes JMP 00000001030afd2c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000759f4296 5 bytes JMP 00000001030ae8fb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000759f4406 5 bytes JMP 00000001030af9f4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000759f4889 5 bytes JMP 00000001030ae9db
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\WS2_32.dll!recv 00000000759f6b0e 5 bytes JMP 00000001030af946
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\WS2_32.dll!send 00000000759f6f01 5 bytes JMP 00000001030af8a1
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000759f7089 5 bytes JMP 00000001030afac8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\WS2_32.dll!WSAAsyncGetHostByName 0000000075a0726a 5 bytes JMP 00000001030aecb0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4904] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075a07673 5 bytes JMP 00000001030ae83a
? C:\Windows\system32\mssprxy.dll [4904] entry point in ".rdata" section 0000000074c671e6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077b925fd 6 bytes JMP 000000016a858042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ba2a63 6 bytes JMP 000000016a7f9805
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000758e34b5 5 bytes JMP 000000016a7f75db
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075378a29 5 bytes JMP 000000016a8603cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007537d22e 5 bytes JMP 000000016a80363b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!DrawTextExW 000000007538149e 5 bytes JMP 000000010401031f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!DrawTextW 00000000753825cf 5 bytes JMP 000000010401015d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007538291f 5 bytes JMP 000000016a7dddab
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075382da4 5 bytes JMP 000000016a839eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075386285 5 bytes JMP 000000016a857fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075387603 5 bytes JMP 000000016a8325ac
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!DrawTextA 000000007538aea1 5 bytes JMP 0000000104010082
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!DrawTextExA 000000007538aed8 5 bytes JMP 0000000104010238
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 000000007538b029 5 bytes JMP 000000016a989358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 000000007538c63e 5 bytes JMP 000000016a989390
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000753950ed 5 bytes JMP 000000016a989a52
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000075395246 5 bytes JMP 000000016a9892e8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!EndDialog 000000007539b99c 5 bytes JMP 000000016a989d26
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007539c701 5 bytes JMP 000000016a989a7a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007539cbf3 5 bytes JMP 000000016a988fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007539cfca 5 bytes JMP 000000010400ed8f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007539eb96 5 bytes JMP 000000016a7dded5
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007539f52b 5 bytes JMP 000000016a87ed00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!SendInput 000000007539ff4a 5 bytes JMP 000000016a98a2e9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000753a10dc 5 bytes JMP 000000016a989320
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000753a14b2 5 bytes JMP 000000016a98a341
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!SetClipboardData 00000000753b8e57 5 bytes JMP 000000010400fdd3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000753b9cfd 5 bytes JMP 000000016a98a3c2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000753bcb0c 5 bytes JMP 000000016a988f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000753bce64 5 bytes JMP 000000016a98901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000753cfbd1 5 bytes JMP 000000016a988ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000753cfc9d 5 bytes JMP 000000016a988e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000753cfcd6 5 bytes JMP 000000016a988dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000753cfcfa 5 bytes JMP 000000016a988d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!keybd_event 00000000753d02bf 5 bytes JMP 000000016a98a2a6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000077228b7a 5 bytes JMP 00000001040104ea
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\GDI32.dll!GetGlyphIndicesW 0000000077229963 5 bytes JMP 0000000104010977
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\GDI32.dll!TextOutW 000000007722d41c 5 bytes JMP 000000010400ffb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 000000007722dce4 5 bytes JMP 0000000104010406
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\GDI32.dll!TextOutA 000000007722eda3 5 bytes JMP 000000010400feea
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\GDI32.dll!GetGlyphIndicesA 0000000077248dbd 5 bytes JMP 00000001040108aa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075cc6143 5 bytes JMP 000000016a989784
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075a33e59 5 bytes JMP 000000016a98987c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075a33eae 5 bytes JMP 000000016a9898fa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075a34731 5 bytes JMP 000000016a9897ee
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075a35dee 5 bytes JMP 000000016a98989a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000075a993ec 5 bytes JMP 000000016a9891d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000762ac664 5 bytes JMP 000000010400eefd
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\WININET.dll!InternetCrackUrlW 00000000762d3059 5 bytes JMP 0000000104010d86
