Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Warnmeldung von der Telecom , bedrohung duch Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 04.02.2015, 20:21   #1
Steve71037
 
Warnmeldung von der Telecom , bedrohung duch Trojaner - Standard

Warnmeldung von der Telecom , bedrohung duch Trojaner



Hallo Gemeinde , ich habe vor ein paar Tagen einen Breif von der Telecom bekommen mit einer Sicherheitswarnung zwecks Trojaner befall. Ich babe daruf mein Vieren-Progamm gestartet ( SpyBot Vollversion) und glatt 4 bedrohungen gefungen und in Quarantäne gesetzt. alles soweit ok .Heute bekamm ich eine Meldeung vom Vierenprogramm ; Trojan.GenericKD.21331 -Infektion. ,wieder suchllauf gestartet und raus kam nix.

hier die log Datein ; Defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 07:36 on 31/01/2015 (R)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         


FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by R (administrator) on R-PC on 31-01-2015 07:45:12
Running from C:\Users\R\Desktop\Trojaner
Loaded Profiles: R (Available profiles: R)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mobsync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\recover.exe
(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe
(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\expand.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\subst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [401280 2014-06-20] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [plenty-row] => C:\Users\R\AppData\Roaming\Plentyreact\plenty-shift.exe [78336 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [zhlzhwhw] => C:\Users\R\AppData\Roaming\Ykcwbkgryi\kltmhwhw.exe [147968 2015-01-29] (IvoSoft)
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [lesson-guide] => C:\Users\R\AppData\Roaming\Lessonquestion\lesson_would.exe [78848 2015-01-30] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [body-lesson] => C:\Users\R\AppData\Roaming\Body-surprised\body-invest.exe [233472 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [box-scratch] => C:\Users\R\AppData\Local\Temp\Box_let\boxadmire.exe [141824 2015-01-29] () <===== ATTENTION
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [tooth-reflect] => C:\Users\R\AppData\Local\Tooth-upset\tooth_station.exe [182784 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [grade-collect] => C:\Users\R\AppData\Local\Grade-compare\grade-eat.exe [78336 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [string-iron] => C:\Users\R\AppData\Roaming\String_discount\string-dimension.exe [78336 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [string-iron] => C:\Users\R\AppData\Roaming\String_discount\string-dimension.exe [78336 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [box-scratch] => C:\Users\R\AppData\Local\Temp\Box_let\boxadmire.exe [141824 2015-01-29] () <===== ATTENTION
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [grade-collect] => C:\Users\R\AppData\Local\Grade-compare\grade-eat.exe [78336 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [tooth-reflect] => C:\Users\R\AppData\Local\Tooth-upset\tooth_station.exe [182784 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [body-lesson] => C:\Users\R\AppData\Roaming\Body-surprised\body-invest.exe [233472 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [lesson-guide] => C:\Users\R\AppData\Roaming\Lessonquestion\lesson_would.exe [78848 2015-01-30] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [plenty-row] => C:\Users\R\AppData\Roaming\Plentyreact\plenty-shift.exe [78336 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\MountPoints2: {1b8db0e6-06c9-11e2-949f-70f1a1ff571b} - E:\AutoRun.exe
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\MountPoints2: {1b8db0ee-06c9-11e2-949f-70f1a1ff571b} - E:\AutoRun.exe
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\MountPoints2: {353b29e5-c696-11e2-8f98-70f1a1ff571b} - E:\AutoRun.exe
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\MountPoints2: {8c5b3165-d3ee-11e2-bca9-70f1a1ff571b} - E:\AutoRun.exe
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\MountPoints2: {8cb19d51-085c-11e2-9f45-806e6f6e6963} - F:\AutoRun.exe
BootExecute: autocheck autochk * sdnclean64.exebddel.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1667074292-2624200287-3336342126-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1667074292-2624200287-3336342126-1000] => localhost:21320
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1667074292-2624200287-3336342126-1000 -> {3384522D-3201-4969-9DEC-57B0BA01B6A6} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npEModelPlugin.dll (Dassault Systèmes SolidWorks Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\searchplugins\google-maps.xml
FF Extension: Cliqz Beta - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\Extensions\cliqz@cliqz.com.xpi [2014-08-12]
FF Extension: Adblock Plus - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-05]
FF Extension: Click to call with Skype - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-26]
FF HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\extensions\cliqz@cliqz.com

