![]() |
|
Plagegeister aller Art und deren Bekämpfung: Warnmeldung von der Telecom , bedrohung duch TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() | ![]() Warnmeldung von der Telecom , bedrohung duch Trojaner Hallo Gemeinde , ich habe vor ein paar Tagen einen Breif von der Telecom bekommen mit einer Sicherheitswarnung zwecks Trojaner befall. Ich babe daruf mein Vieren-Progamm gestartet ( SpyBot Vollversion) und glatt 4 bedrohungen gefungen und in Quarantäne gesetzt. alles soweit ok .Heute bekamm ich eine Meldeung vom Vierenprogramm ; Trojan.GenericKD.21331 -Infektion. ,wieder suchllauf gestartet und raus kam nix. hier die log Datein ; Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 07:36 on 31/01/2015 (R) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015 Ran by R (administrator) on R-PC on 31-01-2015 07:45:12 Running from C:\Users\R\Desktop\Trojaner Loaded Profiles: R (Available profiles: R) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe (Microsoft Corporation) C:\Windows\SysWOW64\mobsync.exe (Microsoft Corporation) C:\Windows\SysWOW64\recover.exe (VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe (VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Microsoft Corporation) C:\Windows\SysWOW64\expand.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\SysWOW64\subst.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [401280 2014-06-20] () HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [plenty-row] => C:\Users\R\AppData\Roaming\Plentyreact\plenty-shift.exe [78336 2015-01-29] () HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [zhlzhwhw] => C:\Users\R\AppData\Roaming\Ykcwbkgryi\kltmhwhw.exe [147968 2015-01-29] (IvoSoft) HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [lesson-guide] => C:\Users\R\AppData\Roaming\Lessonquestion\lesson_would.exe [78848 2015-01-30] () HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [body-lesson] => C:\Users\R\AppData\Roaming\Body-surprised\body-invest.exe [233472 2015-01-29] () HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [box-scratch] => C:\Users\R\AppData\Local\Temp\Box_let\boxadmire.exe [141824 2015-01-29] () <===== ATTENTION HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [tooth-reflect] => C:\Users\R\AppData\Local\Tooth-upset\tooth_station.exe [182784 2015-01-29] () HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [grade-collect] => C:\Users\R\AppData\Local\Grade-compare\grade-eat.exe [78336 2015-01-29] () HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [string-iron] => C:\Users\R\AppData\Roaming\String_discount\string-dimension.exe [78336 2015-01-29] () HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [string-iron] => C:\Users\R\AppData\Roaming\String_discount\string-dimension.exe [78336 2015-01-29] () HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [box-scratch] => C:\Users\R\AppData\Local\Temp\Box_let\boxadmire.exe [141824 2015-01-29] () <===== ATTENTION HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [grade-collect] => C:\Users\R\AppData\Local\Grade-compare\grade-eat.exe [78336 2015-01-29] () HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [tooth-reflect] => C:\Users\R\AppData\Local\Tooth-upset\tooth_station.exe [182784 2015-01-29] () HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [body-lesson] => C:\Users\R\AppData\Roaming\Body-surprised\body-invest.exe [233472 2015-01-29] () HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [lesson-guide] => C:\Users\R\AppData\Roaming\Lessonquestion\lesson_would.exe [78848 2015-01-30] () HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [plenty-row] => C:\Users\R\AppData\Roaming\Plentyreact\plenty-shift.exe [78336 2015-01-29] () HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\MountPoints2: {1b8db0e6-06c9-11e2-949f-70f1a1ff571b} - E:\AutoRun.exe HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\MountPoints2: {1b8db0ee-06c9-11e2-949f-70f1a1ff571b} - E:\AutoRun.exe HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\MountPoints2: {353b29e5-c696-11e2-8f98-70f1a1ff571b} - E:\AutoRun.exe HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\MountPoints2: {8c5b3165-d3ee-11e2-bca9-70f1a1ff571b} - E:\AutoRun.exe HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\MountPoints2: {8cb19d51-085c-11e2-9f45-806e6f6e6963} - F:\AutoRun.exe BootExecute: autocheck autochk * sdnclean64.exebddel.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-1667074292-2624200287-3336342126-1000] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-1667074292-2624200287-3336342126-1000] => localhost:21320 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-21-1667074292-2624200287-3336342126-1000 -> {3384522D-3201-4969-9DEC-57B0BA01B6A6} URL = https://www.google.com/search?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default FF Homepage: hxxp://www.google.de/ FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npEModelPlugin.dll (Dassault Systèmes SolidWorks Corp.