| |
| |||||||
Log-Analyse und Auswertung: XingHaoLyrics; WIN32 Somoto - B/J [PUP]; etcWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.07.2013, 11:57
| #1 |
| | ![XingHaoLyrics; WIN32 Somoto - B/J [PUP]; etc - Standard](images/icons/icon1.gif){kind=icon} XingHaoLyrics; WIN32 Somoto - B/J [PUP]; etc Hallo, mache das zum ersten Mal, hoffe es ist soweit alles ok. Also mein avast! hat gestern einige Dinge gefunden, darauf hin hab ich mal in meinen Programmen nachgeschaut, wo mir dann Ordner aufgefallen sind wie "XingHaoLyrics". Eine Suche im Netz hat mich dann hierher gebracht. Vorarbeit hab ich in sofern geleistet, dass ich einige Programme wie zB Optimizer Pro, Delta Toolbar, Wajam deinstalliert habe (wo auch immer die sich mit reingeschlichen haben). Der defogger hat nichts ausgeworfen. OTL: Code:
ATTFilter OTL logfile created on: 25.07.2013 11:29:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jule\Downloads Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 73,53% Memory free 5,99 Gb Paging File | 5,08 Gb Available in Paging File | 84,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 203,13 Gb Free Space | 68,17% Space Free | Partition Type: NTFS Computer Name: JULE-PC | User Name: Jule | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.25 11:28:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jule\Downloads\OTL.exe PRC - [2013.06.05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jule\AppData\Local\Akamai\netsession_win.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2013.06.12 16:53:45 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013.05.01 18:14:00 | 004,481,144 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva400.sys -- (XDva400) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\vtany.sys -- (vtany) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - [2013.07.25 02:15:19 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013.07.25 02:15:19 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013.07.25 02:15:19 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013.05.09 10:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.10.31 00:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2011.12.12 19:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.04.03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 4C 5B 89 4B A1 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SAVB_deDE504 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) [2013.04.12 17:41:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jule\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53823BED-6089-48AB-ABC9-2037E4702F88}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92997705-E774-4FBE-9EA8-A49EC7F3118D}: DhcpNameServer = 62.117.1.25 89.16.129.25 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.25 11:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.07.25 11:02:03 | 000,000,000 | ---D | C] -- C:\Users\Jule\AppData\Local\Deployment [2013.07.25 11:02:03 | 000,000,000 | ---D | C] -- C:\Users\Jule\AppData\Local\Apps [2013.07.25 01:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013.07.25 01:40:49 | 000,000,000 | ---D | C] -- C:\Users\Jule\AppData\Roaming\BabSolution [2013.07.24 23:57:40 | 000,000,000 | ---D | C] -- C:\Users\Jule\AppData\Roaming\Systweak [2013.07.24 00:15:12 | 000,000,000 | ---D | C] -- C:\Users\Jule\AppData\Roaming\DealPly [2013.07.24 00:14:57 | 000,000,000 | ---D | C] -- C:\Users\Jule\AppData\Roaming\DSite [2013.07.21 10:57:28 | 000,000,000 | ---D | C] -- C:\Users\Jule\AppData\Local\CrashDumps [2013.07.16 15:44:46 | 000,000,000 | ---D | C] -- C:\Users\Jule\AppData\Roaming\TechSmith [2013.07.16 15:44:39 | 000,000,000 | ---D | C] -- C:\Users\Jule\AppData\Local\TechSmith [2013.07.16 15:44:04 | 000,000,000 | ---D | C] -- C:\Users\Jule\Documents\Camtasia Studio [2013.07.16 15:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013.07.16 15:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2013.07.16 15:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith [2013.06.29 12:53:25 | 000,000,000 | ---D | C] -- C:\Users\Jule\Documents\Add-in Express [2013.06.27 16:32:53 | 000,000,000 | ---D | C] -- C:\Users\Jule\Desktop\Scimitar [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.25 11:09:20 | 000,392,704 | ---- | M] () -- C:\Users\Jule\Desktop\viewer.exe [2013.07.25 11:07:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.25 11:07:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.25 11:03:28 | 000,002,221 | ---- | M] () -- C:\Users\Jule\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013.07.25 11:02:32 | 004,211,072 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.25 11:02:32 | 001,871,134 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.25 11:02:32 | 001,368,444 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.25 11:02:32 | 001,307,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.07.25 10:55:54 | 000,010,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.25 10:55:54 | 000,010,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.25 10:55:03 | 000,267,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.07.25 10:55:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.25 10:53:55 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys [2013.07.25 10:52:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.25 02:15:19 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.07.25 02:15:19 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.07.25 02:15:19 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.07.25 02:15:19 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum [2013.07.25 02:15:19 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum [2013.07.25 02:15:19 