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-11-19] (SolidWorks) [File not signed]
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 VTechUSBSocketService; C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe [82824 2013-03-29] (VTech)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [514144 2009-10-02] (ITETech                  )
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2011-12-08] () [File not signed]
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-10-27] (Emsisoft GmbH)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2011-12-08] () [File not signed]
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-30] (Malwarebytes Corporation)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
S2 VmodeNT; C:\Windows\SysWow64\Drivers\VmodeNT.sys [2528 1998-01-21] (k&k)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S2 hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 07:44 - 2015-01-31 07:44 - 00033458 _____ () C:\Users\R\Desktop\Addition.txt (2).txt
2015-01-31 07:43 - 2015-01-31 07:43 - 00026073 _____ () C:\Users\R\Desktop\FRST.txt
2015-01-31 07:42 - 2015-01-31 07:42 - 00033459 _____ () C:\Users\R\Desktop\Addition.txt
2015-01-31 07:40 - 2015-01-31 07:45 - 00000000 ____D () C:\FRST
2015-01-31 07:35 - 2015-01-31 07:35 - 00000000 _____ () C:\Users\R\defogger_reenable
2015-01-31 07:31 - 2015-01-31 07:45 - 00000000 ____D () C:\Users\R\Desktop\Trojaner
2015-01-30 19:26 - 2015-01-30 19:26 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Lessonquestion
2015-01-29 23:50 - 2015-01-29 23:50 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Body-surprised
2015-01-29 23:48 - 2015-01-29 23:48 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Ykcwbkgryi
2015-01-29 22:46 - 2015-01-29 22:46 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Plentyreact
2015-01-29 22:26 - 2015-01-29 22:26 - 00000000 ___HD () C:\Users\R\AppData\Local\Grade-compare
2015-01-29 05:39 - 2015-01-29 23:48 - 00000000 ___HD () C:\Users\R\AppData\Local\Ipvqn
2015-01-29 00:49 - 2015-01-29 00:49 - 00000000 ___HD () C:\Users\R\AppData\Local\Tooth-upset
2015-01-29 00:41 - 2015-01-29 00:41 - 00000000 ___HD () C:\Users\R\AppData\Roaming\String_discount
2015-01-27 08:18 - 2015-01-27 08:18 - 00000017 _____ () C:\Windows\㨀尀ؚ
2015-01-27 08:17 - 2015-01-27 08:17 - 00000030 _____ () C:\Windows\㨀尀̞
2015-01-26 20:56 - 2015-01-29 22:50 - 00000234 _____ () C:\Windows\[]
2015-01-26 20:50 - 2015-01-26 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 20:29 - 2015-01-26 20:31 - 00000011 _____ () C:\Windows\㨀尀Í
2015-01-26 08:19 - 2015-01-27 08:17 - 00000035 _____ () C:\Windows\䉯䍊整䥅卋牖橒灦桴
2015-01-26 08:19 - 2015-01-27 08:17 - 00000031 _____ () C:\Windows\噓割晪瑰h氀牁桎
2015-01-26 08:19 - 2015-01-27 08:17 - 00000022 _____ () C:\Windows\䤀卋牖橒灦桴
2015-01-26 08:13 - 2015-01-26 08:13 - 00000017 _____ () C:\Windows\㨀尀ĕ
2015-01-25 19:18 - 2015-01-25 19:18 - 00000013 _____ () C:\Windows\㨀尀ت
2015-01-25 07:40 - 2015-01-25 07:40 - 00000017 _____ () C:\Windows\㨀尀ǹ
2015-01-25 07:39 - 2015-01-25 07:39 - 00000030 _____ () C:\Windows\㨀尀ԓ
2015-01-24 19:53 - 2015-01-24 19:53 - 00000011 _____ () C:\Windows\㨀尀Ó
2015-01-24 19:51 - 2015-01-24 19:52 - 00000011 _____ () C:\Windows\㨀尀Î
2015-01-24 14:05 - 2015-01-26 08:19 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Yjiaex
2015-01-24 13:56 - 2015-01-29 22:01 - 00000010 _____ () C:\Windows\礀䕳
2015-01-24 13:35 - 2015-01-24 13:35 - 00000013 _____ () C:\Windows\ÿÿ
2015-01-24 13:31 - 2015-01-24 13:31 - 00000015 _____ () C:\Windows\㨀尀IJ
2015-01-24 13:30 - 2015-01-24 13:30 - 00000017 _____ () C:\Windows\㨀尀ͪ
2015-01-24 13:30 - 2015-01-24 13:30 - 00000017 _____ () C:\Windows\㨀尀̮
2015-01-23 20:38 - 2015-01-23 20:38 - 00000015 _____ () C:\Windows\㨀尀Դ
2015-01-23 20:37 - 2015-01-26 08:12 - 00000082 _____ () C:\Windows\㨀尀̠
2015-01-23 19:35 - 2015-01-23 19:35 - 00000017 _____ () C:\Windows\㨀尀մ
2015-01-23 19:34 - 2015-01-23 19:34 - 00000017 _____ () C:\Windows\㨀尀֫
2015-01-23 19:33 - 2015-01-23 19:33 - 00000017 _____ () C:\Windows\㨀尀֢
2015-01-23 13:16 - 2015-01-28 15:53 - 00000000 ___HD () C:\Users\R\AppData\Local\Stringdig
2015-01-23 13:15 - 2015-01-23 13:16 - 00000030 _____ () C:\Windows\㨀尀˳
2015-01-21 21:42 - 2015-01-23 19:38 - 00000000 ____D () C:\Users\R\Desktop\Fotobuch 2
2015-01-17 19:29 - 2015-01-23 14:07 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Kvcnmxphf
2015-01-15 08:51 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 08:51 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 08:51 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 08:51 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 08:51 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 08:51 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-15 08:50 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 08:50 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 08:50 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 08:50 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 08:50 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 08:50 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 08:50 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-11 07:55 - 2015-01-30 19:26 - 00000000 ____D () C:\ProgramData\vowc
2015-01-07 20:47 - 2015-01-18 03:10 - 00000000 ___HD () C:\Users\R\AppData\Local\Body-cover

