| |
| |||||||
Log-Analyse und Auswertung: Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.02.2015, 21:48
| #1 |
 |  Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 Hi, nach Befall mit Schadsoftware lässt sich der Sicherheitscenterdienst nicht mehr aktivieren. System wurde von Malware befallen, die versuchte "Trojan.Ransomlock.G" in Minutenabstand zu installieren. Dies wurde von "Norton 360 Premier Edition" jedoch verhindert. Lt. Norton war Ausgangspunkt der Attacke windll32.exe in C:\Windows\SysWOW64 Habe mit "malwarebytes" gescannt und einige Dateien in Quarantäne genommen. Nach darauf folgender Herausnahme windll32.exe aus Autostart und Scan mit "tune up" läuft System nicht mehr erkennbar anders als vor dem Befall. Einziger erkennbarer Unterschied: der Sicherheitscenterdienst lässt sich nicht mehr aktivieren. malwarebytes und Norton finden nichts mehr. Bisher versucht: - manueller Start wie auf Microsoft Helppage beschrieben - Löschen des Repository-Ordners unter System32\Wbem (der unter SysWOW ist leer) und Neuaufsatz mit "net start winmgmt" auffällig ist, dass im Folder "Abhängigkeiten" keine Eintragungen vorhanden sind? Beim Versuch des manuellen Starts erscheint die Fehlermeldung 1068 "Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden" anbei die Log-Files FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by xxxxxxxxxxx (administrator) on DESKTOP-PC on 01-02-2015 19:44:13
Running from C:\Users\xxxxxxxxxxx\Downloads
Loaded Profiles: xxxxxxxxxxx (Available profiles: xxxxxxxxxxx)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(SYDATEC) C:\Program Files (x86)\SYDATEC\Password Guard v3\pwgtray.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
(LaCie SA) C:\Program Files (x86)\LaCie\Network Assistant\LaCie Network Assistant.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TUDefragBackend64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Users\xxxxxxxxxxx\Downloads\Defogger(3).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2009-09-01] (Nero AG)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2557976 2014-06-24] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [Password Guard v3] => C:\Program Files (x86)\SYDATEC\Password Guard v3\pwgtray.exe [675464 2009-10-27] (SYDATEC)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95536 2007-09-04] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [LaCie Ethernet Agent Startup] => C:\Program Files (x86)\LaCie\Network Assistant\LaCie Network Assistant.exe [5722112 2009-10-16] (LaCie SA)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\MountPoints2: {21ba2c39-e493-11e1-9d11-4061860dc6c8} - J:\setup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2010 Zahlungserinnerung.lnk
ShortcutTarget: Quicken 2010 Zahlungserinnerung.lnk -> C:\Program Files (x86)\Lexware\Quicken\2010\billmind.exe (Lexware GmbH & Co. KG)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?type=3&tp=iehome&locale=de_de&c=94&bd=pavilion&pf=cndt
HKU\S-1-5-21-232553567-516970607-3978274004-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cndt
SearchScopes: HKLM -> DefaultScope {134B5A9E-37E4-4B34-93B8-94ED49FF6DDB} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {134B5A9E-37E4-4B34-93B8-94ED49FF6DDB} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM -> {57948E9B-85E2-4A57-B023-93A71375A317} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> DefaultScope {134B5A9E-37E4-4B34-93B8-94ED49FF6DDB} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {134B5A9E-37E4-4B34-93B8-94ED49FF6DDB} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 -> {57948E9B-85E2-4A57-B023-93A71375A317} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-232553567-516970607-3978274004-1001 -> DefaultScope {134B5A9E-37E4-4B34-93B8-94ED49FF6DDB} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKU\S-1-5-21-232553567-516970607-3978274004-1001 -> {134B5A9E-37E4-4B34-93B8-94ED49FF6DDB} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKU\S-1-5-21-232553567-516970607-3978274004-1001 -> {3A8D9662-4E9F-4402-9DFC-4564479A471E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=C93D1590-C539-4FDB-8493-A71C05BAF874&apn_sauid=3DDC48D7-3EBF-412A-8BD7-DF1C6FBBA016
SearchScopes: HKU\S-1-5-21-232553567-516970607-3978274004-1001 -> {57948E9B-85E2-4A57-B023-93A71375A317} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-232553567-516970607-3978274004-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Winamp Toolbar Loader -> {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} -> C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-232553567-516970607-3978274004-1001 -> No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab
DPF: HKLM-x32 {28B66320-9687-4B13-8757-36F901887AB5} hxxp://fotobuch.whitewall.com/ips-opdata/layout/avenso/objects/canvasx.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: about:home
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=C93D1590-C539-4FDB-8493-A71C05BAF874&apn_ptnrs=9M&apn_sauid=3DDC48D7-3EBF-412A-8BD7-DF1C6FBBA016&apn_dtid=OSJ000&&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\searchplugins\safesearch.xml
FF Extension: 20-20 3D Viewer - C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\Extensions\2020Player@2020Technologies.com [2011-03-25]
FF Extension: Ask Toolbar - C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\Extensions\toolbar@ask.com [2012-10-18]
FF Extension: Winamp Toolbar - C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2013-04-09]