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\searchplugins\google-maps.xml FF Extension: Cliqz Beta - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\Extensions\cliqz@cliqz.com.xpi [2014-08-12] FF Extension: Adblock Plus - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-05] FF Extension: Click to call with Skype - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-26] FF HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\extensions\cliqz@cliqz.com ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-11-19] (SolidWorks) [File not signed] R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group) R2 VTechUSBSocketService; C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe [82824 2013-03-29] (VTech) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [514144 2009-10-02] (ITETech ) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2011-12-08] () [File not signed] S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-10-27] (Emsisoft GmbH) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2011-12-08] () [File not signed] R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-30] (Malwarebytes Corporation) R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] () S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.) S2 VmodeNT; C:\Windows\SysWow64\Drivers\VmodeNT.sys [2528 1998-01-21] (k&k) S3 clwvd; system32\DRIVERS\clwvd.sys [X] S2 hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-31 07:44 - 2015-01-31 07:44 - 00033458 _____ () C:\Users\R\Desktop\Addition.txt (2).txt 2015-01-31 07:43 - 2015-01-31 07:43 - 00026073 _____ () C:\Users\R\Desktop\FRST.txt 2015-01-31 07:42 - 2015-01-31 07:42 - 00033459 _____ () C:\Users\R\Desktop\Addition.txt 2015-01-31 07:40 - 2015-01-31 07:45 - 00000000 ____D () C:\FRST 2015-01-31 07:35 - 2015-01-31 07:35 - 00000000 _____ () C:\Users\R\defogger_reenable 2015-01-31 07:31 - 2015-01-31 07:45 - 00000000 ____D () C:\Users\R\Desktop\Trojaner 2015-01-30 19:26 - 2015-01-30 19:26 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Lessonquestion 2015-01-29 23:50 - 2015-01-29 23:50 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Body-surprised 2015-01-29 23:48 - 2015-01-29 23:48 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Ykcwbkgryi 2015-01-29 22:46 - 2015-01-29 22:46 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Plentyreact 2015-01-29 22:26 - 2015-01-29 22:26 - 00000000 ___HD () C:\Users\R\AppData\Local\Grade-compare 2015-01-29 05:39 - 2015-01-29 23:48 - 00000000 ___HD () C:\Users\R\AppData\Local\Ipvqn 2015-01-29 00:49 - 2015-01-29 00:49 - 00000000 ___HD () C:\Users\R\AppData\Local\Tooth-upset 2015-01-29 00:41 - 2015-01-29 00:41 - 00000000 ___HD () C:\Users\R\AppData\Roaming\String_discount 2015-01-27 08:18 - 2015-01-27 08:18 - 00000017 _____ () C:\Windows\㨀尀ؚ 2015-01-27 08:17 - 2015-01-27 08:17 - 00000030 _____ () C:\Windows\㨀尀̞ 2015-01-26 20:56 - 2015-01-29 22:50 - 00000234 _____ () C:\Windows\[] 2015-01-26 20:50 - 2015-01-26 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 20:29 - 2015-01-26 20:31 - 00000011 _____ () C:\Windows\㨀尀Í 2015-01-26 08:19 - 2015-01-27 08:17 - 00000035 _____ () C:\Windows\䉯䍊整䥅卋牖橒灦桴 2015-01-26 08:19 - 2015-01-27 08:17 - 00000031 _____ () C:\Windows\噓割晪瑰h氀牁桎 2015-01-26 08:19 - 2015-01-27 08:17 - 00000022 _____ () C:\Windows\䤀卋牖橒灦桴 2015-01-26 08:13 - 2015-01-26 08:13 - 00000017 _____ () C:\Windows\㨀尀ĕ 2015-01-25 19:18 - 2015-01-25 19:18 - 00000013 _____ () C:\Windows\㨀尀ت 2015-01-25 07:40 - 2015-01-25 07:40 - 00000017 _____ () C:\Windows\㨀尀ǹ 2015-01-25 07:39 - 2015-01-25 07:39 - 00000030 _____ () C:\Windows\㨀尀ԓ 2015-01-24 19:53 - 2015-01-24 19:53 - 00000011 _____ () C:\Windows\㨀尀Ó 2015-01-24 19:51 - 2015-01-24 19:52 - 00000011 _____ () C:\Windows\㨀尀Î 2015-01-24 14:05 - 2015-01-26 08:19 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Yjiaex 2015-01-24 13:56 - 2015-01-29 22:01 - 00000010 _____ () C:\Windows\礀䕳 2015-01-24 13:35 - 2015-01-24 13:35 - 00000013 _____ () C:\Windows\ÿÿ 2015-01-24 13:31 - 2015-01-24 13:31 - 00000015 _____ () C:\Windows\㨀尀IJ 2015-01-24 13:30 - 2015-01-24 13:30 - 00000017 _____ () C:\Windows\㨀尀ͪ 2015-01-24 13:30 - 2015-01-24 13:30 - 00000017 _____ () C:\Windows\㨀尀̮ 2015-01-23 20:38 - 2015-01-23 20:38 - 00000015 _____ () C:\Windows\㨀尀Դ 2015-01-23 20:37 - 2015-01-26 08:12 - 00000082 _____ () C:\Windows\㨀尀̠ 2015-01-23 19:35 - 2015-01-23 19:35 - 00000017 _____ () C:\Windows\㨀尀մ 2015-01-23 19:34 - 2015-01-23 19:34 - 00000017 _____ () C:\Windows\㨀尀֫ 2015-01-23 19:33 - 2015-01-23 19:33 - 00000017 _____ () C:\Windows\㨀尀֢ 2015-01-23 13:16 - 2015-01-28 15:53 - 00000000 ___HD () C:\Users\R\AppData\Local\Stringdig 2015-01-23 13:15 - 2015-01-23 13:16 - 00000030 _____ () C:\Windows\㨀尀˳ 2015-01-21 21:42 - 2015-01-23 19:38 - 00000000 ____D () C:\Users\R\Desktop\Fotobuch 2 2015-01-17 19:29 - 2015-01-23 14:07 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Kvcnmxphf 2015-01-15 08:51 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-15 08:51 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-15 08:51 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-15 08:51 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-15 08:51 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-15 08:51 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-15 08:50 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-15 08:50 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-15 08:50 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-15 08:50 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-15 08:50 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-15 08:50 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-15 08:50 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-11 07:55 - 2015-01-30 19:26 - 00000000 ____D () C:\ProgramData\vowc 2015-01-07 20:47 - 2015-01-18 03:10 - 00000000 ___HD () C:\Users\R\AppData\Local\Body-cover ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-31 07:42 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-31 07:42 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-31 07:35 - 2011-04-22 08:33 - 00000000 ____D () C:\Users\R 2015-01-31 07:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-01-31 07:30 - 2010-10-18 13:42 - 01812254 _____ () C:\Windows\WindowsUpdate.log 2015-01-30 22:12 - 2014-10-25 12:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-30 14:51 - 2014-12-13 21:46 - 00000000 ____D () C:\Users\R\Desktop\Nähen Christin 2015-01-30 08:44 - 2014-11-12 19:45 - 00000947 _____ () C:\Windows\win.ini 2015-01-30 08:44 - 2012-09-28 15:01 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2015-01-30 08:43 - 2014-10-25 12:52 - 00105808 _____ () C:\Windows\PFRO.log 2015-01-30 08:43 - 2014-10-25 10:09 - 00006901 _____ () C:\Windows\setupact.log 2015-01-30 08:43 - 2011-08-08 16:22 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2015-01-30 08:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-29 22:51 - 2011-09-10 08:27 - 00000000 ____D () C:\Users\R\AppData\Local\CrashDumps 2015-01-28 15:53 - 2014-11-10 20:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-28 15:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas 2015-01-28 15:28 - 2014-10-25 12:55 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-28 15:28 - 2014-10-25 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-28 15:28 - 2014-10-25 12:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-24 13:30 - 2013-08-27 14:23 - 00344064 ___SH () C:\Users\R\Desktop\Thumbs.db 2015-01-21 20:52 - 2012-12-15 16:58 - 00000000 ____D () C:\Users\R\Desktop\Christin 2015-01-18 03:10 - 2014-10-05 19:31 - 00119898 _____ () C:\Windows\SysWOW64\bddel.dat 2015-01-17 19:26 - 2014-10-30 14:44 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-17 19:26 - 2012-09-28 16:27 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-17 19:25 - 2014-10-30 14:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-01-15 08:59 - 2013-08-15 17:19 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 08:55 - 2011-08-12 21:36 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-06 04:36 - 2011-04-23 11:46 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2014-12-30 13:55 - 2014-12-30 13:55 - 0039936 _____ () C:\Users\R\AppData\Roaming\stowings.a 2014-01-14 19:26 - 2014-01-14 19:26 - 0000108 _____ () C:\Users\R\AppData\Roaming\WB.CFG 2014-01-14 19:26 - 2014-01-14 19:26 - 0000005 _____ () C:\Users\R\AppData\Roaming\WBPU-TTL.DAT 2011-08-03 09:32 - 2011-08-03 09:32 - 0007602 _____ () C:\Users\R\AppData\Local\Resmon.ResmonCfg 2011-12-04 21:25 - 2011-12-12 07:10 - 0000040 ___SH () C:\ProgramData\.zreglib Files to move or delete: ==================== C:\Users\R\AppData\Local\Temp\Box_let\boxadmire.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-28 18:30 ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-01-31 08:22:51 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\R\AppData\Local\Temp\pxtdrpog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[516] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Windows\system32\wininit.exe[516] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Windows\system32\wininit.exe[516] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Windows\system32\wininit.exe[516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Windows\system32\services.exe[564] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Windows\system32\services.exe[564] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Windows\system32\services.exe[564] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Windows\system32\services.exe[564] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes CALL 9000027 .text C:\Windows\system32\services.exe[564] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]} .text C:\Windows\system32\lsass.exe[600] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Windows\system32\lsass.exe[600] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]} .text C:\Windows\system32\lsm.exe[608] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Windows\system32\svchost.exe[720] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes CALL 9000027 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes CALL 9000027 .text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]} .text C:\Windows\system32\atiesrxx.exe[840] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Windows\system32\atiesrxx.exe[840] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Windows\system32\atiesrxx.exe[840] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Windows\system32\atiesrxx.exe[840] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Windows\system32\winlogon.exe[892] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Windows\system32\winlogon.exe[892] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Windows\system32\winlogon.exe[892] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Windows\system32\winlogon.exe[892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes CALL 0 .text C:\Windows\System32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Windows\System32\svchost.exe[936] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]} .text