| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Java/Jogek.QK gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.01.2013, 16:20
| #1 |
| |  Java/Jogek.QK gefunden Hallo Leute. Ich habe Gestern ein Virenscan (Avira) gemacht und heute dann nochmal, da habe ich - JAVA/Jogek.QK - EXP/CVE-2013-0422 gefunden. Bei Malwarebytes findet er jedoch nichts. Ich hab Win 7 und hoffe, dass ihr mir helfen könnt. Erstmal kommen die OTL Dateien. Die Extras Datei habe ich als Anhang hoch geladen da ansonsten die Zeichenanzahl überschritten ist. OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.01.2013 13:24:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,39 Gb Available Physical Memory | 68,17% Memory free 15,82 Gb Paging File | 13,16 Gb Available in Paging File | 83,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 400,55 Gb Total Space | 198,07 Gb Free Space | 49,45% Space Free | Partition Type: NTFS Drive D: | 505,96 Gb Total Space | 120,08 Gb Free Space | 23,73% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.29 13:23:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.10.26 22:32:54 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.08.09 21:24:13 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.05 14:56:39 | 000,037,440 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe PRC - [2012.05.02 06:15:59 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.20 19:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011.02.01 21:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.01 21:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.01.13 02:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.15 18:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2010.08.17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.04.05 20:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.06.19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Modules (No Company Name) ========== MOD - [2012.07.05 14:56:39 | 000,037,440 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe MOD - [2012.07.05 14:56:24 | 000,052,800 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy_05.dll MOD - [2011.04.28 11:44:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2009.11.02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Services (SafeList) ========== SRV:64bit: - [2011.01.25 22:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.11.29 23:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.01.19 02:27:04 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.19 02:25:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.09 02:10:29 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.10.19 15:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.08 10:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.10.02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2011.02.01 21:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.01 21:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.01.13 02:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.04.05 20:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.10.08 10:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.10.08 10:42:14 | 000,284,008 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.20 01:24:15 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.07.20 01:12:56 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.05.05 19:22:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.05 01:47:58 | 001,327,104 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PLTGC.sys -- (PlantronicsGC) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.07 19:21:16 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.02.26 01:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger) DRV:64bit: - [2011.02.10 22:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.02.10 22:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.01.13 01:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.12.31 11:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.11.30 07:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.11.29 23:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2011.05.26 03:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.finanzen.net/|hxxp://www.youtube.com/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 02:25:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 02:25:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.01 21:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.12.29 20:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\32m6mitz.default\extensions [2012.12.29 20:00:56 | 002,319,618 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\32m6mitz.default\extensions\nasanightlaunch@example.com.xpi [2013.01.11 01:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.19 02:25:27 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.18 11:36:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.09 10:35:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.18 11:36:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.18 11:36:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.18 11:36:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.18 11:36:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A97F8EFA-8789-452C-85B3-ED1535CA3CA5}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{920b21cb-96dc-11e1-80f6-14dae955eac2}\Shell - "" = AutoRun O33 - MountPoints2\{920b21cb-96dc-11e1-80f6-14dae955eac2}\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.29 13:23:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.28 22:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.01.28 22:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.01.16 11:23:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Canon [2013.01.16 11:19:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Canon Easy-PhotoPrint EX [2013.01.16 11:19:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX [2013.01.11 01:54:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.09 04:08:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs ========== Files - Modified Within 30 Days ========== [2013.01.29 13:23:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.29 13:22:25 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.01.29 13:21:23 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.01.29 13:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.29 10:39:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.29 