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 07:42 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 07:42 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 07:35 - 2011-04-22 08:33 - 00000000 ____D () C:\Users\R
2015-01-31 07:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-01-31 07:30 - 2010-10-18 13:42 - 01812254 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 22:12 - 2014-10-25 12:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 14:51 - 2014-12-13 21:46 - 00000000 ____D () C:\Users\R\Desktop\Nähen Christin
2015-01-30 08:44 - 2014-11-12 19:45 - 00000947 _____ () C:\Windows\win.ini
2015-01-30 08:44 - 2012-09-28 15:01 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-30 08:43 - 2014-10-25 12:52 - 00105808 _____ () C:\Windows\PFRO.log
2015-01-30 08:43 - 2014-10-25 10:09 - 00006901 _____ () C:\Windows\setupact.log
2015-01-30 08:43 - 2011-08-08 16:22 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-30 08:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 22:51 - 2011-09-10 08:27 - 00000000 ____D () C:\Users\R\AppData\Local\CrashDumps
2015-01-28 15:53 - 2014-11-10 20:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 15:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas
2015-01-28 15:28 - 2014-10-25 12:55 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-28 15:28 - 2014-10-25 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-28 15:28 - 2014-10-25 12:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-24 13:30 - 2013-08-27 14:23 - 00344064 ___SH () C:\Users\R\Desktop\Thumbs.db
2015-01-21 20:52 - 2012-12-15 16:58 - 00000000 ____D () C:\Users\R\Desktop\Christin
2015-01-18 03:10 - 2014-10-05 19:31 - 00119898 _____ () C:\Windows\SysWOW64\bddel.dat
2015-01-17 19:26 - 2014-10-30 14:44 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-17 19:26 - 2012-09-28 16:27 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-17 19:25 - 2014-10-30 14:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-15 08:59 - 2013-08-15 17:19 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 08:55 - 2011-08-12 21:36 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 04:36 - 2011-04-23 11:46 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-12-30 13:55 - 2014-12-30 13:55 - 0039936 _____ () C:\Users\R\AppData\Roaming\stowings.a
2014-01-14 19:26 - 2014-01-14 19:26 - 0000108 _____ () C:\Users\R\AppData\Roaming\WB.CFG
2014-01-14 19:26 - 2014-01-14 19:26 - 0000005 _____ () C:\Users\R\AppData\Roaming\WBPU-TTL.DAT
2011-08-03 09:32 - 2011-08-03 09:32 - 0007602 _____ () C:\Users\R\AppData\Local\Resmon.ResmonCfg
2011-12-04 21:25 - 2011-12-12 07:10 - 0000040 ___SH () C:\ProgramData\.zreglib