C:\Windows\System32\svchost.exe[980] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes JMP 69567a0 .text C:\Windows\System32\svchost.exe[980] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes JMP 130021 .text C:\Windows\System32\svchost.exe[980] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes JMP 8c234c9 .text C:\Windows\System32\svchost.exe[980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes CALL 9000027 .text C:\Windows\System32\svchost.exe[980] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]} .text C:\Windows\system32\svchost.exe[384] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes CALL 9000027 .text C:\Windows\system32\svchost.exe[156] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Windows\system32\svchost.exe[156] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Windows\system32\svchost.exe[156] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Windows\system32\svchost.exe[156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes CALL 9000027 .text C:\Windows\system32\svchost.exe[156] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefdef0c10 6 bytes JMP 42383500 .text C:\Windows\system32\atieclxx.exe[1076] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes CALL 9000027 .text C:\Windows\System32\spoolsv.exe[1372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes CALL 9000027 .text C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes CALL 9000027 .text C:\Windows\system32\svchost.exe[1492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Windows\system32\svchost.exe[1492] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1580] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a7000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1580] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71ae000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1580] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a4000a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1580] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1580] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a1000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1604] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a7000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1604] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71ae000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1604] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a4000a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1604] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a1000a .text C:\Windows\Explorer.EXE[1688] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Windows\Explorer.EXE[1688] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Windows\Explorer.EXE[1688] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 07] .text C:\Windows\system32\taskhost.exe[1732] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1940] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1940] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1940] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1940] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]} .text C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[1956] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[1956] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[1956] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[1956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Program Files\Bonjour\mDNSResponder.exe[1676] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes CALL 9000027 .text C:\Program Files\Bonjour\mDNSResponder.exe[1676] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefdef0c10 6 bytes JMP 0 .text C:\Windows\SysWOW64\dllhost.exe[1720] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a6000a .text C:\Windows\SysWOW64\dllhost.exe[1720] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71ae000a .text C:\Windows\SysWOW64\dllhost.exe[1720] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a3000a .text C:\Windows\SysWOW64\dllhost.exe[1720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71aa0000 .text C:\Windows\SysWOW64\dllhost.exe[1720] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a0000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a6000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71ae000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a3000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71aa0000 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a0000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074cf1465 2 bytes [CF, 74] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074cf14bb 2 bytes [CF, 74] .text ... * 2 .text C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 6f31000a .text C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 6f39000a .text C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 6f2e000a .text C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 6f350000 .text C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 6f2b000a .text C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074cf1465 2 bytes [CF, 74] .text C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074cf14bb 2 bytes [CF, 74] .text ... * 2 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1344] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a7000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1344] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71ae000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1344] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a4000a .