10:39:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.29 10:32:34 | 000,002,446 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013.01.29 10:32:25 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2013.01.29 10:32:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.29 10:32:05 | 2075,893,759 | -HS- | M] () -- C:\hiberfil.sys [2013.01.27 11:25:15 | 001,529,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.27 11:25:15 | 000,665,682 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.27 11:25:15 | 000,627,524 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.27 11:25:15 | 000,133,862 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.27 11:25:15 | 000,110,244 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.22 07:48:11 | 000,001,455 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013.01.22 07:47:33 | 000,295,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.10 03:59:13 | 000,007,619 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg ========== Files Created - No Company Name ========== [2013.01.29 13:22:25 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.01.29 13:21:22 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.01.21 16:02:33 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.01.10 03:59:13 | 000,007,619 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.11.08 14:09:10 | 000,000,402 | ---- | C] () -- C:\Windows\PLTGC.ini.cfl [2012.11.08 14:09:03 | 000,003,489 | ---- | C] () -- C:\Windows\PLTGC.ini.cfg [2012.11.08 14:09:03 | 000,000,432 | ---- | C] () -- C:\Windows\PLTGC.ini.imi [2012.07.25 02:04:25 | 000,000,051 | ---- | C] () -- C:\ProgramData\lfjdiyfzxazgdbu [2012.07.15 02:43:50 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad [2012.03.19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.09.29 20:27:43 | 000,000,447 | ---- | C] () -- C:\Windows\PLTGC.ini [2011.06.20 15:01:42 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.04.13 03:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.05.01 06:38:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage [2013.01.16 11:23:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2013.01.27 22:42:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro [2012.06.13 20:20:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DarknessII [2012.12.25 00:51:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.06.24 20:32:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fltk.org [2012.08.04 15:59:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FX Flat [2012.08.26 21:19:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2012.05.01 06:41:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance [2012.05.01 23:05:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.01.29 13:06:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify [2012.08.25 23:08:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock [2012.11.11 19:59:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.05.01 06:41:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon ========== Purity Check ========== < End of report > Jetzt kommt die Gmer-Datei: Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-01-29 14:00:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.CC46 931,51GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\***\AppData\Local\Temp\pxdiqpow.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007709efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770c99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770d94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770d9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770fa500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff207490 11 bytes JMP 000007fffdd30228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff21bf00 7 bytes JMP 000007fffdd30260
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a51401 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a51419 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a51431 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a5144a 2 bytes [A5, 76]
.text ... * 9
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a514dd 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a514f5 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a5150d 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a51525 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a5153d 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a51555 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a5156d 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a51585 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a5159d 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a515b5 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a515cd 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a516b2 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a516bd 2 bytes [A5, 76]
.text C:\Windows\system32\taskeng.exe[2464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Windows\system32\taskeng.exe[2464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Windows\system32\taskeng.exe[2464] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Windows\system32\taskeng.exe[2464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Windows\system32\taskeng.exe[2464] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Windows\system32\taskeng.exe[2464] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Windows\system32\taskeng.exe[2464] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff207490 11 bytes JMP 000007fffdd30228
.text C:\Windows\system32\taskeng.exe[2464] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff21bf00 7 bytes JMP 000007fffdd30260
.text C:\Windows\system32\Dwm.exe[2472] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Windows\system32\Dwm.exe[2472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Windows\system32\Dwm.exe[2472] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Windows\system32\Dwm.exe[2472] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Windows\system32\Dwm.exe[2472] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Windows\system32\Dwm.exe[2472] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Windows\system32\Dwm.exe[2472] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef7cd4da4 7 bytes JMP 000007fff7cc00d8
.text C:\Windows\system32\Dwm.exe[2472] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef7cf9af4 7 bytes JMP 000007fff7cc0110