Files to move or delete:
====================
C:\Users\R\AppData\Local\Temp\Box_let\boxadmire.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-28 18:30

==================== End Of Log ============================
         
GMER:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-31 08:22:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\R\AppData\Local\Temp\pxtdrpog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\wininit.exe[516] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                   0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\wininit.exe[516] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                         0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\wininit.exe[516] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                         000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\wininit.exe[516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                 000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\services.exe[564] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\services.exe[564] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                        0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\services.exe[564] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                        000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\services.exe[564] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\system32\services.exe[564] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                               000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Windows\system32\lsass.exe[600] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                   000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\lsass.exe[600] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                                  000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Windows\system32\lsm.exe[608] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                     000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\svchost.exe[720] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                 000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\system32\svchost.exe[784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                 000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\system32\svchost.exe[784] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                                000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Windows\system32\atiesrxx.exe[840] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\atiesrxx.exe[840] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                        0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\atiesrxx.exe[840] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                        000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\atiesrxx.exe[840] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\winlogon.exe[892] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\winlogon.exe[892] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                        0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\winlogon.exe[892] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                        000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\winlogon.exe[892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes CALL 0
.text   C:\Windows\System32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                 000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\System32\svchost.exe[936] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                                000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                   0000000076fe98e0 6 bytes JMP 69567a0
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                         0000000077000650 6 bytes JMP 130021
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                         000000007707acf0 6 bytes JMP 8c234c9
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                 000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                                000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Windows\system32\svchost.exe[384] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                 000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\system32\svchost.exe[156] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                   0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\svchost.exe[156] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                         0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\svchost.exe[156] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                         000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\svchost.exe[156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                 000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\system32\svchost.exe[156] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                                000007fefdef0c10 6 bytes JMP 42383500
.text   C:\Windows\system32\atieclxx.exe[1076] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                               000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                        0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                        000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\System32\spoolsv.exe[1372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                      0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                            0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                            000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                    000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\system32\svchost.exe[1492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\svchost.exe[1492] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                               000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1580] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                           0000000075b5103d 6 bytes JMP 71a7000a
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1580] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                           0000000075b51072 6 bytes JMP 71ae000a
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1580] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                     0000000075b7c9b5 6 bytes JMP 71a4000a
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1580] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                   00000000760a2c9e 4 bytes CALL 71ab0000
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1580] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                  0000000074e85429 6 bytes JMP 71a1000a
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1604] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                           0000000075b5103d 6 bytes JMP 71a7000a
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1604] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                           0000000075b51072 6 bytes JMP 71ae000a
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1604] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                     0000000075b7c9b5 6 bytes JMP 71a4000a
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                   00000000760a2c9e 4 bytes CALL 71ab0000
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1604] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                  0000000074e85429 6 bytes JMP 71a1000a
.text   C:\Windows\Explorer.EXE[1688] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                          0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\Explorer.EXE[1688] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                                0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\Explorer.EXE[1688] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                                000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\taskhost.exe[1732] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\taskhost.exe[1732] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                       0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\taskhost.exe[1732] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                       000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\taskhost.exe[1732] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                               000007fefcf49055 3 bytes [B5, 6F, 07]
.text   C:\Windows\system32\taskhost.exe[1732] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                              000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1940] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                  0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1940] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                        0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1940] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                        000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1940] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                    0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                          0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                          000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                  000007fefcf49055 3 bytes [B5, 6F, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                 000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[1956] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                       0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[1956] C:\Windows\system32\kernel32.dll!CreateProcessW                                                             0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[1956] C:\Windows\system32\kernel32.dll!CreateProcessA                                                             000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[1956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                     000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Program Files\Bonjour\mDNSResponder.exe[1676] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                     000007fefcf49055 3 bytes CALL 9000027