FF Extension: Garmin Communicator - C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-24]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-01-31]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-26]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-26]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [87344 2009-09-01] (Prolific Technology Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-06-24] (Sony Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\52C4E60E5.zot [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-10-25] (Devguru Co., Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation)
S3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [194048 2008-11-25] ( ) [File not signed]
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2009-02-20] (Siemens Home and Office Communication Devices GmbH & Co. KG)
S3 gwiopm; C:\Program Files (x86)\Slotman\gwiopm.sys [3904 1998-06-03] () [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20150130.001\IDSvia64.sys [668888 2015-01-16] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20150131.003\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20150131.003\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-07-23] (CyberLink Corp.)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 EST_BusEnum; system32\DRIVERS\GenBus.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-01 19:44 - 2015-02-01 19:44 - 00025256 _____ () C:\Users\xxxxxxxxxxx\Downloads\FRST.txt
2015-02-01 19:44 - 2015-02-01 19:44 - 00000000 ____D () C:\FRST
2015-02-01 19:43 - 2015-02-01 19:43 - 02131456 _____ (Farbar) C:\Users\xxxxxxxxxxx\Downloads\frst64.exe
2015-02-01 19:40 - 2015-02-01 19:40 - 00000000 _____ () C:\Users\xxxxxxxxxxx\defogger_reenable
2015-02-01 19:39 - 2015-02-01 19:39 - 00050477 _____ () C:\Users\xxxxxxxxxxx\Downloads\Defogger(3).exe
2015-02-01 19:36 - 2015-02-01 19:36 - 00001938 _____ () C:\Users\xxxxxxxxxxx\Documents\Malwarebytes20150125.txt
2015-01-31 15:06 - 2015-01-31 15:06 - 00664576 _____ () C:\Users\xxxxxxxxxxx\Downloads\MicrosoftFixit50562.msi
2015-01-30 12:42 - 2015-01-30 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-30 12:32 - 2015-01-30 12:32 - 37987520 _____ (Microsoft Corporation) C:\Users\xxxxxxxxxxx\Downloads\Windows-KB890830-x64-V5.20.exe
2015-01-25 22:40 - 2015-01-25 22:40 - 00353101 _____ () C:\Users\xxxxxxxxxxx\Downloads\MicrosoftFixit20084.mini.diagcab
2015-01-25 22:39 - 2015-01-25 22:40 - 01059840 _____ () C:\Users\xxxxxxxxxxx\Downloads\MicrosoftFixit50981.msi
2015-01-25 21:31 - 2015-02-01 19:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 21:31 - 2015-01-25 21:31 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-25 21:31 - 2015-01-25 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-25 21:31 - 2015-01-25 21:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-25 21:31 - 2015-01-25 21:31 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-25 21:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-25 21:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-25 21:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-25 21:30 - 2015-01-25 21:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\xxxxxxxxxxx\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-25 20:32 - 2015-01-25 20:32 - 00000000 ____D () C:\Users\xxxxxxxxxxx\Documents\ProcAlyzer Dumps
2015-01-25 19:46 - 2015-01-25 20:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-25 19:46 - 2015-01-25 19:46 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-25 19:46 - 2015-01-25 19:46 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-25 19:46 - 2015-01-25 19:46 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-25 19:46 - 2015-01-25 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-25 19:46 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-25 19:45 - 2015-01-25 19:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-25 19:42 - 2015-01-25 19:42 - 01191200 _____ () C:\Users\xxxxxxxxxxx\Downloads\SpyBot Search Destroy - CHIP-Installer(1).exe
2015-01-25 19:40 - 2015-01-25 19:40 - 01191200 _____ () C:\Users\xxxxxxxxxxx\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-01-24 20:25 - 2015-01-24 20:25 - 00000256 _____ () C:\Users\xxxxxxxxxxx\Downloads\defogger_enable.log
2015-01-24 20:24 - 2015-01-24 20:24 - 00050477 _____ () C:\Users\xxxxxxxxxxx\Downloads\Defogger(2).exe
2015-01-24 20:21 - 2015-01-24 20:21 - 00050477 _____ () C:\Users\xxxxxxxxxxx\Downloads\Defogger(1).exe
2015-01-24 20:19 - 2015-02-01 19:40 - 00000484 _____ () C:\Users\xxxxxxxxxxx\Downloads\defogger_disable.log
2015-01-24 20:18 - 2015-01-24 20:18 - 00050477 _____ () C:\Users\xxxxxxxxxxx\Downloads\Defogger.exe
2015-01-24 14:30 - 2015-01-24 15:15 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-01-24 14:30 - 2015-01-24 14:30 - 02935152 _____ () C:\Users\xxxxxxxxxxx\Downloads\SecurityTaskManager_Setup.exe
2015-01-24 14:30 - 2015-01-24 14:30 - 00001160 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-01-24 14:30 - 2015-01-24 14:30 - 00001149 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-01-24 14:30 - 2015-01-24 14:30 - 00001137 _____ () C:\Users\Public\Desktop\Security Task Manager.lnk
2015-01-24 14:30 - 2015-01-24 14:30 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Local\SecTaskMan
2015-01-24 14:30 - 2015-01-24 14:30 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2015-01-24 13:57 - 2015-01-24 13:57 - 00000000 ____D () C:\NPE