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff207490 11 bytes JMP 000007fffdd30228
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff21bf00 7 bytes JMP 000007fffdd30260
.text C:\Windows\SysWOW64\ACEngSvr.exe[2872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Windows\SysWOW64\ACEngSvr.exe[2872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Windows\SysWOW64\ACEngSvr.exe[2872] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Windows\SysWOW64\ACEngSvr.exe[2872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Windows\SysWOW64\ACEngSvr.exe[2872] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Windows\SysWOW64\ACEngSvr.exe[2872] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Windows\SysWOW64\ACEngSvr.exe[2872] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff207490 11 bytes JMP 000007fffdd30228
.text C:\Windows\SysWOW64\ACEngSvr.exe[2872] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff21bf00 7 bytes JMP 000007fffdd30260
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007709efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770c99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770d94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770d9640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770fa500 7 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff207490 11 bytes JMP 000007fffdd30228
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff21bf00 7 bytes JMP 000007fffdd30260
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007709efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770c99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770d94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770d9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770fa500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076721429 7 bytes JMP 000000017398128f
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007673b223 5 bytes JMP 000000017398159b
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767b88f4 7 bytes JMP 0000000173981339
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767b8979 5 bytes JMP 00000001739816b8
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767b8ccf 5 bytes JMP 000000017398101e
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1d1b 5 bytes JMP 00000001739811d1
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1dc9 5 bytes JMP 0000000173981019
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df2aa4 5 bytes JMP 000000017398154b
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df2d0a 5 bytes JMP 0000000173981276
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076d7e9a2 5 bytes JMP 00000001739815b4
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076d7ebdc 5 bytes JMP 000000017398119a
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a51401 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a51419 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a51431 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a5144a 2 bytes [A5, 76]
.text ... * 9
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a514dd 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a514f5 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a5150d 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a51525 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a5153d 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a51555 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a5156d 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a51585 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a5159d 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a515b5 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a515cd 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a516b2 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a516bd 2 bytes [A5, 76]
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007709efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000770c99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000770d94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 00000000770d9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00000000770fa500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff207490 11 bytes JMP 000007fffdd30228
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff21bf00 7 bytes JMP 000007fffdd30260
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076721429 7 bytes JMP 000000017398128f
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007673b223 5 bytes JMP 000000017398159b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767b88f4 7 bytes JMP 0000000173981339
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767b8979 5 bytes JMP 00000001739816b8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767b8ccf 5 bytes JMP 000000017398101e
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1d1b 5 bytes JMP 00000001739811d1
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1dc9 5 bytes JMP 0000000173981019
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df2aa4 5 bytes JMP 000000017398154b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df2d0a 5 bytes JMP 0000000173981276
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076d7e9a2 5 bytes JMP 00000001739815b4
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076d7ebdc 5 bytes JMP 000000017398119a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076905ea5 5 bytes JMP 00000001739815e6
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076939d0b 5 bytes JMP 000000017398122b
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076721429 7 bytes JMP 000000017398128f
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007673b223 5 bytes JMP 000000017398159b
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767b88f4 7 bytes JMP 0000000173981339
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767b8979 5 bytes JMP 00000001739816b8
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767b8ccf 5 bytes JMP 000000017398101e
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1d1b 5 bytes JMP 00000001739811d1
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1dc9 5 bytes JMP 0000000173981019
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df2aa4 5 bytes JMP 000000017398154b
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df2d0a 5 bytes JMP 0000000173981276
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076d7e9a2 5 bytes JMP 00000001739815b4