.text   C:\Program Files\Bonjour\mDNSResponder.exe[1676] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                    000007fefdef0c10 6 bytes JMP 0
.text   C:\Windows\SysWOW64\dllhost.exe[1720] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                        0000000075b5103d 6 bytes JMP 71a6000a
.text   C:\Windows\SysWOW64\dllhost.exe[1720] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                        0000000075b51072 6 bytes JMP 71ae000a
.text   C:\Windows\SysWOW64\dllhost.exe[1720] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000075b7c9b5 6 bytes JMP 71a3000a
.text   C:\Windows\SysWOW64\dllhost.exe[1720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                                                00000000760a2c9e 4 bytes CALL 71aa0000
.text   C:\Windows\SysWOW64\dllhost.exe[1720] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                                               0000000074e85429 6 bytes JMP 71a0000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                           0000000075b5103d 6 bytes JMP 71a6000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                           0000000075b51072 6 bytes JMP 71ae000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                     0000000075b7c9b5 6 bytes JMP 71a3000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                   00000000760a2c9e 4 bytes CALL 71aa0000
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                  0000000074e85429 6 bytes JMP 71a0000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                   0000000074cf1465 2 bytes [CF, 74]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                  0000000074cf14bb 2 bytes [CF, 74]
.text   ...                                                                                                                                                                                          * 2
.text   C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                   0000000075b5103d 6 bytes JMP 6f31000a
.text   C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                   0000000075b51072 6 bytes JMP 6f39000a
.text   C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                             0000000075b7c9b5 6 bytes JMP 6f2e000a
.text   C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                           00000000760a2c9e 4 bytes CALL 6f350000
.text   C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                          0000000074e85429 6 bytes JMP 6f2b000a
.text   C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                           0000000074cf1465 2 bytes [CF, 74]
.text   C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                          0000000074cf14bb 2 bytes [CF, 74]
.text   ...                                                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1344] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                      0000000075b5103d 6 bytes JMP 71a7000a
.text   C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1344] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                      0000000075b51072 6 bytes JMP 71ae000a
.text   C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1344] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                0000000075b7c9b5 6 bytes JMP 71a4000a
.text   C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1344] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                              00000000760a2c9e 4 bytes CALL 71ab0000
.text   C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1344] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                             0000000074e85429 6 bytes JMP 71a1000a
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe[2080] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                        0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe[2080] C:\Windows\system32\kernel32.dll!CreateProcessW                                                              0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe[2080] C:\Windows\system32\kernel32.dll!CreateProcessA                                                              000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe[2080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                      000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\svchost.exe[2156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes CALL 9000027
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2224] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                         0000000075b5103d 6 bytes JMP 71a7000a
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2224] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                         0000000075b51072 6 bytes JMP 71ae000a
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2224] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                   0000000075b7c9b5 6 bytes JMP 71a4000a
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2224] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                 00000000760a2c9e 4 bytes CALL 71ab0000
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2224] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                0000000074e85429 6 bytes JMP 71a1000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                         0000000075b5103d 6 bytes JMP 71a7000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                         0000000075b51072 6 bytes JMP 71ae000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                   0000000075b7c9b5 6 bytes JMP 71a4000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                 00000000760a2c9e 4 bytes CALL 71ab0000
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                0000000074e85429 6 bytes JMP 71a1000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                 0000000074cf1465 2 bytes [CF, 74]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                0000000074cf14bb 2 bytes [CF, 74]
.text   ...                                                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2584] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                        0000000075b5103d 6 bytes JMP 71a7000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2584] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                        0000000075b51072 6 bytes JMP 71ae000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2584] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                  0000000075b7c9b5 6 bytes JMP 71a4000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2584] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                00000000760a2c9e 4 bytes CALL 71ab0000
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2584] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                               0000000074e85429 6 bytes JMP 71a1000a
.text   C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes CALL 0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2300] C:\Windows\system32\KERNEL32.dll!CreateProcessAsUserW                                                              0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2300] C:\Windows\system32\KERNEL32.dll!CreateProcessW                                                                    0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2300] C:\Windows\system32\KERNEL32.dll!CreateProcessA                                                                    000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2300] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                            000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe[640] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                   0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe[640] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                   0000000075b51072 6 bytes JMP 71af000a
.text   C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe[640] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                             0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe[640] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                           00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe[640] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                          0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe[1204] C:\Windows\syswow64\kernel32.dll!CreateProcessW           0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe[1204] C:\Windows\syswow64\kernel32.dll!CreateProcessA           0000000075b51072 6 bytes JMP 71af000a
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe[1204] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW     0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe[1204] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493   00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe[1204] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW  0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe[2700] C:\Windows\syswow64\kernel32.dll!CreateProcessW           0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe[2700] C:\Windows\syswow64\kernel32.dll!CreateProcessA           0000000075b51072 6 bytes JMP 71af000a
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe[2700] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW     0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe[2700] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493   00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe[2700] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW  0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2764] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                        0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2764] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                        0000000075b51072 6 bytes JMP 71af000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2764] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                  0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2764] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                               0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Windows\SysWOW64\eventcreate.exe[2888] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                    0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Windows\SysWOW64\eventcreate.exe[2888] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                    0000000075b51072 6 bytes JMP 71af000a