2015-01-24 13:52 - 2015-01-24 15:12 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Local\NPE
2015-01-16 11:35 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 11:35 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 11:35 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-16 11:35 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-16 11:35 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-16 11:35 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-16 11:35 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-16 11:35 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-16 11:35 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-16 11:35 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 11:35 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 11:35 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 11:35 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-02 07:59 - 2015-01-02 07:59 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-01 19:40 - 2009-11-13 16:19 - 00000000 ____D () C:\Users\xxxxxxxxxxx
2015-02-01 19:38 - 2011-11-08 20:00 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-01 19:28 - 2009-11-13 22:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 19:12 - 2012-04-20 05:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 18:43 - 2011-05-29 06:26 - 00000000 ____D () C:\Users\xxxxxxxxxxx\Documents\Outlook-Dateien
2015-02-01 18:42 - 2014-03-21 15:30 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Roaming\KeePass
2015-02-01 18:26 - 2009-09-25 02:05 - 01718868 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 04:28 - 2009-11-13 22:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 15:58 - 2009-11-13 16:20 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Local\Hewlett-Packard
2015-01-31 15:55 - 2013-04-10 09:29 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Local\CrashDumps
2015-01-31 15:39 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 15:39 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 15:32 - 2012-08-13 06:15 - 00000000 ____D () C:\Temp
2015-01-31 15:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 15:31 - 2009-07-14 05:51 - 00109345 _____ () C:\Windows\setupact.log
2015-01-31 15:19 - 2012-05-03 14:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-31 14:26 - 2009-09-18 20:39 - 00741970 _____ () C:\Windows\PFRO.log
2015-01-31 12:29 - 2009-11-13 21:22 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-01-25 23:31 - 2010-05-13 11:16 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Roaming\HpUpdate
2015-01-25 22:14 - 2009-11-13 16:26 - 00133760 _____ () C:\Users\xxxxxxxxxxx\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-25 22:13 - 2009-07-14 05:45 - 00480016 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-25 21:45 - 2009-07-14 08:45 - 00000000 ____D () C:\Windows\ShellNew
2015-01-25 21:12 - 2012-04-20 05:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 21:12 - 2012-04-20 05:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 21:12 - 2011-05-15 06:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 13:52 - 2009-09-18 20:50 - 00000000 ____D () C:\ProgramData\Norton
2015-01-16 12:42 - 2013-08-16 06:10 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 12:14 - 2009-09-19 06:25 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-01-16 12:14 - 2009-09-19 06:25 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-01-16 12:14 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 20:40 - 2012-02-10 09:24 - 00017447 _____ () C:\Users\xxxxxxxxxxx\Documents\SDK_Rückzahlungen.xlsx
2015-01-02 22:31 - 2014-08-22 06:28 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Local\Adobe
==================== Files in the root of some directories =======
2009-11-17 21:52 - 2009-11-17 21:52 - 3211264 _____ () C:\Program Files (x86)\Common FilesDDBACSetup.msi
2013-11-27 23:46 - 2013-11-27 23:46 - 49940480 _____ () C:\Program Files (x86)\GUT57F0.tmp
2009-11-21 23:05 - 2014-08-04 07:09 - 0000151 _____ () C:\Users\xxxxxxxxxxx\AppData\Roaming\default.rss
2010-02-09 08:16 - 2010-02-09 08:16 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\Devices
2010-02-09 08:15 - 2010-02-09 08:20 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\Dialogs
2010-02-09 08:20 - 2010-02-09 08:20 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\Dictionaries
2009-12-23 11:17 - 2009-12-23 11:17 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\Digital Basic
2009-12-14 20:53 - 2009-12-14 20:53 - 0000000 _____ () C:\Users\xxxxxxxxxxx\AppData\Roaming\downloads.m3u
2009-11-16 20:35 - 2009-11-16 20:35 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\images
2009-11-16 20:29 - 2009-11-16 20:29 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\libiconv
2012-11-04 16:56 - 2014-02-13 07:15 - 0007599 _____ () C:\Users\xxxxxxxxxxx\AppData\Local\Resmon.ResmonCfg
2009-11-16 20:29 - 2009-11-16 20:29 - 0000268 ___RH () C:\ProgramData\Abstract
2009-11-16 20:35 - 2009-11-16 20:35 - 0000012 ___RH () C:\ProgramData\Alerts
2009-11-16 20:29 - 2009-11-16 20:29 - 0000012 ___RH () C:\ProgramData\Analog Pad
2010-02-09 08:16 - 2010-02-09 08:16 - 0000268 ___RH () C:\ProgramData\Digital Light
2010-02-09 08:15 - 2010-02-09 08:20 - 0000268 ___RH () C:\ProgramData\Digital Mono
2010-02-09 08:20 - 2010-02-09 08:20 - 0000268 ___RH () C:\ProgramData\DirectoryService
2009-12-23 11:17 - 2009-12-23 11:17 - 0000268 ___RH () C:\ProgramData\Displays