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000762d5fef 5 bytes JMP 000000010400ee5a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000762d632d 5 bytes JMP 000000010401100e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b31401 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b31419 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b31431 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b3144a 2 bytes [B3, 77]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b314dd 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b314f5 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b3150d 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b31525 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b3153d 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b31555 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b3156d 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b31585 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b3159d 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b315b5 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b315cd 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b316b2 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b316bd 2 bytes [B3, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007095388e 5 bytes JMP 000000016a989080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 00000000709f7922 5 bytes JMP 000000016a989128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000758533a3 5 bytes JMP 000000016a98946c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075862694 5 bytes JMP 000000016a9893c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 000000007586e8ff 5 bytes JMP 000000016a989538
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000759f3918 5 bytes JMP 000000010400fd2c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000759f4296 5 bytes JMP 000000010400e8fb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000759f4406 5 bytes JMP 000000010400f9f4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000759f4889 5 bytes JMP 000000010400e9db
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\WS2_32.dll!recv 00000000759f6b0e 5 bytes JMP 000000010400f946
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\WS2_32.dll!send 00000000759f6f01 5 bytes JMP 000000010400f8a1
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000759f7089 5 bytes JMP 000000010400fac8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\WS2_32.dll!WSAAsyncGetHostByName 0000000075a0726a 5 bytes JMP 000000010400ecb0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075a07673 5 bytes JMP 000000010400e83a
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1552:1276] 000000007380e2db
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1552:3100] 0000000074f08de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1552:3104] 0000000074f08de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1552:3108] 0000000074f08de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1552:3112] 0000000074f04e00
Thread C:\Windows\SysWOW64\rundll32.exe [2656:2284] 0000000001f5ee80
Thread C:\Windows\SysWOW64\rundll32.exe [2656:2272] 0000000000243a80
Thread C:\Windows\SysWOW64\rundll32.exe [2656:2620] 0000000000243a10
Thread C:\Windows\SysWOW64\rundll32.exe [2656:3888] 00000000024b5cfe
Thread C:\Windows\SysWOW64\rundll32.exe [2656:3916] 00000000024b2ea6
Thread C:\Windows\SysWOW64\rundll32.exe [2656:3968] 00000000024b33de
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2256:2572] 000000006c868d07
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2256:2560] 000000006c868fdc
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2256:2520] 000000006c8688f0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2256:4184] 00000000739b32fb
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204:4580] 000007fef383cc10
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204:4584] 000007fef36fb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204:4672] 000007fef36fb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204:4676] 000007fef380f718
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204:4684] 000007fef36fb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204:4688] 000007fef3d36050
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204:5044] 000007fef36fb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204:5056] 000007fefc272a7c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204:5092] 000007fef36fb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204:5096] 000007fef36fb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204:5100] 000007fef36fb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204:5104] 000007fef36f143c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204:4340] 000007fef36fb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204:5108] 000007fef36fb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204:1252] 000007fef36fb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204:1872] 000007fef36fb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204:3832] 000007fef36fb564
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204:2124] 000007fef36fb564
Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [4904:3024] 00000000030c91d7
Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [4904:2448] 00000000030a9429
Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [4904:3552] 00000000030a9516
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1552] 0000000073900000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2256] 000000006fef0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3204] 000007feff910000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [4204] 000007feeee40000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46a527bd2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46a527bd2 (not active ControlSet)
---- EOF - GMER 2.0 ----
2. dds:
DDS Logfile:
DDS Logfile: Code:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Sabrina at 21:25:52 on 2013-01-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4091.2715 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ICQ7.5\ICQ.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://go.web.de/br/ie9_startpage
mStart Page = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
uProxyOverride = <local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: WEB.DE Konfiguration: {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: WEB.DE MailCheck BHO: {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: WEB.DE MailCheck: {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
TB: WEB.DE MailCheck: {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [ICQ] "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4
uRun: [Facebook Update] "C:\Users\Sabrina\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [abswuudq] rundll32 "C:\Users\Sabrina\AppData\Roaming\dfsclis.dll",Eaaplyxb