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076d7ebdc 5 bytes JMP 000000017398119a
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076905ea5 5 bytes JMP 00000001739815e6
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076939d0b 5 bytes JMP 000000017398122b
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a51401 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a51419 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a51431 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a5144a 2 bytes [A5, 76]
.text ... * 9
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a514dd 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a514f5 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a5150d 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a51525 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a5153d 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a51555 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a5156d 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a51585 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a5159d 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a515b5 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a515cd 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a516b2 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a516bd 2 bytes [A5, 76]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076721429 7 bytes JMP 000000017398128f
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007673b223 5 bytes JMP 000000017398159b
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767b88f4 7 bytes JMP 0000000173981339
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767b8979 5 bytes JMP 00000001739816b8
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767b8ccf 5 bytes JMP 000000017398101e
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1d1b 5 bytes JMP 00000001739811d1
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1dc9 5 bytes JMP 0000000173981019
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df2aa4 5 bytes JMP 000000017398154b
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df2d0a 5 bytes JMP 0000000173981276
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076d7e9a2 5 bytes JMP 00000001739815b4
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076d7ebdc 5 bytes JMP 000000017398119a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076905ea5 5 bytes JMP 00000001739815e6
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076939d0b 5 bytes JMP 000000017398122b
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007709efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770c99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770d94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770d9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770fa500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007709efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770c99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770d94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770d9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770fa500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff207490 11 bytes JMP 000007fffdd30228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff21bf00 7 bytes JMP 000007fffdd30260
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076721429 7 bytes JMP 000000017398128f
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007673b223 5 bytes JMP 000000017398159b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767b88f4 7 bytes JMP 0000000173981339
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767b8979 5 bytes JMP 00000001739816b8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767b8ccf 5 bytes JMP 000000017398101e
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1d1b 5 bytes JMP 00000001739811d1
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1dc9 5 bytes JMP 0000000173981019
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df2aa4 5 bytes JMP 000000017398154b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df2d0a 5 bytes JMP 0000000173981276
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076d7e9a2 5 bytes JMP 00000001739815b4
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076d7ebdc 5 bytes JMP 000000017398119a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076905ea5 5 bytes JMP 00000001739815e6
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076939d0b 5 bytes JMP 000000017398122b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076721429 7 bytes JMP 000000017398128f
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007673b223 5 bytes JMP 000000017398159b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767b88f4 7 bytes JMP 0000000173981339
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767b8979 5 bytes JMP 00000001739816b8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767b8ccf 5 bytes JMP 000000017398101e
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1d1b 5 bytes JMP 00000001739811d1
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1dc9 5 bytes JMP 0000000173981019
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df2aa4 5 bytes JMP 000000017398154b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df2d0a 5 bytes JMP 0000000173981276
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076d7e9a2 5 bytes JMP 00000001739815b4
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076d7ebdc 5 bytes JMP 000000017398119a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076905ea5 5 bytes JMP 00000001739815e6
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076939d0b 5 bytes JMP 000000017398122b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076721429 7 bytes JMP 000000017398128f
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007673b223 5 bytes JMP 000000017398159b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767b88f4 7 bytes JMP 0000000173981339
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767b8979 5 bytes JMP 00000001739816b8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767b8ccf 5 bytes JMP 000000017398101e
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1d1b 5 bytes JMP 00000001739811d1
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1dc9 5 bytes JMP 0000000173981019
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df2aa4 5 bytes JMP 000000017398154b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df2d0a 5 bytes JMP 0000000173981276