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum [2013.07.25 02:11:41 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.07.25 02:11:38 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.07.24 21:09:02 | 002,210,313 | ---- | M] () -- C:\Users\Jule\Desktop\ultimacenaLC.jpg [2013.07.24 17:45:32 | 000,033,333 | ---- | M] () -- C:\Users\Jule\Desktop\Unbenannt.jpg [2013.07.24 17:45:32 | 000,018,314 | ---- | M] () -- C:\Users\Jule\AppData\Local\recently-used.xbel [2013.07.24 17:45:14 | 000,270,530 | ---- | M] () -- C:\Users\Jule\Documents\Unbenannt.xcf [2013.07.24 14:34:28 | 000,008,288 | ---- | M] () -- C:\Users\Jule\Desktop\pets.list [2013.07.24 11:09:47 | 000,471,444 | ---- | M] () -- C:\Users\Jule\Desktop\OKohneText.jpg [2013.07.24 01:01:10 | 000,348,123 | ---- | M] () -- C:\Users\Jule\Desktop\OKohneText - Kopie.jpg [2013.07.23 23:04:58 | 000,142,794 | ---- | M] () -- C:\Users\Jule\Desktop\Image-0.png [2013.07.23 23:02:17 | 000,191,993 | ---- | M] () -- C:\Users\Jule\Desktop\Image-1.png [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.25 11:08:49 | 000,392,704 | ---- | C] () -- C:\Users\Jule\Desktop\viewer.exe [2013.07.25 11:03:28 | 000,002,221 | ---- | C] () -- C:\Users\Jule\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013.07.25 11:02:23 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.25 11:02:21 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.25 02:15:19 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum [2013.07.25 02:15:19 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum [2013.07.25 02:15:19 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum [2013.07.24 21:08:06 | 002,210,313 | ---- | C] () -- C:\Users\Jule\Desktop\ultimacenaLC.jpg [2013.07.24 17:45:32 | 000,033,333 | ---- | C] () -- C:\Users\Jule\Desktop\Unbenannt.jpg [2013.07.24 17:45:32 | 000,018,314 | ---- | C] () -- C:\Users\Jule\AppData\Local\recently-used.xbel [2013.07.24 17:45:14 | 000,270,530 | ---- | C] () -- C:\Users\Jule\Documents\Unbenannt.xcf [2013.07.24 14:34:28 | 000,008,288 | ---- | C] () -- C:\Users\Jule\Desktop\pets.list [2013.07.24 11:05:20 | 000,348,123 | ---- | C] () -- C:\Users\Jule\Desktop\OKohneText - Kopie.jpg [2013.07.24 01:01:10 | 000,471,444 | ---- | C] () -- C:\Users\Jule\Desktop\OKohneText.jpg [2013.07.23 23:02:16 | 000,191,993 | ---- | C] () -- C:\Users\Jule\Desktop\Image-1.png [2013.07.23 22:56:13 | 000,142,794 | ---- | C] () -- C:\Users\Jule\Desktop\Image-0.png [2013.05.21 11:07:33 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.05.21 11:07:31 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2012.11.29 18:41:15 | 000,007,606 | ---- | C] () -- C:\Users\Jule\AppData\Local\Resmon.ResmonCfg [2012.10.04 07:57:16 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2012.10.04 07:55:07 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.10.03 14:53:05 | 004,211,072 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012.10.03 14:53:05 | 001,368,444 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012.10.03 14:53:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012.10.03 14:53:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.24 23:39:39 | 000,000,000 | ---D | M] -- C:\Users\Jule\AppData\Roaming\Aeria Games & Entertainment [2013.07.25 02:05:22 | 000,000,000 | ---D | M] -- C:\Users\Jule\AppData\Roaming\BabSolution [2013.04.12 17:40:51 | 000,000,000 | ---D | M] -- C:\Users\Jule\AppData\Roaming\Babylon [2013.07.24 00:15:12 | 000,000,000 | ---D | M] -- C:\Users\Jule\AppData\Roaming\DealPly [2013.07.24 00:14:58 | 000,000,000 | ---D | M] -- C:\Users\Jule\AppData\Roaming\DSite [2013.03.04 14:14:36 | 000,000,000 | ---D | M] -- C:\Users\Jule\AppData\Roaming\GetRightToGo [2013.01.08 11:40:14 | 000,000,000 | ---D | M] -- C:\Users\Jule\AppData\Roaming\Kalydo [2013.07.25 02:08:44 | 000,000,000 | ---D | M] -- C:\Users\Jule\AppData\Roaming\SleepTimerUltimate [2013.07.25 01:16:33 | 000,000,000 | ---D | M] -- C:\Users\Jule\AppData\Roaming\Systweak [2013.07.16 15:44:46 | 000,000,000 | ---D | M] -- C:\Users\Jule\AppData\Roaming\TechSmith ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.07.2013 11:29:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jule\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 73,53% Memory free
5,99 Gb Paging File | 5,08 Gb Available in Paging File | 84,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 203,13 Gb Free Space | 68,17% Space Free | Partition Type: NTFS
Computer Name: JULE-PC | User Name: Jule | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CF48F10-5B78-4546-8FF3-3A1F6D9AD770}" = lport=138 | protocol=17 | dir=in | app=system |
"{116ADF75-3683-4869-9381-82C127387C89}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{130E1566-93C9-429A-8021-A3A87FC8F20F}" = rport=139 | protocol=6 | dir=out | app=system |
"{139D1C0B-54E4-4C3F-8DEA-72A6B99C52EA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{18DB763B-C4B6-4873-AB95-1E2DF77EF8C6}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2B1A03B3-D246-4EA6-9318-856DCC9DA6F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{306E81A2-A3BF-4AB6-B417-0A11FA17CDB0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{357D83D9-2D41-4B73-9FFB-79724BBF4973}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3CF7F676-8C0B-4641-9089-278E2F846BCC}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3EE45D03-E29D-4B5B-9A4B-133EE85B413E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{41848E25-39F8-4235-98C9-EE1B52AFB26C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4F2CD11B-4E6C-4758-A075-5A870F2F4BF2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{595B46A9-D895-49CA-922F-DAD3BFA5EB2F}" = rport=2869 | protocol=6 | dir=out | app=system |