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [MailCheck IE Broker] C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WISOME~1.LNK - C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: TidyCOM - hxxps://www.landwirtschaft-bw.info/webedit/TidyCOM.CAB
DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} - hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{F9060425-3170-43E5-8F9F-BAFCBBBF2C78} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F9060425-3170-43E5-8F9F-BAFCBBBF2C78}\75C414E40284F64756C6022457368626562776 : DHCPNameServer = 192.168.175.1
TCP: Interfaces\{F9060425-3170-43E5-8F9F-BAFCBBBF2C78}\75C414E4D2030313344314439313633323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F9060425-3170-43E5-8F9F-BAFCBBBF2C78}\75C414E4D2030313530334449314336333 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F9060425-3170-43E5-8F9F-BAFCBBBF2C78}\75C414E4D2030313643364832364542333 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F9060425-3170-43E5-8F9F-BAFCBBBF2C78}\75C414E4D2337364343333 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://acer.msn.com
x64-mDefault_Page_URL = hxxp://acer.msn.com
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: WEB.DE MailCheck BHO: {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
x64-TB: WEB.DE MailCheck: {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-10-16 27800]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-4 203264]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-16 85280]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-16 109344]
R2 AntiVirWebService;Avira Browser-Schutz;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-10-16 565024]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-7-29 52896]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-10-16 99912]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-8-30 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-4 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-30 243232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-7-29 28832]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-8-30 384040]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-12-4 38528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-7-29 36000]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-7-29 51872]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-4 116752]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-7-29 295072]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-7-29 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-7-29 51872]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-7-29 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-7-29 270496]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-8-30 246376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
.
=============== Created Last 30 ================
.
2013-01-18 13:36:49 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0B8A303-A4FF-4AC8-84C0-5540A39E1840}\mpengine.dll
2013-01-13 19:04:13 118784 --sha-r- C:\Users\Sabrina\AppData\Roaming\dfsclis.dll
2013-01-09 13:07:14 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 13:07:14 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 13:07:03 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-09 13:07:02 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-09 13:07:02 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-09 13:07:01 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-09 13:07:01 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-09 13:07:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-09 13:05:59 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-20 22:16:10 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-20 22:16:10 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-20 22:16:09 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-20 22:16:09 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
.
==================== Find3M ====================
.
2013-01-10 21:51:21 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-10 21:51:21 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-12 11:48:42 99912 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
.
============= FINISH: 21:27:51,26 ===============
--- --- ---
--- --- ---
3. attach: Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 20.01.2011 22:34:30
System Uptime: 19.01.2013 21:21:51 (0 hours ago)
.
Motherboard: Acer | | JE51_DN
Processor: AMD Phenom(tm) II N830 Triple-Core Processor | Socket S1G4 | 1491/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 186,771 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP250: 29.12.2012 21:49:03 - Windows Update
RP251: 04.01.2013 11:34:32 - Windows Update
RP252: 08.01.2013 09:23:50 - Windows Update
RP253: 10.01.2013 09:38:03 - Windows Update
RP254: 15.01.2013 12:35:44 - Windows Update
RP255: 18.01.2013 14:35:34 - Windows Update
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.01) - Deutsch
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Install Manager
Avira Free Antivirus
Avira SearchFree Toolbar plus Web Protection Updater
Backup Manager Basic
Bluetooth Win7 Suite (64)
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
EPSON-Drucker-Software
Facebook Messenger 2.1.4651.0
High-Definition Video Playback 10
ICQ7.5
ICQ7.6
Identity Card
iTunes
Java Auto Updater
Java(TM) 6 Update 35
Junk Mail filter update
Launch Manager
Media Player Codec Pack 4.0.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 32-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero Burning ROM 10
Nero Control Center 10
Nero Core Components 10
Nero CoverDesigner 10
Nero Dolby Files 10
Nero Express 10
Nero InfoTool 10
Nero Multimedia Suite 10
Nero RescueAgent 10
Nero StartSmart 10
PokerStars
posterjack CEWE Fotobuch und Kalender
QuickTime
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
TurboFLOORPLAN Haus- & Wohnungsarchitekt
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
WEB.DE Internet Explorer Addon
WEB.DE MailCheck für Internet Explorer
WEB.DE Softwareaktualisierung
Win7codecs
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
WinRAR 4.00 (32-Bit)
WISO Steuer 2011
WISO Steuer 2012
.
==== End Of File ===========================
|
Aktualität von System und Software