2010-02-09 08:16 - 2010-02-09 08:16 - 0000012 ___RH () C:\ProgramData\Licenses
2010-02-09 08:15 - 2010-02-09 08:20 - 0000012 ___RH () C:\ProgramData\Limiter
2010-02-09 08:20 - 2010-02-09 08:20 - 0000012 ___RH () C:\ProgramData\MAS
2009-12-23 11:17 - 2009-12-23 11:17 - 0000012 ___RH () C:\ProgramData\MIDI Devices
2010-02-09 08:20 - 2014-08-13 07:45 - 0000020 ____H () C:\ProgramData\PKP_DLbw.DAT
2010-02-09 08:13 - 2014-08-13 07:45 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2009-12-23 11:15 - 2014-08-13 07:45 - 0000020 ____H () C:\ProgramData\PKP_DLbz.DAT
2010-02-09 08:16 - 2010-02-09 08:16 - 0000020 ____H () C:\ProgramData\PKP_DLck.DAT
2009-11-16 20:35 - 2014-08-10 16:18 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2009-11-16 20:29 - 2014-05-18 21:30 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT
2009-11-16 20:35 - 2009-11-16 20:35 - 0000268 ___RH () C:\ProgramData\programs
2012-09-28 13:05 - 2012-09-28 13:05 - 0000138 _____ () C:\ProgramData\zltclhakprijrji
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 12:39
==================== End Of Log ============================
Additions: (musste ich wg. Überschreitung maximaler Anzahl Zeiche leider anhängen; Sorry!) Gmer Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-01 20:08:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.01.0 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\xxxxx~1\AppData\Local\Temp\fwliifoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff80002db8000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 495 fffff80002db802f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000773cfc80 5 bytes JMP 00000001002b012a
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773cfcb0 5 bytes JMP 00000001002b0bc2
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000773cfe14 5 bytes JMP 00000001002b0048
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtReadVirtualMemory 00000000773cfe90 5 bytes JMP 00000001002b0e68
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000773cfea8 5 bytes JMP 00000001002b0594
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000773cff24 5 bytes JMP 00000001002b0f4a
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000773d0004 5 bytes JMP 00000001002b0758
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773d0038 5 bytes JMP 00000001002b0ca4
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000773d0068 5 bytes JMP 00000001002b0d86
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000773d0084 5 bytes JMP 0000000100020050
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtAlertResumeThread 00000000773d02e8 5 bytes JMP 00000001002b020c
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773d079c 5 bytes JMP 00000001002b03d0
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000773d088c 5 bytes JMP 00000001002b09fe
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000773d08a4 2 bytes JMP 00000001002b091c
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 3 00000000773d08a7 2 bytes [EE, 88]
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000773d0df4 5 bytes JMP 00000001002b0676
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThreadEx 00000000773d15d4 5 bytes JMP 00000001002b02ee
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000773d1920 5 bytes JMP 00000001002b083a
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000773d1be4 5 bytes JMP 00000001002b0ae0
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000773d1d70 5 bytes JMP 00000001002b04b2
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000767e524f 7 bytes JMP 00000001002c04ba
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000767e53d0 7 bytes JMP 00000001002c0766
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000767e5677 7 bytes JMP 00000001002c059e
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000767e589a 7 bytes JMP 00000001002c020e
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000767e5a1d 7 bytes JMP 00000001002c092e
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000767e5c9b 7 bytes JMP 00000001002c0682
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000767e5d87 7 bytes JMP 00000001002c084a
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000767e7240 7 bytes JMP 00000001002c03d6
.text C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1560] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075051492 7 bytes JMP 00000001002c0cb8
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075371401 2 bytes JMP 7582b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075371419 2 bytes JMP 7582b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075371431 2 bytes JMP 758a8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007537144a 2 bytes CALL 758048ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753714dd 2 bytes JMP 758a87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753714f5 2 bytes JMP 758a8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007537150d 2 bytes JMP 758a8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075371525 2 bytes JMP 758a8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007537153d 2 bytes JMP 7581fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075371555 2 bytes JMP 758268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007537156d 2 bytes JMP 758a8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075371585 2 bytes JMP 758a8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007537159d 