.text   C:\Windows\SysWOW64\eventcreate.exe[2888] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                              0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Windows\SysWOW64\eventcreate.exe[2888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                                            00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Windows\SysWOW64\eventcreate.exe[2888] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                                           0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Windows\system32\conhost.exe[2896] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\conhost.exe[2896] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                        0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\conhost.exe[2896] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                        000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\conhost.exe[2896] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\SysWOW64\wiaacmgr.exe[2932] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                       0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Windows\SysWOW64\wiaacmgr.exe[2932] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                       0000000075b51072 6 bytes JMP 71af000a
.text   C:\Windows\SysWOW64\wiaacmgr.exe[2932] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                 0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Windows\SysWOW64\wiaacmgr.exe[2932] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                                               00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Windows\SysWOW64\wiaacmgr.exe[2932] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                                              0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Windows\SysWOW64\iexpress.exe[2832] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                       0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Windows\SysWOW64\iexpress.exe[2832] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                       0000000075b51072 6 bytes JMP 71af000a
.text   C:\Windows\SysWOW64\iexpress.exe[2832] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                 0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Windows\SysWOW64\iexpress.exe[2832] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                                               00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Windows\SysWOW64\iexpress.exe[2832] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                                              0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Windows\SysWOW64\replace.exe[2180] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                        0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Windows\SysWOW64\replace.exe[2180] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                        0000000075b51072 6 bytes JMP 71af000a
.text   C:\Windows\SysWOW64\replace.exe[2180] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Windows\SysWOW64\replace.exe[2180] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                                                00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Windows\SysWOW64\replace.exe[2180] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                                               0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Windows\system32\conhost.exe[2520] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\conhost.exe[2520] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                        0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\conhost.exe[2520] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                        000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\conhost.exe[2520] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1268] C:\Windows\system32\KERNEL32.dll!CreateProcessAsUserW                                                              0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1268] C:\Windows\system32\KERNEL32.dll!CreateProcessW                                                                    0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1268] C:\Windows\system32\KERNEL32.dll!CreateProcessA                                                                    000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1268] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                            000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\SearchIndexer.exe[3708] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                          000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                            0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                  0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                  000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                          000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\System32\alg.exe[3784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                    000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\wbem\wmiprvse.exe[4056] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                          000007fefcf49055 3 bytes CALL 9000027
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                               000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3744] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                              000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[3524] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                      0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[3524] C:\Windows\system32\kernel32.dll!CreateProcessW                                                            0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[3524] C:\Windows\system32\kernel32.dll!CreateProcessA                                                            000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[3524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                    000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\System32\svchost.exe[4476] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\System32\svchost.exe[4476] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                               000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Windows\SysWOW64\subst.exe[4696] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                          0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Windows\SysWOW64\subst.exe[4696] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                          0000000075b51072 6 bytes JMP 71af000a
.text   C:\Windows\SysWOW64\subst.exe[4696] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                    0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Windows\SysWOW64\subst.exe[4696] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                                                  00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Windows\SysWOW64\subst.exe[4696] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                                                 0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Windows\system32\conhost.exe[4712] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\conhost.exe[4712] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                        0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\conhost.exe[4712] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                        000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\conhost.exe[4712] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\conhost.exe[4720] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\conhost.exe[4720] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                        0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\conhost.exe[4720] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                        000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\conhost.exe[4720] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\sppsvc.exe[3920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                 000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2260] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                         0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2260] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                         0000000075b51072 6 bytes JMP 71af000a
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2260] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                   0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2260] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                 00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2260] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Windows\System32\svchost.exe[976] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                   0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\System32\svchost.exe[976] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                         0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\System32\svchost.exe[976] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                         000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\System32\svchost.exe[976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                 000007fefcf49055 3 bytes CALL 9000027
.text   C:\Users\R\Desktop\Trojaner\Gmer-19357.exe[3900] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                             0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Users\R\Desktop\Trojaner\Gmer-19357.exe[3900] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                             0000000075b51072 6 bytes JMP 71af000a
.text   C:\Users\R\Desktop\Trojaner\Gmer-19357.exe[3900] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                       0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Users\R\Desktop\Trojaner\Gmer-19357.exe[3900] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                                     00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Users\R\Desktop\Trojaner\Gmer-19357.exe[3900] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                                    0000000074e85429 6 bytes JMP 71a2000a