"{59C4198B-D25D-4E93-B2F5-AD5569F1D995}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{654926AB-45E9-4BF8-8D1E-2BF2BD634E4A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{658FABBB-3EAB-401F-9D85-350D4C86EB27}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6C30240C-FD3C-445A-BC81-E9A8084C082C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{744EAC9D-25AE-4248-8D8B-AFC60CA1C5AB}" = lport=137 | protocol=17 | dir=in | app=system |
"{76E4920A-E17C-43BF-946C-CFBB5045C19E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D19E0F6-BB39-47B0-BFB5-B2FC1CECC5FB}" = rport=137 | protocol=17 | dir=out | app=system |
"{7FC2A806-3631-4B9F-B382-217F355A5CFA}" = rport=445 | protocol=6 | dir=out | app=system |
"{817A15C0-B660-42CD-95EB-4707DD6370E0}" = lport=139 | protocol=6 | dir=in | app=system |
"{85D053DC-D5A7-4EB8-9E00-34CB39A95BAB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9D76BB0F-B164-4F06-A9CD-30B5DC995277}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A2C62AD1-0950-44AB-BFFF-97142DA60CA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2F645A9-8754-44A8-9C80-9785A7EA86B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A8E107FF-3C50-4EF7-9E68-4874F60155A3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AF9CE09B-02BD-4F9B-B19B-7376CACB09EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B00DE3D1-463B-43D7-88EB-0E35C18D7405}" = rport=2869 | protocol=6 | dir=out | app=system |
"{D8A04150-A88C-457A-B72F-1A2D372F2800}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB8528A7-991B-4326-8AEB-57DA42B0C4ED}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E0081A6A-287B-4D75-B5C7-6D0BC88AB595}" = rport=138 | protocol=17 | dir=out | app=system |
"{E27286BE-02C0-484E-92CE-87354FF54627}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E693306B-3DF2-4B2B-ABD1-64B66FDE456B}" = lport=445 | protocol=6 | dir=in | app=system |
"{E850B0A7-D70A-403A-9C35-E15215C51C3B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EA79D69D-32CE-4381-9921-D02B18B9AB9E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC108443-52D4-40C2-B2EF-5CFBDC43B643}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FA34314D-22F4-4E2F-B2C1-3864ABC63F97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D04557-A2FB-41A6-AF9A-AED678731591}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{06108A22-B3F5-40DB-8DCB-CFA6666BB022}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{17D997D0-F3B2-491B-9949-C9A5485A88EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4D372B8E-D05A-4E7D-8C9D-348F9F75D2AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6975D03B-81A1-46F0-8F94-04CE4415FF5E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{76F5D6CD-4E34-433A-881E-1E849504CEEC}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{78742348-976B-4659-A422-DB01D9144E32}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{89A26668-DE3D-4391-9567-5C1B36800142}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8E8D15F2-0B94-4E83-9B92-4953327A26CA}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{93B063E2-419D-418D-B843-689816B72EE6}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{A802CFE5-0FD7-482E-87A0-BD12845F709C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C3415366-7EB6-471A-ABEA-3ECE8FEFFC85}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C40E882C-EF1B-4D2E-AD5E-96A99AB9651A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD91B0FD-84C5-4CDA-9158-B2DC8C0F82B1}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D44D3E23-B121-42ED-B1EF-B9AE3CA70FB7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D687027F-7271-4112-A154-CA69CFE98161}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F0D8ADFD-5CD4-4531-B941-6F298817EB2E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F4B740AD-9B76-4B25-A28A-F6A2F7992A5F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F9AF66E9-EF39-4291-9DE0-6F4241529473}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{FBDE9094-44FC-457A-BF4E-0B1FDB8C3961}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{BF0D700B-DA4B-4372-9585-DC63A0B63413}C:\users\jule\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\jule\appdata\local\akamai\netsession_win.exe |
"UDP Query User{DA4DE16A-2F0C-4E13-9EFD-09D3EAF40EF6}C:\users\jule\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\jule\appdata\local\akamai\netsession_win.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EE56463-49B2-45E1-B74F-3E0139DBC986}_is1" = SleepTimer Ultimate 1.2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1" = AION Free-to-Play Version 1.0
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.3.0 "Legend"
"{A86A50FC-7C22-478B-BAEF-82393328825F}" = LastChaosGER
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}" = WinZip 17.5
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Google Chrome" = Google Chrome
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.07.2013 04:33:02 | Computer Name = Jule-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 25.07.2013 04:47:34 | Computer Name = Jule-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 25.07.2013 04:47:34 | Computer Name = Jule-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 25.07.2013 04:47:34 | Computer Name = Jule-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "SMSvcHost 4.0.0.0" (SMSvcHost 4.0.0.0). Der Fehlercode ist das erste
DWORD im Datenbereich.
Error - 25.07.2013 04:47:36 | Computer Name = Jule-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 25.07.2013 04:47:36 | Computer Name = Jule-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 25.07.2013 04:47:36 | Computer Name = Jule-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "MSDTC Bridge 4.0.0.0" (MSDTC Bridge 4.0.0.0). Der Fehlercode ist das
erste DWORD im Datenbereich.