2 bytes JMP 758a865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753715b5 2 bytes JMP 7581fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753715cd 2 bytes JMP 7582b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753716b2 2 bytes JMP 758a8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753716bd 2 bytes JMP 758a85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075371401 2 bytes JMP 7582b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075371419 2 bytes JMP 7582b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075371431 2 bytes JMP 758a8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007537144a 2 bytes CALL 758048ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753714dd 2 bytes JMP 758a87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753714f5 2 bytes JMP 758a8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007537150d 2 bytes JMP 758a8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075371525 2 bytes JMP 758a8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007537153d 2 bytes JMP 7581fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075371555 2 bytes JMP 758268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007537156d 2 bytes JMP 758a8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075371585 2 bytes JMP 758a8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007537159d 2 bytes JMP 758a865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753715b5 2 bytes JMP 7581fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753715cd 2 bytes JMP 7582b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753716b2 2 bytes JMP 758a8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753716bd 2 bytes JMP 758a85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000773cfc80 5 bytes JMP 000000010033012a
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773cfcb0 5 bytes JMP 0000000100330bc2
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000773cfe14 5 bytes JMP 0000000100330048
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtReadVirtualMemory 00000000773cfe90 5 bytes JMP 0000000100330e68
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000773cfea8 5 bytes JMP 0000000100330594
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000773cff24 5 bytes JMP 0000000100330f4a
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000773d0004 5 bytes JMP 0000000100330758
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773d0038 5 bytes JMP 0000000100330ca4
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000773d0068 5 bytes JMP 0000000100330d86
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000773d0084 5 bytes JMP 0000000100030050
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtAlertResumeThread 00000000773d02e8 5 bytes JMP 000000010033020c
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773d079c 5 bytes JMP 00000001003303d0
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000773d088c 5 bytes JMP 00000001003309fe
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000773d08a4 2 bytes JMP 000000010033091c
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 3 00000000773d08a7 2 bytes [F6, 88]
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000773d0df4 5 bytes JMP 0000000100330676
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThreadEx 00000000773d15d4 5 bytes JMP 00000001003302ee
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000773d1920 5 bytes JMP 000000010033083a
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000773d1be4 5 bytes JMP 0000000100330ae0
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000773d1d70 5 bytes JMP 00000001003304b2
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000767e524f 7 bytes JMP 00000001003403d8
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000767e53d0 7 bytes JMP 0000000100340684
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000767e5677 7 bytes JMP 00000001003404bc
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000767e589a 7 bytes JMP 000000010034012c
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000767e5a1d 7 bytes JMP 000000010034084c
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000767e5c9b 7 bytes JMP 00000001003405a0
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000767e5d87 7 bytes JMP 0000000100340768
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000767e7240 7 bytes JMP 00000001003402f4
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075051492 7 bytes JMP 0000000100340a12
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075371401 2 bytes JMP 7582b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075371419 2 bytes JMP 7582b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075371431 2 bytes JMP 758a8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007537144a 2 bytes CALL 758048ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753714dd 2 bytes JMP 758a87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753714f5 2 bytes JMP 758a8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007537150d 2 bytes JMP 758a8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075371525 2 bytes JMP 758a8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007537153d 2 bytes JMP 7581fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075371555 2 bytes JMP 758268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007537156d 2 bytes JMP 758a8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075371585 2 bytes JMP 758a8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007537159d 2 bytes JMP 758a865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753715b5 2 bytes JMP 7581fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753715cd 2 bytes JMP 7582b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753716b2 2 bytes JMP 758a8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753716bd 2 bytes JMP 758a85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000773cfc80 5 bytes JMP 00000001001f012a