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1344] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1344] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a1000a .text C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe[2080] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe[2080] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe[2080] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe[2080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Windows\system32\svchost.exe[2156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes CALL 9000027 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2224] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a7000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2224] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71ae000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2224] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a4000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2224] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2224] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a1000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a7000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71ae000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a4000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a1000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074cf1465 2 bytes [CF, 74] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074cf14bb 2 bytes [CF, 74] .text ... * 2 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2584] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a7000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2584] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71ae000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2584] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a4000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2584] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71ab0000 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2584] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a1000a .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes CALL 0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2300] C:\Windows\system32\KERNEL32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2300] C:\Windows\system32\KERNEL32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2300] C:\Windows\system32\KERNEL32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2300] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe[640] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a8000a .text C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe[640] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71af000a .text C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe[640] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a5000a .text C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe[640] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71ac0000 .text C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe[640] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a2000a .text C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe[1204] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a8000a .text C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe[1204] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71af000a .text C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe[1204] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a5000a .text C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe[1204] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe[1204] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a2000a .text C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe[2700] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a8000a .text C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe[2700] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71af000a .text C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe[2700] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a5000a .text C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe[2700] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe[2700] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2764] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2764] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71af000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2764] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a5000a .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2764] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a2000a .text C:\Windows\SysWOW64\eventcreate.exe[2888] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a8000a .text C:\Windows\SysWOW64\eventcreate.exe[2888] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71af000a .text C:\Windows\SysWOW64\eventcreate.exe[2888] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a5000a .text C:\Windows\SysWOW64\eventcreate.exe[2888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71ac0000 .text C:\Windows\SysWOW64\eventcreate.exe[2888] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a2000a .text C:\Windows\system32\conhost.exe[2896] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Windows\system32\conhost.exe[2896] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Windows\system32\conhost.exe[2896] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Windows\system32\conhost.exe[2896] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Windows\SysWOW64\wiaacmgr.exe[2932] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a8000a .text C:\Windows\SysWOW64\wiaacmgr.exe[2932] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71af000a .text C:\Windows\SysWOW64\wiaacmgr.exe[2932] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a5000a .text C:\Windows\SysWOW64\wiaacmgr.exe[2932] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71ac0000 .text C:\Windows\SysWOW64\wiaacmgr.exe[2932] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a2000a .text C:\Windows\SysWOW64\iexpress.exe[2832] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a8000a .text C:\Windows\SysWOW64\iexpress.exe[2832] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71af000a .text C:\Windows\SysWOW64\iexpress.exe[2832] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a5000a .text C:\Windows\SysWOW64\iexpress.exe[2832] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71ac0000 .text C:\Windows\SysWOW64\iexpress.exe[2832] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a2000a .text C:\Windows\SysWOW64\replace.exe[2180] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a8000a .text C:\Windows\SysWOW64\replace.exe[2180] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71af000a .text C:\Windows\SysWOW64\replace.exe[2180] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a5000a .text C:\Windows\SysWOW64\replace.exe[2180] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71ac0000 .text C:\Windows\SysWOW64\replace.exe[2180] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a2000a .text C:\Windows\system32\conhost.exe[2520] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Windows\system32\conhost.exe[2520] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Windows\system32\conhost.exe[2520] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Windows\system32\conhost.exe[2520] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1268] C:\Windows\system32\KERNEL32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1268] C:\Windows\system32\KERNEL32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1268] C:\Windows\system32\KERNEL32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1268] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Windows\system32\SearchIndexer.exe[3708] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes CALL 9000027 .text C:\Windows\System32\alg.exe[3784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Windows\system32\wbem\wmiprvse.exe[4056] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes CALL 9000027 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3744] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]} .text C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[3524] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[3524] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[3524] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[3524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Windows\System32\svchost.exe[4476] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Windows\System32\svchost.exe[4476] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW 000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]} .text C:\Windows\SysWOW64\subst.exe[4696] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a8000a .text C:\Windows\SysWOW64\subst.exe[4696] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71af000a .text C:\Windows\SysWOW64\subst.exe[4696] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a5000a .text C:\Windows\SysWOW64\subst.exe[4696] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71ac0000 .text C:\Windows\SysWOW64\subst.exe[4696] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a2000a .text C:\Windows\system32\conhost.exe[4712] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Windows\system32\conhost.exe[4712] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Windows\system32\conhost.exe[4712] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Windows\system32\conhost.exe[4712] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Windows\system32\conhost.exe[4720] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Windows\system32\conhost.exe[4720] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Windows\system32\conhost.exe[4720] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Windows\system32\conhost.exe[4720] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Windows\system32\sppsvc.exe[3920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes [B5, 6F, 06] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2260] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2260] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71af000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2260] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a5000a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2260] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2260] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a2000a .text