Error - 25.07.2013 05:02:29 | Computer Name = Jule-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 25.07.2013 05:02:29 | Computer Name = Jule-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 25.07.2013 05:02:29 | Computer Name = Jule-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
[ Media Center Events ]
Error - 20.10.2012 01:56:52 | Computer Name = Jule-PC | Source = MCUpdate | ID = 0
Description = 07:56:52 - Error connecting to the internet. 07:56:52 - Unable
to contact server..
Error - 20.10.2012 01:57:02 | Computer Name = Jule-PC | Source = MCUpdate | ID = 0
Description = 07:56:57 - Error connecting to the internet. 07:56:57 - Unable
to contact server..
Error - 17.11.2012 05:02:31 | Computer Name = Jule-PC | Source = MCUpdate | ID = 0
Description = 10:02:30 - Failed to retrieve Directory (Error: Unable to connect
to the remote server)
Error - 01.12.2012 08:53:36 | Computer Name = Jule-PC | Source = MCUpdate | ID = 0
Description = 13:53:36 - Error connecting to the internet. 13:53:36 - Unable
to contact server..
Error - 01.12.2012 08:53:46 | Computer Name = Jule-PC | Source = MCUpdate | ID = 0
Description = 13:53:41 - Error connecting to the internet. 13:53:41 - Unable
to contact server..
[ System Events ]
Error - 04.03.2013 05:52:30 | Computer Name = Jule-PC | Source = BugCheck | ID = 1001
Description =
Error - 04.03.2013 13:25:41 | Computer Name = Jule-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?03.?2013 um 18:24:19 unerwartet heruntergefahren.
Error - 09.03.2013 18:01:34 | Computer Name = Jule-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?03.?2013 um 23:00:48 unerwartet heruntergefahren.
Error - 09.03.2013 18:27:49 | Computer Name = Jule-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?03.?2013 um 23:26:29 unerwartet heruntergefahren.
Error - 11.03.2013 05:36:35 | Computer Name = Jule-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?03.?2013 um 10:28:15 unerwartet heruntergefahren.
Error - 17.03.2013 06:53:54 | Computer Name = Jule-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?03.?2013 um 11:52:55 unerwartet heruntergefahren.
Error - 23.03.2013 06:02:15 | Computer Name = Jule-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?03.?2013 um 02:45:19 unerwartet heruntergefahren.
Error - 27.03.2013 04:11:30 | Computer Name = Jule-PC | Source = DCOM | ID = 10010
Description =
Error - 13.04.2013 05:39:58 | Computer Name = Jule-PC | Source = DCOM | ID = 10010
Description =
Error - 18.04.2013 03:36:43 | Computer Name = Jule-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?04.?2013 um 23:31:12 unerwartet heruntergefahren.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-25 12:11:49
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Jule\AppData\Local\Temp\kxldypow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8C323610]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x92A1B5FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8C3240E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8C32FF18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8C32FF64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8C3300FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8C32FE86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x92A1B992]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8C32FECE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8C3245E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8C324800]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8C3300B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8C324E9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8C323676]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x8C328596]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x92A1B6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x92A19C12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8C3236DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8C32898C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8C32592C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8C32FF42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8C32FF86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8C330122]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8C32FEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x8C327E78]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8C330036]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8C32FEF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x8C32826E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8C3300DC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x92A1B822]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8C3257F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8C325506]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8C323742]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8C3237A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8C324D16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8C3232F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8C3234CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8C32345C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8C325066]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8C3251C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8C323556]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x92A1B8EA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8C324CF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x92A19C42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8C32380E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x92A1B76E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x92A34E00]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 82C389E5 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C58512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 1393 82C5F988 4 Bytes [10, 36, 32, 8C]
.text ntoskrnl.exe!KeRemoveQueueEx + 13BB 82C5F9B0 4 Bytes [FA, B5, A1, 92] {CLI ; MOV CH, 0xa1; XCHG EDX, EAX}
.text ntoskrnl.exe!KeRemoveQueueEx + 141B 82C5FA10 4 Bytes [E6, 40, 32, 8C]
.text ntoskrnl.exe!KeRemoveQueueEx + 146F 82C5FA64 8 Bytes [18, FF, 32, 8C, 64, FF, 32, ...]
.text ntoskrnl.exe!KeRemoveQueueEx + 147B 82C5FA70 4 Bytes [FE, 00, 33, 8C]
.text ...
PAGE ntoskrnl.exe!ObMakeTemporaryObject 82DE54D6 5 Bytes JMP 92A31C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!RtlCompareUnicodeStrings + 50C 82E0CA46 5 Bytes JMP 92A337CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 108 82E131A1 4 Bytes CALL 8C325FEF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 122 82E4FED9 4 Bytes CALL 8C326005 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 82ED5A6E 7 Bytes JMP 92A34E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text autochk.exe 002011D1 2 Bytes [1D, 20]
.text autochk.exe 002011D4 3 Bytes [50, 12, 20] {PUSH EAX; ADC AH, [EAX]}
.text autochk.exe 002011D8 3 Bytes [D8, 1D, 20]
.text autochk.exe 002011DC 3 Bytes [58, 12, 20] {POP EAX; ADC AH, [EAX]}
.text autochk.exe 002011E0 3 Bytes [60, 12, 20] {PUSHA ; ADC AH, [EAX]}
.text ...
.text kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[408] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[468] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[480] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Windows\system32\services.exe[524] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text ...