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076d7e9a2 5 bytes JMP 00000001739815b4
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076d7ebdc 5 bytes JMP 000000017398119a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076905ea5 5 bytes JMP 00000001739815e6
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076939d0b 5 bytes JMP 000000017398122b
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076721429 7 bytes JMP 000000017398128f
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007673b223 5 bytes JMP 000000017398159b
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767b88f4 7 bytes JMP 0000000173981339
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767b8979 5 bytes JMP 00000001739816b8
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767b8ccf 5 bytes JMP 000000017398101e
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1d1b 5 bytes JMP 00000001739811d1
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1dc9 5 bytes JMP 0000000173981019
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df2aa4 5 bytes JMP 000000017398154b
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df2d0a 5 bytes JMP 0000000173981276
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076d7e9a2 5 bytes JMP 00000001739815b4
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076d7ebdc 5 bytes JMP 000000017398119a
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076905ea5 5 bytes JMP 00000001739815e6
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076939d0b 5 bytes JMP 000000017398122b
---- Threads - GMER 2.0 ----
Thread C:\Windows\System32\svchost.exe [3904:3152] 000007fee7849688
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
---- EOF - GMER 2.0 ----
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 29. Januar 2013 11:51
Es wird nach 4739754 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : ***
Computername : ***-PC
Versionsinformationen:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 14.11.2012 13:15:54
AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50
LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 15.07.2012 14:02:51
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 14:02:44
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 20:19:52
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 16:53:55
VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 17:44:11
VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 17:44:11
VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 17:44:11
VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 17:44:11
VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 17:44:11
VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 19:12:53
VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 19:12:51
VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 19:13:00
VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 22:24:41
VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 06:11:53
VBASE018.VDF : 7.11.57.11 153088 Bytes 13.01.2013 12:06:15
VBASE019.VDF : 7.11.57.75 165888 Bytes 15.01.2013 19:39:41
VBASE020.VDF : 7.11.57.163 190976 Bytes 17.01.2013 07:34:44
VBASE021.VDF : 7.11.57.219 119808 Bytes 18.01.2013 07:34:41
VBASE022.VDF : 7.11.58.7 167936 Bytes 21.01.2013 07:34:47
VBASE023.VDF : 7.11.58.49 140288 Bytes 22.01.2013 08:06:50
VBASE024.VDF : 7.11.58.119 137728 Bytes 24.01.2013 11:48:26
VBASE025.VDF : 7.11.58.175 132608 Bytes 25.01.2013 11:48:23
VBASE026.VDF : 7.11.58.213 116736 Bytes 27.01.2013 11:48:30
VBASE027.VDF : 7.11.58.214 2048 Bytes 27.01.2013 11:48:31
VBASE028.VDF : 7.11.58.215 2048 Bytes 27.01.2013 11:48:31
VBASE029.VDF : 7.11.58.216 2048 Bytes 27.01.2013 11:48:31
VBASE030.VDF : 7.11.58.217 2048 Bytes 27.01.2013 11:48:31
VBASE031.VDF : 7.11.58.228 52736 Bytes 28.01.2013 12:15:31
Engineversion : 8.2.10.238
AEVDF.DLL : 8.1.2.10 102772 Bytes 15.07.2012 14:02:51
AESCRIPT.DLL : 8.1.4.84 467322 Bytes 25.01.2013 11:48:27
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 14:45:43
AESBX.DLL : 8.2.5.12 606578 Bytes 15.07.2012 14:02:51
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 22:24:44
AEPACK.DLL : 8.3.1.2 819574 Bytes 20.12.2012 16:49:00
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 06.11.2012 12:08:19
AEHEUR.DLL : 8.1.4.182 5706104 Bytes 25.01.2013 11:48:27
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 14:48:25
AEGEN.DLL : 8.1.6.16 434549 Bytes 25.01.2013 11:48:23
AEEXP.DLL : 8.3.0.14 188788 Bytes 25.01.2013 11:48:27
AEEMU.DLL : 8.1.3.2 393587 Bytes 15.07.2012 14:02:47
AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 14:45:42
AEBB.DLL : 8.1.1.4 53619 Bytes 06.11.2012 12:08:16
AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21
AVPREF.DLL : 12.3.0.32 50720 Bytes 14.11.2012 13:15:53
AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35
AVARKT.DLL : 12.3.0.33 209696 Bytes 14.11.2012 13:15:53
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 09.08.2012 20:24:25
NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 09.08.2012 20:22:55
RCTEXT.DLL : 12.3.0.32 98848 Bytes 14.11.2012 13:15:52
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Manuelle Auswahl
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Dienstag, 29. Januar 2013 11:51
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_146.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_146.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spotify.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KBFiltr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsScrPro.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpotifyWebHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sensorsrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hcdll2_ex_Win32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2507' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <OS>
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\3a8c48cf-24e53eea
[0] Archivtyp: ZIP
--> ewjvaiwebvhtuai124a.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-0422
--> test.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.QK
Beginne mit der Suche in 'D:\' <DATA>
Beginne mit der Desinfektion:
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\3a8c48cf-24e53eea
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.QK
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54f7158c.qua' verschoben!