C:\Windows\System32\svchost.exe[976] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]} .text C:\Windows\System32\svchost.exe[976] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]} .text C:\Windows\System32\svchost.exe[976] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]} .text C:\Windows\System32\svchost.exe[976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcf49055 3 bytes CALL 9000027 .text C:\Users\R\Desktop\Trojaner\Gmer-19357.exe[3900] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075b5103d 6 bytes JMP 71a8000a .text C:\Users\R\Desktop\Trojaner\Gmer-19357.exe[3900] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075b51072 6 bytes JMP 71af000a .text C:\Users\R\Desktop\Trojaner\Gmer-19357.exe[3900] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000075b7c9b5 6 bytes JMP 71a5000a .text C:\Users\R\Desktop\Trojaner\Gmer-19357.exe[3900] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000760a2c9e 4 bytes CALL 71ac0000 .text C:\Users\R\Desktop\Trojaner\Gmer-19357.exe[3900] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW 0000000074e85429 6 bytes JMP 71a2000a ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\dllhost.exe [1720:2104] 000000007ef90000 Thread C:\Windows\SysWOW64\dllhost.exe [1720:2132] 000000007ef9183d Thread C:\Windows\SysWOW64\dllhost.exe [1720:2148] 000000007ef96643 Thread C:\Windows\SysWOW64\dllhost.exe [1720:2152] 000000007ef955c8 Thread C:\Windows\SysWOW64\wiaacmgr.exe [2932:1780] 000000007ef97c32 Thread C:\Windows\SysWOW64\wiaacmgr.exe [2932:2876] 000000007ef97be4 Thread C:\Windows\SysWOW64\wiaacmgr.exe [2932:3124] 000000007ef991d3 Thread C:\Windows\SysWOW64\wiaacmgr.exe [2932:3152] 000000007ef9dc0c Thread C:\Windows\SysWOW64\iexpress.exe [2832:3096] 000000007ef97c32 Thread C:\Windows\SysWOW64\iexpress.exe [2832:3100] 000000007ef97be4 Thread C:\Windows\SysWOW64\iexpress.exe [2832:3128] 000000007ef991d3 Thread C:\Windows\SysWOW64\iexpress.exe [2832:3156] 000000007ef9dc0c Thread C:\Windows\SysWOW64\replace.exe [2180:3168] 000000007ef97c32 Thread C:\Windows\SysWOW64\replace.exe [2180:3172] 000000007ef97be4 Thread C:\Windows\SysWOW64\replace.exe [2180:3208] 000000007ef991d3 Thread C:\Windows\SysWOW64\replace.exe [2180:3280] 000000007ef9dc0c Thread C:\Windows\SysWOW64\subst.exe [4696:4748] 000000007ef97c32 Thread C:\Windows\SysWOW64\subst.exe [4696:4752] 000000007ef97be4 Thread C:\Windows\SysWOW64\subst.exe [4696:4768] 000000007ef991d3 Thread C:\Windows\SysWOW64\subst.exe [4696:4784] 000000007ef9dc0c Thread C:\Windows\SysWOW64\chkdsk.exe [4704:4756] 000000007efc7c32 Thread C:\Windows\SysWOW64\chkdsk.exe [4704:4760] 000000007efc7be4 Thread C:\Windows\SysWOW64\chkdsk.exe [4704:4772] 000000007efc91d3 Thread C:\Windows\SysWOW64\chkdsk.exe [4704:4780] 000000007efcdc0c Thread C:\Windows\SysWOW64\chkdsk.exe [4704:4824] 0000000077332e65 Thread C:\Windows\SysWOW64\chkdsk.exe [4704:4836] 0000000077333e85 Thread C:\Windows\SysWOW64\chkdsk.exe [4704:3504] 0000000077333e85 Thread C:\Windows\SysWOW64\chkdsk.exe [4704:5112] 0000000077337151 Thread C:\Windows\SysWOW64\chkdsk.exe [4704:4924] 0000000077333e85 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ExcludeProfileDirs AppData\Local;AppData\LocalLow;$Recycle.Bin Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@BuildNumber 7601 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@FirstLogon 0 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ParseAutoexec 1 ---- EOF - GMER 2.1 ---- Code:
ATTFilter Search results from Spybot - Search & Destroy 31.01.2015 11:08:50 Scan took 02:01:39. 6 items found. MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done) Verlauf: [SBI $49804B54] Browser: History (2) (Browser: History, nothing done) --- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) --- 2014-06-24 blindman.exe (2.4.40.151) 2014-06-24 explorer.exe (2.4.40.181) 2014-06-24 SDBootCD.exe (2.4.40.109) 2014-06-24 SDCleaner.exe (2.4.40.110) 2014-06-24 SDDelFile.exe (2.4.40.94) 2013-06-18 SDDisableProxy.exe 2014-06-24 SDFiles.exe (2.4.40.135) 2014-06-24 SDFileScanHelper.exe (2.4.40.1) 2014-06-24 SDFSSvc.exe (2.4.40.217) 2014-06-24 SDHelp.exe (2.4.40.1) 2014-04-25 SDHookHelper.exe (2.3.39.2) 2014-04-25 SDHookInst32.exe (2.3.39.2) 2014-04-25 SDHookInst64.exe (2.3.39.2) 2014-06-24 SDImmunize.exe (2.4.40.130) 2014-06-24 SDLogReport.exe (2.4.40.107) 2014-06-24 SDOnAccess.exe (2.4.40.11) 2014-06-24 SDPESetup.exe (2.4.40.3) 2014-06-24 SDPEStart.exe (2.4.40.86) 2014-06-24 SDPhoneScan.exe (2.4.40.28) 2014-06-24 SDPRE.exe (2.4.40.22) 2014-06-24 SDPrepPos.exe (2.4.40.15) 2014-06-24 SDQuarantine.exe (2.4.40.103) 2014-06-24 SDRootAlyzer.exe (2.4.40.116) 2014-06-24 SDSBIEdit.exe (2.4.40.39) 2014-06-24 SDScan.exe (2.4.40.181) 2014-06-24 SDScript.exe (2.4.40.54) 2014-06-24 SDSettings.exe (2.4.40.139) 2014-06-24 SDShell.exe (2.4.40.2) 2014-06-24 SDShred.exe (2.4.40.108) 2014-06-24 SDSysRepair.exe (2.4.40.102) 2014-06-24 SDTools.exe (2.4.40.157) 2014-06-24 SDTray.exe (2.4.40.129) 2014-06-27 SDUpdate.exe (2.4.40.94) 2014-06-27 SDUpdSvc.exe (2.4.40.77) 2014-06-24 SDWelcome.exe (2.4.40.130) 2014-04-25 SDWSCSvc.exe (2.3.39.2) 2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0) 2014-10-01 spybotsd2-install-scannerservice.exe (2.4.40.0) 2014-07-31 spybotsd2-translation-esx.exe 2013-06-19 spybotsd2-translation-frx.exe 2014-08-25 spybotsd2-translation-hux2.exe 2014-10-01 