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtCreateFile + 6 770155CE 4 Bytes [28, 9C, 02, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtCreateFile + B 770155D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtMapViewOfSection + 6 77015C2E 4 Bytes [28, 9F, 02, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtMapViewOfSection + B 77015C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtOpenFile + 6 77015CDE 4 Bytes [68, 9C, 02, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtOpenFile + B 77015CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtOpenProcess + 6 77015D8E 4 Bytes [A8, 9D, 02, 01] {TEST AL, 0x9d; ADD AL, [ECX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtOpenProcess + B 77015D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtOpenProcessToken + 6 77015D9E 4 Bytes CALL 76026040 C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtOpenProcessToken + B 77015DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtOpenProcessTokenEx + 6 77015DAE 4 Bytes [A8, 9E, 02, 01] {TEST AL, 0x9e; ADD AL, [ECX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtOpenProcessTokenEx + B 77015DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtOpenThread + 6 77015E0E 4 Bytes [68, 9D, 02, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtOpenThread + B 77015E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtOpenThreadToken + 6 77015E1E 4 Bytes [68, 9E, 02, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtOpenThreadToken + B 77015E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtOpenThreadTokenEx + 6 77015E2E 4 Bytes CALL 760260D1 C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtOpenThreadTokenEx + B 77015E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtQueryAttributesFile + 6 77015F3E 4 Bytes [A8, 9C, 02, 01] {TEST AL, 0x9c; ADD AL, [ECX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtQueryAttributesFile + B 77015F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtQueryFullAttributesFile + 6 77015FEE 4 Bytes CALL 7602628F C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtQueryFullAttributesFile + B 77015FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtSetInformationFile + 6 7701663E 4 Bytes [28, 9D, 02, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtSetInformationFile + B 77016643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtSetInformationThread + 6 7701669E 4 Bytes [28, 9E, 02, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtSetInformationThread + B 770166A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtUnmapViewOfSection + 6 770169BE 4 Bytes [68, 9F, 02, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!NtUnmapViewOfSection + B 770169C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!LdrUnloadDll 7702C86E 5 Bytes JMP 010E03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] ntdll.dll!LdrLoadDll 7703223E 5 Bytes JMP 010E01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] USER32.dll!UnhookWindowsHookEx 7713ADF9 5 Bytes JMP 010F0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] USER32.dll!UnhookWinEvent 7713B750 5 Bytes JMP 010F03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] USER32.dll!SetWindowsHookExW 7713E30C 5 Bytes JMP 010F0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] USER32.dll!SetWinEventHook 771424DC 5 Bytes JMP 010F01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1728] USER32.dll!SetWindowsHookExA 77166D0C 5 Bytes JMP 010F0600
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2348] ntdll.dll!LdrUnloadDll 7702C86E 5 Bytes JMP 000603FC
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2348] ntdll.dll!LdrLoadDll 7703223E 5 Bytes JMP 000601F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2348] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2348] USER32.dll!UnhookWindowsHookEx 7713ADF9 5 Bytes JMP 00080A08
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2348] USER32.dll!UnhookWinEvent 7713B750 5 Bytes JMP 000803FC
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2348] USER32.dll!SetWindowsHookExW 7713E30C 5 Bytes JMP 00080804
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2348] USER32.dll!SetWinEventHook 771424DC 5 Bytes JMP 000801F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2348] USER32.dll!SetWindowsHookExA 77166D0C 5 Bytes JMP 00080600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtCreateFile + 6 770155CE 4 Bytes [28, 1C, 72, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtCreateFile + B 770155D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtMapViewOfSection + 6 77015C2E 4 Bytes [28, 1F, 72, 00] {SUB [EDI], BL; JB 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtMapViewOfSection + B 77015C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenFile + 6 77015CDE 4 Bytes [68, 1C, 72, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenFile + B 77015CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenProcess + 6 77015D8E 4 Bytes [A8, 1D, 72, 00] {TEST AL, 0x1d; JB 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenProcess + B 77015D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenProcessToken + 6 77015D9E 4 Bytes CALL 7601CFC0 C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenProcessToken + B 77015DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenProcessTokenEx + 6 77015DAE 4 Bytes [A8, 1E, 72, 00] {TEST AL, 0x1e; JB 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenProcessTokenEx + B 77015DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenThread + 6 77015E0E 4 Bytes [68, 1D, 72, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenThread + B 77015E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenThreadToken + 6 77015E1E 4 Bytes [68, 1E, 72, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenThreadToken + B 77015E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenThreadTokenEx + 6 77015E2E 4 Bytes CALL 7601D051 C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtOpenThreadTokenEx + B 77015E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtQueryAttributesFile + 6 77015F3E 4 Bytes [A8, 1C, 72, 00] {TEST AL, 0x1c; JB 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtQueryAttributesFile + B 77015F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtQueryFullAttributesFile + 6 77015FEE 4 Bytes CALL 7601D20F C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtQueryFullAttributesFile + B 77015FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtSetInformationFile + 6 7701663E 4 Bytes [28, 1D, 72, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtSetInformationFile + B 77016643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtSetInformationThread + 6 7701669E 4 Bytes [28, 1E, 72, 00] {SUB [ESI], BL; JB 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtSetInformationThread + B 770166A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtUnmapViewOfSection + 6 770169BE 4 Bytes [68, 1F, 72, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!NtUnmapViewOfSection + B 770169C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!LdrUnloadDll 7702C86E 5 Bytes JMP 009003FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] ntdll.dll!LdrLoadDll 7703223E 5 Bytes JMP 009001F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] USER32.dll!UnhookWindowsHookEx 7713ADF9 5 Bytes JMP 00910A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] USER32.dll!UnhookWinEvent 7713B750 5 Bytes JMP 009103FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] USER32.dll!SetWindowsHookExW 7713E30C 5 Bytes JMP 00910804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] USER32.dll!SetWinEventHook 771424DC 5 Bytes JMP 009101F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2564] USER32.dll!SetWindowsHookExA 77166D0C 5 Bytes JMP 00910600
.text C:\Windows\system32\nvvsvc.exe[2620] ntdll.dll!LdrUnloadDll 7702C86E 5 Bytes JMP 001E03FC
.text C:\Windows\system32\nvvsvc.exe[2620] ntdll.dll!LdrLoadDll 7703223E 5 Bytes JMP 001E01F8
.text C:\Windows\system32\nvvsvc.exe[2620] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[2620] USER32.dll!UnhookWindowsHookEx 7713ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\nvvsvc.exe[2620] USER32.dll!UnhookWinEvent 7713B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\nvvsvc.exe[2620] USER32.dll!SetWindowsHookExW 7713E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\nvvsvc.exe[2620] USER32.dll!SetWinEventHook 771424DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\nvvsvc.exe[2620] USER32.dll!SetWindowsHookExA 77166D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\taskhost.exe[2744] ntdll.dll!LdrUnloadDll 7702C86E 5 Bytes JMP 000D03FC
.text C:\Windows\system32\taskhost.exe[2744] ntdll.dll!LdrLoadDll 7703223E 5 Bytes JMP 000D01F8
.text C:\Windows\system32\taskhost.exe[2744] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[2744] USER32.dll!UnhookWindowsHookEx 7713ADF9 5 Bytes JMP 00120A08
.text C:\Windows\system32\taskhost.exe[2744] USER32.dll!UnhookWinEvent 7713B750 5 Bytes JMP 001203FC
.text C:\Windows\system32\taskhost.exe[2744] USER32.dll!SetWindowsHookExW 7713E30C 5 Bytes JMP 00120804
.text C:\Windows\system32\taskhost.exe[2744] USER32.dll!SetWinEventHook 771424DC 5 Bytes JMP 001201F8
.text C:\Windows\system32\taskhost.exe[2744] USER32.dll!SetWindowsHookExA 77166D0C 5 Bytes JMP 00120600
.text C:\Users\Jule\Downloads\gmer_2.1.19163.exe[2788] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Windows\system32\sppsvc.exe[2832] ntdll.dll!LdrUnloadDll 7702C86E 5 Bytes JMP 000F03FC
.text C:\Windows\system32\sppsvc.exe[2832] ntdll.dll!LdrLoadDll 7703223E 5 Bytes JMP 000F01F8
.text C:\Windows\system32\sppsvc.exe[2832] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Windows\system32\sppsvc.exe[2832] USER32.dll!UnhookWindowsHookEx 7713ADF9 5 Bytes JMP 00110A08
.text C:\Windows\system32\sppsvc.exe[2832] USER32.dll!UnhookWinEvent 7713B750 5 Bytes JMP 001103FC
.text C:\Windows\system32\sppsvc.exe[2832] USER32.dll!SetWindowsHookExW 7713E30C 5 Bytes JMP 00110804
.text C:\Windows\system32\sppsvc.exe[2832] USER32.dll!SetWinEventHook 771424DC 5 Bytes JMP 001101F8
.text C:\Windows\system32\sppsvc.exe[2832] USER32.dll!SetWindowsHookExA 77166D0C 5 Bytes JMP 00110600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtCreateFile + 6 770155CE 4 Bytes [28, 3C, DE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtCreateFile + B 770155D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtMapViewOfSection + 6 77015C2E 4 Bytes [28, 3F, DE, 00] {SUB [EDI], BH; FIADD WORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtMapViewOfSection + B 77015C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenFile + 6 77015CDE 4 Bytes [68, 3C, DE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenFile + B 77015CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcess + 6 77015D8E 4 Bytes [A8, 3D, DE, 00] {TEST AL, 0x3d; FIADD WORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcess + B 77015D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessToken + 6 77015D9E 4 Bytes CALL 76023BE0 C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessToken + B 77015DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessTokenEx + 6 77015DAE 4 Bytes [A8, 3E, DE, 00] {TEST AL, 0x3e; FIADD WORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenProcessTokenEx + B 77015DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThread + 6 77015E0E 4 Bytes [68, 3D, DE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThread + B 77015E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadToken + 6 77015E1E 4 Bytes [68, 3E, DE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadToken + B 77015E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadTokenEx + 6 77015E2E 4 Bytes CALL 76023C71 C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtOpenThreadTokenEx + B 77015E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryAttributesFile + 6 77015F3E 4 Bytes [A8, 3C, DE, 00] {TEST AL, 0x3c; FIADD WORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryAttributesFile + B 77015F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryFullAttributesFile + 6 77015FEE 4 Bytes CALL 76023E2F C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtQueryFullAttributesFile + B 77015FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationFile + 6 7701663E 4 Bytes [28, 3D, DE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationFile + B 77016643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationThread + 6 7701669E 4 Bytes [28, 3E, DE, 00] {SUB [ESI], BH; FIADD WORD [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtSetInformationThread + B 770166A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtUnmapViewOfSection + 6 770169BE 4 Bytes [68, 3F, DE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!NtUnmapViewOfSection + B 770169C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!LdrUnloadDll 7702C86E 5 Bytes JMP 00EA03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] ntdll.dll!LdrLoadDll 7703223E 5 Bytes JMP 00EA01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] USER32.dll!UnhookWindowsHookEx 7713ADF9 5 Bytes JMP 00EB0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] USER32.dll!UnhookWinEvent 7713B750 5 Bytes JMP 00EB03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] USER32.dll!SetWindowsHookExW 7713E30C 5 Bytes JMP 00EB0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] USER32.dll!SetWinEventHook 771424DC 5 Bytes JMP 00EB01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3132] USER32.dll!SetWindowsHookExA 77166D0C 5 Bytes JMP 00EB0600
.text C:\Windows\system32\Dwm.exe[3152] ntdll.dll!LdrUnloadDll 7702C86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\Dwm.exe[3152] ntdll.dll!LdrLoadDll 7703223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\Dwm.exe[3152] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3152] USER32.dll!UnhookWindowsHookEx 7713ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[3152] USER32.dll!UnhookWinEvent 7713B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[3152] USER32.dll!SetWindowsHookExW 7713E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[3152] USER32.dll!SetWinEventHook 771424DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[3152] USER32.dll!SetWindowsHookExA 77166D0C 5 Bytes JMP 000F0600
.text C:\Windows\Explorer.EXE[3160] ntdll.dll!LdrUnloadDll 7702C86E 5 Bytes JMP 000E03FC
.text C:\Windows\Explorer.EXE[3160] ntdll.dll!LdrLoadDll 7703223E 5 Bytes JMP 000E01F8
.text C:\Windows\Explorer.EXE[3160] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[3160] USER32.dll!UnhookWindowsHookEx 7713ADF9 5 Bytes JMP 00100A08
.text C:\Windows\Explorer.EXE[3160] USER32.dll!UnhookWinEvent 7713B750 5 Bytes JMP 001003FC
.text C:\Windows\Explorer.EXE[3160] USER32.dll!SetWindowsHookExW 7713E30C 5 Bytes JMP 00100804
.text C:\Windows\Explorer.EXE[3160] USER32.dll!SetWinEventHook 771424DC 5 Bytes JMP 001001F8
.text C:\Windows\Explorer.EXE[3160] USER32.dll!SetWindowsHookExA 77166D0C 5 Bytes JMP 00100600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3292] kernel32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3368] ntdll.dll!LdrUnloadDll 7702C86E 5 Bytes JMP 002403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3368] ntdll.dll!LdrLoadDll 7703223E 5 Bytes JMP 002401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3368] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3368] USER32.dll!UnhookWindowsHookEx 7713ADF9 5 Bytes JMP 00260A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3368] USER32.dll!UnhookWinEvent 7713B750 5 Bytes JMP 002603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3368] USER32.dll!SetWindowsHookExW 7713E30C 5 Bytes JMP 00260804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3368] USER32.dll!SetWinEventHook 771424DC 5 Bytes JMP 002601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3368] USER32.dll!SetWindowsHookExA 77166D0C 5 Bytes JMP 00260600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3384] ntdll.dll!LdrUnloadDll 7702C86E 5 Bytes JMP 001F03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3384] ntdll.dll!LdrLoadDll 7703223E 5 Bytes JMP 001F01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3384] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3384] USER32.dll!UnhookWindowsHookEx 7713ADF9 5 Bytes JMP 00220A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3384] USER32.dll!UnhookWinEvent 7713B750 5 Bytes JMP 002203FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3384] USER32.dll!SetWindowsHookExW 7713E30C 5 Bytes JMP 00220804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3384] USER32.dll!SetWinEventHook 771424DC 5 Bytes JMP 002201F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3384] USER32.dll!SetWindowsHookExA 77166D0C 5 Bytes JMP 00220600
.text C:\Users\Jule\AppData\Local\Akamai\netsession_win.exe[3552] ntdll.dll!LdrUnloadDll 7702C86E 5 Bytes JMP 001D03FC
.text C:\Users\Jule\AppData\Local\Akamai\netsession_win.exe[3552] ntdll.dll!LdrLoadDll 7703223E 5 Bytes JMP 001D01F8