Ende des Suchlaufs: Dienstag, 29. Januar 2013 13:02
Benötigte Zeit: 1:09:50 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
39970 Verzeichnisse wurden überprüft
1060698 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1060696 Dateien ohne Befall
7879 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.29.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 29.01.2013 14:42:34 mbam-log-2013-01-29 (14-42-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 441974 Laufzeit: 1 Stunde(n), 13 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Lieben Gruss Geändert von sunZy (29.01.2013 um 16:41 Uhr) |
|
30.01.2013, 02:41
| #2 |
| /// Helfer-Team  | Java/Jogek.QK gefunden Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Ersetze die *** Sternchen wieder in den Benutzernamen zurück! Code:
ATTFilter :OTL
[2012.07.15 02:43:50 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\***\*.tmp
C:\Users\***\AppData\Local\Temp\*.exe
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup unctf.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
30.01.2013, 13:46
| #3 |
| | Java/Jogek.QK gefunden Danke für deine schnelle Hilfe.
__________________Hier der Mbar-Bericht: Code:
ATTFilter All processes killed
========== OTL ==========
C:\ProgramData\to_r0tsef.pad moved successfully.
========== FILES ==========
C:\ProgramData\FullRemove.exe moved successfully.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\***\*.tmp not found.
C:\Users\***\AppData\Local\Temp\eauninstall.exe moved successfully.
C:\Users\***\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup unctf.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 84734 bytes
->Temporary Internet Files folder emptied: 2451249 bytes
->FireFox cache emptied: 414589556 bytes
->Flash cache emptied: 2201 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13872 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 398,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01302013_115515
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\32m6mitz.default\Cache\_CACHE_001_ moved successfully.
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\32m6mitz.default\Cache\_CACHE_002_ moved successfully.
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\32m6mitz.default\Cache\_CACHE_003_ moved successfully.
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\32m6mitz.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\32m6mitz.default\_CACHE_CLEAN_ moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
AdwCleaner Code:
ATTFilter # AdwCleaner v2.109 - Datei am 30/01/2013 um 12:24:51 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\Partner
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\32m6mitz.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1075 octets] - [30/01/2013 12:24:51]
########## EOF - C:\AdwCleaner[S1].txt - [1135 octets] ##########
Zur Sicherheit habe ich gerade eben nochmal Avira prüfen lassen, jetzt findet er gar nichts mehr. Das wäre es bereits oder muss noch etwas getan werden? Lieben Gruss |
|
30.01.2013, 17:16
| #4 |
| /// Helfer-Team | Java/Jogek.QK gefunden Downloade Dir bitte SecurityCheck von einem der folgenden Links: LINK1
|
|
30.01.2013, 22:09
| #5 |
| | Java/Jogek.QK gefunden Die Checkup-Datei Code:
ATTFilter Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 JavaFX 2.1.1 Java(TM) 6 Update 32 Java 7 Update 11 Adobe Flash Player 11.5.502.146 Mozilla Firefox (18.0.1) Google Chrome 24.0.1312.52 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
31.01.2013, 00:58
| #6 | |
| /// Helfer-Team | Java/Jogek.QK gefundenZitat:
Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> Java/Jogek.QK gefunden |
|
31.01.2013, 15:24
| #7 |
| | Java/Jogek.QK gefunden Jetzt hat er doch was gefunden. Ohne Emsisoft wäre das wohl niemals raus gekommen. PluginCheck: PluginCheck Code:
ATTFilter Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Firefox 18.0 ist aktuell
Flash (11,5,502,146) ist aktuell.
Java ist nicht Installiert oder nicht aktiviert.
Adobe Reader ist nicht installiert oder aktiviert.