---- Threads - GMER 2.1 ----

Thread  C:\Windows\SysWOW64\dllhost.exe [1720:2104]                                                                                                                                                  000000007ef90000
Thread  C:\Windows\SysWOW64\dllhost.exe [1720:2132]                                                                                                                                                  000000007ef9183d
Thread  C:\Windows\SysWOW64\dllhost.exe [1720:2148]                                                                                                                                                  000000007ef96643
Thread  C:\Windows\SysWOW64\dllhost.exe [1720:2152]                                                                                                                                                  000000007ef955c8
Thread  C:\Windows\SysWOW64\wiaacmgr.exe [2932:1780]                                                                                                                                                 000000007ef97c32
Thread  C:\Windows\SysWOW64\wiaacmgr.exe [2932:2876]                                                                                                                                                 000000007ef97be4
Thread  C:\Windows\SysWOW64\wiaacmgr.exe [2932:3124]                                                                                                                                                 000000007ef991d3
Thread  C:\Windows\SysWOW64\wiaacmgr.exe [2932:3152]                                                                                                                                                 000000007ef9dc0c
Thread  C:\Windows\SysWOW64\iexpress.exe [2832:3096]                                                                                                                                                 000000007ef97c32
Thread  C:\Windows\SysWOW64\iexpress.exe [2832:3100]                                                                                                                                                 000000007ef97be4
Thread  C:\Windows\SysWOW64\iexpress.exe [2832:3128]                                                                                                                                                 000000007ef991d3
Thread  C:\Windows\SysWOW64\iexpress.exe [2832:3156]                                                                                                                                                 000000007ef9dc0c
Thread  C:\Windows\SysWOW64\replace.exe [2180:3168]                                                                                                                                                  000000007ef97c32
Thread  C:\Windows\SysWOW64\replace.exe [2180:3172]                                                                                                                                                  000000007ef97be4
Thread  C:\Windows\SysWOW64\replace.exe [2180:3208]                                                                                                                                                  000000007ef991d3
Thread  C:\Windows\SysWOW64\replace.exe [2180:3280]                                                                                                                                                  000000007ef9dc0c
Thread  C:\Windows\SysWOW64\subst.exe [4696:4748]                                                                                                                                                    000000007ef97c32
Thread  C:\Windows\SysWOW64\subst.exe [4696:4752]                                                                                                                                                    000000007ef97be4
Thread  C:\Windows\SysWOW64\subst.exe [4696:4768]                                                                                                                                                    000000007ef991d3
Thread  C:\Windows\SysWOW64\subst.exe [4696:4784]                                                                                                                                                    000000007ef9dc0c
Thread  C:\Windows\SysWOW64\chkdsk.exe [4704:4756]                                                                                                                                                   000000007efc7c32
Thread  C:\Windows\SysWOW64\chkdsk.exe [4704:4760]                                                                                                                                                   000000007efc7be4
Thread  C:\Windows\SysWOW64\chkdsk.exe [4704:4772]                                                                                                                                                   000000007efc91d3
Thread  C:\Windows\SysWOW64\chkdsk.exe [4704:4780]                                                                                                                                                   000000007efcdc0c
Thread  C:\Windows\SysWOW64\chkdsk.exe [4704:4824]                                                                                                                                                   0000000077332e65
Thread  C:\Windows\SysWOW64\chkdsk.exe [4704:4836]                                                                                                                                                   0000000077333e85
Thread  C:\Windows\SysWOW64\chkdsk.exe [4704:3504]                                                                                                                                                   0000000077333e85
Thread  C:\Windows\SysWOW64\chkdsk.exe [4704:5112]                                                                                                                                                   0000000077337151
Thread  C:\Windows\SysWOW64\chkdsk.exe [4704:4924]                                                                                                                                                   0000000077333e85

---- Registry - GMER 2.1 ----

Reg     HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ExcludeProfileDirs                                                                                                                AppData\Local;AppData\LocalLow;$Recycle.Bin
Reg     HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@BuildNumber                                                                                                                       7601
Reg     HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@FirstLogon                                                                                                                        0
Reg     HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ParseAutoexec                                                                                                                     1

---- EOF - GMER 2.1 ----
         
Log vom Vierenprogramm:
Code:
ATTFilter
Search results from Spybot - Search & Destroy

31.01.2015 11:08:50
Scan took 02:01:39.
6 items found.