.text C:\Users\Jule\AppData\Local\Akamai\netsession_win.exe[3552] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Users\Jule\AppData\Local\Akamai\netsession_win.exe[3552] USER32.dll!UnhookWindowsHookEx 7713ADF9 5 Bytes JMP 001E0A08
.text C:\Users\Jule\AppData\Local\Akamai\netsession_win.exe[3552] USER32.dll!UnhookWinEvent 7713B750 5 Bytes JMP 001E03FC
.text C:\Users\Jule\AppData\Local\Akamai\netsession_win.exe[3552] USER32.dll!SetWindowsHookExW 7713E30C 5 Bytes JMP 001E0804
.text C:\Users\Jule\AppData\Local\Akamai\netsession_win.exe[3552] USER32.dll!SetWinEventHook 771424DC 5 Bytes JMP 001E01F8
.text C:\Users\Jule\AppData\Local\Akamai\netsession_win.exe[3552] USER32.dll!SetWindowsHookExA 77166D0C 5 Bytes JMP 001E0600
.text C:\Users\Jule\AppData\Local\Akamai\netsession_win.exe[3588] ntdll.dll!LdrUnloadDll 7702C86E 5 Bytes JMP 001603FC
.text C:\Users\Jule\AppData\Local\Akamai\netsession_win.exe[3588] ntdll.dll!LdrLoadDll 7703223E 5 Bytes JMP 001601F8
.text C:\Users\Jule\AppData\Local\Akamai\netsession_win.exe[3588] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Users\Jule\AppData\Local\Akamai\netsession_win.exe[3588] USER32.dll!UnhookWindowsHookEx 7713ADF9 5 Bytes JMP 002E0A08
.text C:\Users\Jule\AppData\Local\Akamai\netsession_win.exe[3588] USER32.dll!UnhookWinEvent 7713B750 5 Bytes JMP 002E03FC
.text C:\Users\Jule\AppData\Local\Akamai\netsession_win.exe[3588] USER32.dll!SetWindowsHookExW 7713E30C 5 Bytes JMP 002E0804
.text C:\Users\Jule\AppData\Local\Akamai\netsession_win.exe[3588] USER32.dll!SetWinEventHook 771424DC 5 Bytes JMP 002E01F8
.text C:\Users\Jule\AppData\Local\Akamai\netsession_win.exe[3588] USER32.dll!SetWindowsHookExA 77166D0C 5 Bytes JMP 002E0600
.text C:\Windows\System32\svchost.exe[3608] ntdll.dll!LdrUnloadDll 7702C86E 5 Bytes JMP 000E03FC
.text C:\Windows\System32\svchost.exe[3608] ntdll.dll!LdrLoadDll 7703223E 5 Bytes JMP 000E01F8
.text C:\Windows\System32\svchost.exe[3608] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3608] USER32.dll!UnhookWindowsHookEx 7713ADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\svchost.exe[3608] USER32.dll!UnhookWinEvent 7713B750 5 Bytes JMP 001003FC
.text C:\Windows\System32\svchost.exe[3608] USER32.dll!SetWindowsHookExW 7713E30C 5 Bytes JMP 00100804
.text C:\Windows\System32\svchost.exe[3608] USER32.dll!SetWinEventHook 771424DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\svchost.exe[3608] USER32.dll!SetWindowsHookExA 77166D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[3624] ntdll.dll!LdrUnloadDll 7702C86E 5 Bytes JMP 001203FC
.text C:\Windows\system32\svchost.exe[3624] ntdll.dll!LdrLoadDll 7703223E 5 Bytes JMP 001201F8
.text C:\Windows\system32\svchost.exe[3624] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3624] USER32.dll!UnhookWindowsHookEx 7713ADF9 3 Bytes JMP 00140A08
.text C:\Windows\system32\svchost.exe[3624] USER32.dll!UnhookWindowsHookEx + 4 7713ADFD 1 Byte [89]
.text C:\Windows\system32\svchost.exe[3624] USER32.dll!UnhookWinEvent 7713B750 3 Bytes JMP 001403FC
.text C:\Windows\system32\svchost.exe[3624] USER32.dll!UnhookWinEvent + 4 7713B754 1 Byte [89]
.text C:\Windows\system32\svchost.exe[3624] USER32.dll!SetWindowsHookExW 7713E30C 5 Bytes JMP 00140804
.text C:\Windows\system32\svchost.exe[3624] USER32.dll!SetWinEventHook 771424DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\svchost.exe[3624] USER32.dll!SetWindowsHookExA 77166D0C 5 Bytes JMP 00140600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!LdrUnloadDll 7702C86E 5 Bytes JMP 000E03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!LdrLoadDll 7703223E 5 Bytes JMP 000E01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] KERNEL32.dll!GetBinaryTypeW + 70 759669F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] USER32.dll!UnhookWindowsHookEx 7713ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] USER32.dll!UnhookWinEvent 7713B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] USER32.dll!SetWindowsHookExW 7713E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] USER32.dll!SetWinEventHook 771424DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4016] USER32.dll!SetWindowsHookExA 77166D0C 5 Bytes JMP 000F0600
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Files - GMER 2.1 ----
File C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom_new 0 bytes
File C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist_new 0 bytes
File C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist_new 0 bytes
File C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Safe Browsing Download_new 0 bytes
File C:\Users\Jule\AppData\Local\Google\Chrome\User Data\Safe Browsing Extension Blacklist_new 0 bytes
---- EOF - GMER 2.1 ----
 )C:\$Recycle.Bin\S-1-5-21-4015481925-822219318-49711164-1000\$RXFDUW0\HC2Setup.exe WIN32:Somoto - J [PUP] C:\$Recycle.Bin\S-1-5-21-4015481925-822219318-49711164-1000\$RXFDUW0\HC2Setup64.exe WIN32:Somoto-J[PUP] C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe WIN32:PUP-gen[PUP] C:\Users\Jule\AppData\Local\Temp\is357113909\SuperLyrics_1060-2024_v116.exe WIN32:AddLyrics-K[Adw] Hoffe das hilft soweit schon mal. Danke MfG |
| Themen zu XingHaoLyrics; WIN32 Somoto - B/J [PUP]; etc |
| 7-zip, akamai, antivirus, autorun, bho, desktop, error, failed, fehler, firefox, flash player, format, helper, homepage, install.exe, installation, launch, logfile, ntdll.dll, object, optimizerpro, plug-in, prozess, registry, rundll, scan, security, software, somoto, somoto-j, superlyrics, svchost.exe, udp, wajam, windows |
![XingHaoLyrics; WIN32 Somoto - B/J [PUP]; etc](iconimages/log-analyse-auswertung/xinghaolyrics-win32-somoto-b-j-pup-etc_ltr.gif)
Baum-Darstellung