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773cfcb0 5 bytes JMP 00000001001f0bc2
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000773cfe14 5 bytes JMP 00000001001f0048
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtReadVirtualMemory 00000000773cfe90 5 bytes JMP 00000001001f0e68
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000773cfea8 5 bytes JMP 00000001001f0594
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000773cff24 5 bytes JMP 00000001001f0f4a
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000773d0004 5 bytes JMP 00000001001f0758
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773d0038 5 bytes JMP 00000001001f0ca4
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000773d0068 5 bytes JMP 00000001001f0d86
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000773d0084 5 bytes JMP 0000000100020050
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtAlertResumeThread 00000000773d02e8 5 bytes JMP 00000001001f020c
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773d079c 5 bytes JMP 00000001001f03d0
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000773d088c 5 bytes JMP 00000001001f09fe
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000773d08a4 2 bytes JMP 00000001001f091c
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 3 00000000773d08a7 2 bytes [E2, 88]
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000773d0df4 5 bytes JMP 00000001001f0676
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThreadEx 00000000773d15d4 5 bytes JMP 00000001001f02ee
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000773d1920 5 bytes JMP 00000001001f083a
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000773d1be4 5 bytes JMP 00000001001f0ae0
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000773d1d70 5 bytes JMP 00000001001f04b2
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075051492 7 bytes JMP 0000000100200af6
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000767e524f 7 bytes JMP 00000001002003d8
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000767e53d0 7 bytes JMP 0000000100200684
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000767e5677 7 bytes JMP 00000001002004bc
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000767e589a 7 bytes JMP 000000010020012c
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000767e5a1d 7 bytes JMP 000000010020084c
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000767e5c9b 7 bytes JMP 00000001002005a0
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000767e5d87 7 bytes JMP 0000000100200768
.text C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1944] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000767e7240 7 bytes JMP 00000001002002f4
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000773cfc80 5 bytes JMP 00000001001f012a
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773cfcb0 5 bytes JMP 00000001001f0bc2
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000773cfe14 5 bytes JMP 00000001001f0048
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtReadVirtualMemory 00000000773cfe90 5 bytes JMP 00000001001f0e68
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000773cfea8 5 bytes JMP 00000001001f0594
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000773cff24 5 bytes JMP 00000001001f0f4a
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000773d0004 5 bytes JMP 00000001001f0758
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773d0038 5 bytes JMP 00000001001f0ca4
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000773d0068 5 bytes JMP 00000001001f0d86
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000773d0084 5 bytes JMP 0000000100020050
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtAlertResumeThread 00000000773d02e8 5 bytes JMP 00000001001f020c
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000773d079c 5 bytes JMP 00000001001f03d0
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000773d088c 5 bytes JMP 00000001001f09fe
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000773d08a4 2 bytes JMP 00000001001f091c
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 3 00000000773d08a7 2 bytes [E2, 88]
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000773d0df4 5 bytes JMP 00000001001f0676
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThreadEx 00000000773d15d4 5 bytes JMP 00000001001f02ee
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000773d1920 5 bytes JMP 00000001001f083a
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000773d1be4 5 bytes JMP 00000001001f0ae0
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000773d1d70 5 bytes JMP 00000001001f04b2
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 00000000767e524f 7 bytes JMP 00000001002003d8
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000767e53d0 7 bytes JMP 0000000100200684