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)
  

Verlauf: [SBI $49804B54] Browser: History (2) (Browser: History, nothing done)
  


--- Spybot - Search & Destroy version: 2.4.40.131  DLL (build: 20140425) ---

2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-10-01 spybotsd2-install-scannerservice.exe (2.4.40.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2014-11-10 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2014-04-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2015-01-28 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-11-14 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2014-11-14 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2015-01-28 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2015-01-28 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-11-14 Includes\Spyware-000.sbi (*)
2014-12-10 Includes\Spyware-001.sbi (*)
2015-01-14 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-07-09 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2015-01-21 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
         

 

Themen zu Warnmeldung von der Telecom , bedrohung duch Trojaner
administrator, adobe, bonjour, browser, defender, desktop, explorer, firefox, home, homepage, launch, log, microsoft, mozilla, packard bell, programm, realtek, registry, registry key, scan, services.exe, software, svchost.exe, system, temp, trojaner, windows, winlogon.exe




Ähnliche Themen: Warnmeldung von der Telecom , bedrohung duch Trojaner


  1. AntiVir - Dieses Programm wurde duch eine Gruppenrichtlinie geblockt.
    Log-Analyse und Auswertung - 05.06.2014 (33)
  2. Vista: Malewarebytes duch Gruppenrichtlinie blockiert.
    Plagegeister aller Art und deren Bekämpfung - 10.05.2014 (19)
  3. Ihr Computer wurde gesperrt (GVU), duch verletzung Gesetzte des Urheberrecht und verwandter Schutzrechte.
    Log-Analyse und Auswertung - 09.05.2013 (15)
  4. 1&1 Telecom GmbH - Ihre Rechnung 882277167541 vom 05.04.2013
    Log-Analyse und Auswertung - 18.04.2013 (1)
  5. 1&1 Telecom GmbH Spam: Ihre Rechnung vom 05.04.2013
    Diskussionsforum - 15.04.2013 (0)
  6. Funde duch Kaspersky TDSSKiller
    Plagegeister aller Art und deren Bekämpfung - 05.12.2012 (4)
  7. Mail von 1&1 Telecom GmbH - Ihre Rechnung vom 22.10.2012
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (11)
  8. 1&1 Telecom Rechnung PDF geöffnet
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (10)
  9. 1&1 Telecom GmbH Rechnung per Mail als PDF
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (17)
  10. Rechnung von 1und1 Telecom mit PDF Anhang
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (9)
  11. 1&1 Telecom GmbH: SPAM
    Diskussionsforum - 23.10.2012 (0)
  12. Duch msn Bedrohung
    Antiviren-, Firewall- und andere Schutzprogramme - 02.01.2010 (3)
  13. Trojaner Bedrohung im Chat
    Plagegeister aller Art und deren Bekämpfung - 01.11.2009 (1)
  14. unerklärliche warnmeldung - trojaner verdacht
    Plagegeister aller Art und deren Bekämpfung - 29.10.2008 (17)
  15. Hilfe Trojaner! Blauer Desktop Hintergrund mit Warnmeldung "Warning Spyware detected"
    Plagegeister aller Art und deren Bekämpfung - 09.07.2008 (20)
  16. Viren nur duch Internetverbindung?
    Plagegeister aller Art und deren Bekämpfung - 27.04.2006 (14)
  17. Problem: Systemauslastung duch Explorer.exe auf 100%
    Alles rund um Windows - 10.02.2006 (11)

Zum Thema Warnmeldung von der Telecom , bedrohung duch Trojaner - Hallo Gemeinde , ich habe vor ein paar Tagen einen Breif von der Telecom bekommen mit einer Sicherheitswarnung zwecks Trojaner befall. Ich babe daruf mein Vieren-Progamm gestartet ( SpyBot Vollversion) - Warnmeldung von der Telecom , bedrohung duch Trojaner...
Archiv
Du betrachtest: Warnmeldung von der Telecom , bedrohung duch Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.