Code:
ATTFilter Emsisoft Anti-Malware - Version 7.0
Letztes Update: 31.01.2013 11:27:15
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 31.01.2013 11:27:46
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1c3946e9.qua -> (Quarantine-8) -> hw.class gefunden: Exploit.Java.CVE.Z (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1c3946e9.qua -> (Quarantine-8) -> test.class gefunden: Exploit.Java.CVE.Z (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\54e04ef3.qua -> (Quarantine-8) gefunden: Trojan.Generic.7303607 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\54f7158c.qua -> (Quarantine-8) -> ewjvaiwebvhtuai124a.class gefunden: Exploit.Java.CVE.Z (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\54f7158c.qua -> (Quarantine-8) -> test.class gefunden: Exploit.Java.CVE.Z (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\563524fe.qua -> (Quarantine-8) gefunden: Trojan.Generic.KDV.581709 (B)
D:\Games\Two Worlds II\Keygen\keygen.exe gefunden: Trojan.Generic.8538648 (B)
Gescannt 528112
Gefunden 7
Scan Ende: 31.01.2013 12:40:35
Scan Zeit: 1:12:49
|
|
31.01.2013, 17:45
| #8 |
| /// Helfer-Team | Java/Jogek.QK gefunden Sehr gut!  Lasse die Funde in Quarantaene verschieben, dann: Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
31.01.2013, 23:27
| #9 |
| | Java/Jogek.QK gefunden Hier nochmal die ESET-Datei: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=2342f7b65a92204984a443504bf162ac
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-31 09:42:44
# local_time=2013-01-31 10:42:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 98 18240 225091854 30402 0
# compatibility_mode=5893 16776573 100 94 18265 111298414 0 0
# scanned=218312
# found=5
# cleaned=4
# scan_time=14354
C:\Users\All Users\innmptdubjqfeem\main.html HTML/Ransom.B trojan 9591FBDB0D0A728F4467F8182A07A62157E98D6A I
C:\Games\Alpha.Protocol.Multi8.EN.RU.Repack\alpha_dvd2.iso a variant of Win32/Packed.VMProtect.AAA trojan (deleted - quarantined) 2D1EE929AF3802CEDC7C136B1C86FBB06BB578DC C
C:\Games\Max.Payne.3-RELOADED\DVD4\rld-mp3d.iso a variant of Win32/Packed.VMProtect.AAH trojan (deleted - quarantined) CEEFED45CCD70527CC26AE53C1D84438BE174E3C C
C:\ProgramData\innmptdubjqfeem\main.html HTML/Ransom.B trojan (cleaned by deleting - quarantined) 9591FBDB0D0A728F4467F8182A07A62157E98D6A C
D:\Games\Anno.1404.Venedig.GERMAN-0x0007\de-a14v.iso Win32/Packed.VMProtect.D trojan (deleted - quarantined) 19A86F0DEBB54A4C068A27E7A403178A174B5E9A C
|
|
31.01.2013, 23:52
| #10 |
| /// Helfer-Team | Java/Jogek.QK gefunden Die Benutzung von Cracks und Keygens verstoesst gegen unseren Kodex. Schon mal darueber nachgedacht, warum es Cracks gibt? Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner. Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben. Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP 1. Datenrettung:
2. Formatieren, Windows neu instalieren:
3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. |
|
01.02.2013, 15:00
| #11 |
| | Java/Jogek.QK gefunden Ok. Ab hier komme ich alleine klar. Ich danke dir für deine Mühe und deine Zeit die du dir genommen hast. Den Punkt 3 werde ich zukünftig besser Berücksichtigen. Eine kleine Frage hätte ich jedoch. Hättest du eventuell einen Link parat oder empfehlende Literatur um sich selbst in das Thema etwas ein zu arbeiten? Ich spreche jetzt nicht in dem Umfeld wie du es tust (ich will jetzt kein Profi werden) sondern lediglich zum persönlichen Nutzen damit ich zukünftig besser gewappnet bin und bei diesem Thema niemand nerven muss. Lieben Gruss und danke für die Hilfe!!! |
|
01.02.2013, 17:39
| #12 |
| /// Helfer-Team | Java/Jogek.QK gefunden Das wichtigste steht hier: Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
Linear-Darstellung