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 00000000767e5677 7 bytes JMP 00000001002004bc
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 00000000767e589a 7 bytes JMP 000000010020012c
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 00000000767e5a1d 7 bytes JMP 000000010020084c
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 00000000767e5c9b 7 bytes JMP 00000001002005a0
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 00000000767e5d87 7 bytes JMP 0000000100200768
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 00000000767e7240 7 bytes JMP 00000001002002f4
.text C:\Windows\SysWOW64\IoctlSvc.exe[2008] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075051492 7 bytes JMP 0000000100200930
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075371401 2 bytes JMP 7582b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075371419 2 bytes JMP 7582b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075371431 2 bytes JMP 758a8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007537144a 2 bytes CALL 758048ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000753714dd 2 bytes JMP 758a87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000753714f5 2 bytes JMP 758a8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007537150d 2 bytes JMP 758a8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075371525 2 bytes JMP 758a8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007537153d 2 bytes JMP 7581fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075371555 2 bytes JMP 758268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007537156d 2 bytes JMP 758a8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075371585 2 bytes JMP 758a8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007537159d 2 bytes JMP 758a865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000753715b5 2 bytes JMP 7581fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000753715cd 2 bytes JMP 7582b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000753716b2 2 bytes JMP 758a8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1120] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000753716bd 2 bytes JMP 758a85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075371401 2 bytes JMP 7582b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075371419 2 bytes JMP 7582b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075371431 2 bytes JMP 758a8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007537144a 2 bytes CALL 758048ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000753714dd 2 bytes JMP 758a87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000753714f5 2 bytes JMP 758a8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007537150d 2 bytes JMP 758a8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075371525 2 bytes JMP 758a8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007537153d 2 bytes JMP 7581fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075371555 2 bytes JMP 758268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007537156d 2 bytes JMP 758a8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075371585 2 bytes JMP 758a8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007537159d 2 bytes JMP 758a865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000753715b5 2 bytes JMP 7581fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000753715cd 2 bytes JMP 7582b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000753716b2 2 bytes JMP 758a8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000753716bd 2 bytes JMP 758a85f1 C:\Windows\syswow64\kernel32.dll
---- Threads - GMER 2.1 ----
Thread C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [1560:1588] 0000000000020064
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
sowie malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 25.01.2015 Suchlauf-Zeit: 21:31:37 Logdatei: Malwarebytes20150125.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.25.10 Rootkit Datenbank: v2015.01.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: xxxxxxxxxxx Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 359420 Verstrichene Zeit: 11 Min, 40 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 6 Trojan.Agent.ED, C:\ProgramData\5E06E4C25.cpp, Löschen bei Neustart, [a4fa7784533636009cb743ce4db546ba], Trojan.Agent.ED, C:\Users\xxxxxxxxxxx\AppData\Local\Temp\Low\GDKf.dll, In Quarantäne, [148a53a8f891f93d64ef7d9406fc40c0], Trojan.Agent.ED, C:\Users\xxxxxxxxxxx\AppData\Local\Temp\Low\oSy0.dll, In Quarantäne, [366805f64b3e3afc2b287e933ec42dd3], Trojan.Agent.ED, C:\Users\xxxxxxxxxxx\AppData\Local\Temp\Low\ReqJ.dll, In Quarantäne, [910dbd3eabde4bebfe555eb3d62c8878], Trojan.Agent.ED, C:\Users\xxxxxxxxxxx\AppData\Local\Temp\Low\zwx1.dll, In Quarantäne, [0f8f02f902876dc959fa5cb52bd7fe02], PUP.Optional.OpenCandy, C:\Users\xxxxxxxxxxx\Downloads\winamp563_full_emusic-7plus_de-de.exe, In Quarantäne, [396509f28900e4526d13e1ea0df852ae], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Alles was ein Neuaufsetzen des Systems vermeidet, wäre toll... Gruß |
| Themen zu Windows 7; Windows-Sicherheitscenter laesst sich nicht aktivieren, Fehler 1068 |
| .dll, administrator, adobe, bonjour, browser, canon, defender, explorer, fehler, fehlermeldung, firefox, flash player, home, homepage, hängen, malware, mozilla, neustart, registry, safer networking, schutz, security, services.exe, svchost.exe, symantec, windows, winlogon.exe |
Baum-Darstellung