spybotsd2-translation-nlx2.exe 2014-11-05 spybotsd2-translation-ukx.exe 2014-11-10 unins000.exe (51.1052.0.0) 1999-12-02 xcacls.exe 2012-08-23 borlndmm.dll (10.0.2288.42451) 2012-09-05 DelZip190.dll (1.9.0.107) 2012-09-10 libeay32.dll (1.0.0.4) 2012-09-10 libssl32.dll (1.0.0.4) 2014-04-25 NotificationSpreader.dll 2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98) 2014-04-25 SDAV.dll 2014-06-24 SDECon32.dll (2.4.40.114) 2014-06-24 SDECon64.dll (2.3.39.113) 2014-06-24 SDEvents.dll (2.4.40.2) 2014-06-24 SDFileScanLibrary.dll (2.4.40.14) 2014-04-25 SDHook32.dll (2.3.39.2) 2014-04-25 SDHook64.dll (2.3.39.2) 2014-06-24 SDImmunizeLibrary.dll (2.4.40.2) 2014-06-24 SDLicense.dll (2.4.40.0) 2014-06-24 SDLists.dll (2.4.40.4) 2014-06-24 SDResources.dll (2.4.40.7) 2014-06-24 SDScanLibrary.dll (2.4.40.131) 2014-06-24 SDTasks.dll (2.4.40.15) 2014-06-24 SDWinLogon.dll (2.4.40.0) 2012-08-23 sqlite3.dll 2012-09-10 ssleay32.dll (1.0.0.4) 2014-06-24 Tools.dll (2.4.40.36) 2014-03-05 Includes\Adware-000.sbi (*) 2014-01-08 Includes\Adware-001.sbi (*) 2015-01-28 Includes\Adware-C.sbi (*) 2014-01-13 Includes\Adware.sbi (*) 2014-01-13 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2014-11-14 Includes\Dialer-000.sbi (*) 2014-11-14 Includes\Dialer-001.sbi (*) 2014-01-08 Includes\Dialer-C.sbi (*) 2014-01-13 Includes\Dialer.sbi (*) 2014-01-13 Includes\DialerC.sbi (*) 2014-01-09 Includes\Fraud-000.sbi (*) 2014-01-09 Includes\Fraud-001.sbi (*) 2014-03-31 Includes\Fraud-002.sbi (*) 2014-01-09 Includes\Fraud-003.sbi (*) 2012-11-14 Includes\HeavyDuty.sbi (*) 2014-11-14 Includes\Hijackers-000.sbi (*) 2014-11-14 Includes\Hijackers-001.sbi (*) 2014-01-08 Includes\Hijackers-C.sbi (*) 2014-01-13 Includes\Hijackers.sbi (*) 2014-01-13 Includes\HijackersC.sbi (*) 2014-01-08 Includes\iPhone-000.sbi (*) 2014-01-08 Includes\iPhone.sbi (*) 2014-11-14 Includes\Keyloggers-000.sbi (*) 2014-09-24 Includes\Keyloggers-C.sbi (*) 2014-01-13 Includes\Keyloggers.sbi (*) 2014-01-13 Includes\KeyloggersC.sbi (*) 2014-11-14 Includes\Malware-000.sbi (*) 2014-11-14 Includes\Malware-001.sbi (*) 2014-11-14 Includes\Malware-002.sbi (*) 2014-11-14 Includes\Malware-003.sbi (*) 2014-11-14 Includes\Malware-004.sbi (*) 2014-11-14 Includes\Malware-005.sbi (*) 2014-02-26 Includes\Malware-006.sbi (*) 2014-01-09 Includes\Malware-007.sbi (*) 2015-01-28 Includes\Malware-C.sbi (*) 2014-01-13 Includes\Malware.sbi (*) 2013-12-23 Includes\MalwareC.sbi (*) 2014-11-14 Includes\PUPS-000.sbi (*) 2014-01-15 Includes\PUPS-001.sbi (*) 2014-01-15 Includes\PUPS-002.sbi (*) 2015-01-28 Includes\PUPS-C.sbi (*) 2012-11-14 Includes\PUPS.sbi (*) 2014-01-07 Includes\PUPSC.sbi (*) 2014-01-08 Includes\Security-000.sbi (*) 2014-01-08 Includes\Security-C.sbi (*) 2014-01-21 Includes\Security.sbi (*) 2014-01-21 Includes\SecurityC.sbi (*) 2014-11-14 Includes\Spyware-000.sbi (*) 2014-12-10 Includes\Spyware-001.sbi (*) 2015-01-14 Includes\Spyware-C.sbi (*) 2014-01-21 Includes\Spyware.sbi (*) 2014-01-21 Includes\SpywareC.sbi (*) 2011-06-07 Includes\Tracks.sbi (*) 2012-11-19 Includes\Tracks.uti (*) 2014-01-15 Includes\Trojans-000.sbi (*) 2014-01-15 Includes\Trojans-001.sbi (*) 2014-11-14 Includes\Trojans-002.sbi (*) 2014-01-15 Includes\Trojans-003.sbi (*) 2014-01-15 Includes\Trojans-004.sbi (*) 2014-03-19 Includes\Trojans-005.sbi (*) 2014-07-09 Includes\Trojans-006.sbi (*) 2014-01-15 Includes\Trojans-007.sbi (*) 2014-07-09 Includes\Trojans-008.sbi (*) 2014-07-09 Includes\Trojans-009.sbi (*) 2015-01-21 Includes\Trojans-C.sbi (*) 2014-01-15 Includes\Trojans-OG-000.sbi (*) 2014-01-15 Includes\Trojans-TD-000.sbi (*) 2014-01-15 Includes\Trojans-VM-000.sbi (*) 2014-01-15 Includes\Trojans-VM-001.sbi (*) 2014-01-15 Includes\Trojans-VM-002.sbi (*) 2014-01-15 Includes\Trojans-VM-003.sbi (*) 2014-01-15 Includes\Trojans-VM-004.sbi (*) 2014-01-15 Includes\Trojans-VM-005.sbi (*) 2014-01-15 Includes\Trojans-VM-006.sbi (*) 2014-01-15 Includes\Trojans-VM-007.sbi (*) 2014-01-15 Includes\Trojans-VM-008.sbi (*) 2014-01-15 Includes\Trojans-VM-009.sbi (*) 2014-01-15 Includes\Trojans-VM-010.sbi (*) 2014-01-15 Includes\Trojans-VM-011.sbi (*) 2014-01-15 Includes\Trojans-VM-012.sbi (*) 2014-01-15 Includes\Trojans-VM-013.sbi (*) 2014-01-15 Includes\Trojans-VM-014.sbi (*) 2014-01-15 Includes\Trojans-VM-015.sbi (*) 2014-01-15 Includes\Trojans-VM-016.sbi (*) 2014-01-15 Includes\Trojans-VM-017.sbi (*) 2014-01-15 Includes\Trojans-VM-018.sbi (*) 2014-01-15 Includes\Trojans-VM-019.sbi (*) 2014-01-15 Includes\Trojans-VM-020.sbi (*) 2014-01-15 Includes\Trojans-VM-021.sbi (*) 2014-01-15 Includes\Trojans-VM-022.sbi (*) 2014-01-15 Includes\Trojans-VM-023.sbi (*) 2014-01-15 Includes\Trojans-VM-024.sbi (*) 2014-01-15 Includes\Trojans-ZB-000.sbi (*) 2014-01-15 Includes\Trojans-ZL-000.sbi (*) 2014-01-09 Includes\Trojans.sbi (*) 2014-01-16 Includes\TrojansC-01.sbi (*) 2014-01-16 Includes\TrojansC-02.sbi (*) 2014-01-16 Includes\TrojansC-03.sbi (*) 2014-01-16 Includes\TrojansC-04.sbi (*) 2014-01-16 Includes\TrojansC-05.sbi (*) 2014-01-09 Includes\TrojansC.sbi (*) |
Themen zu Warnmeldung von der Telecom , bedrohung duch Trojaner |
administrator, adobe, bonjour, browser, defender, desktop, explorer, firefox, home, homepage, launch, log, microsoft, mozilla, packard bell, programm, realtek, registry, registry key, scan, services.exe, software, svchost.exe, system, temp, trojaner, windows, winlogon.exe |