| Miyagisun | 18.04.2014 16:04 |
Avast findet folgende Gefahren: Win32:Adware-gen [Adw] Win32:PUP-gen[PUP]
Hallo liebe Helfer der Trojaner-Board-Community,
ich habe mir erst vor kurzem einen neuen Laptop (System: Win 7) gekauft und habe heute bei einen Scan mit Avast folgendes finden können:
Leider war die Protokollfunktion von Avast nicht aktiviert weshalb ich hier die Funde manuell einpflegen musste: Code:
Beim ersten Scan (schnelle Überprüfung) wurde folgendes gefunden:
C:\Users\*********\AppData\Local\Microsoft\Windows \Temporary Internet Files\Content.IE5\YWA1162T\MyPhoneExplorer_2_5185[1].exe
Schweregrad: Hoch
Bedrohung: Win32:Adware-gen[Adw]
Aktion: In Container verschieben (habe automatisch in Ordnung bringen gewählt)
Danach wurde das System neu gestartet und ein Scan vor dem Start von Windows durchgeführt. Dabei wurden folgende Funde gemacht:
C:\AdwCleaner\Quarantine\C\Progame Files (x86)\SearchProtect\bin\SPVC32.dll.vir
C:\Users\*********\AppData\Local\Temp\SPSetup.exe | >$R1\rep\$R1\SPV32.dll
Schweregrad: Niedrig (gilt für beide)
Status: PUP:WIN32:PUP-gen [PUP] (gilt für beide)
Aktion: In Container verschieben (gilt für beide)
DEFOGGER LOG Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:08 on 18/04/2014 (Heisenberg)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Addition LOG Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by Heisenberg at 2014-04-18 16:10:18
Running from C:\Users\Heisenberg\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
7 Sticky Notes (HKLM-x32\...\{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1) (Version: - Fabio Martin)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1345, 26.03.2014 - AIMP DevTeam)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Anki (HKLM-x32\...\Anki) (Version: - )
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.2.0 - Auslogics Labs Pty Ltd)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version: - Rocksteady Studios)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
Comic Collector (HKLM-x32\...\{4C44DC2C-4DE3-4120-865F-F770C53972DE}_is1) (Version: - Collectorz.com)
Deadlight (HKLM-x32\...\Steam App 211400) (Version: - Tequila Works, S.L.)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.27 - Dropbox, Inc.)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.9.10 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.00.132 - Oracle, Inc.) Hidden
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6)
MailStore Home 8.2.0.9316 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.2.0.9316 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MasterCook 14 (HKLM-x32\...\{F0094E41-E9BB-4B68-92AA-E2A940B56644}) (Version: 14.00.20 - Valusoft Cosmi)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 11.10.13 - NVIDIA Corporation)
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Personal Backup 5.5 (HKLM-x32\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.728.728.042813 - REALTEK Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: - )
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Seterra 4.02 (HKLM-x32\...\{7C7C274C-DBC8-47FE-923F-9AAD59A4F9F4}}_is1) (Version: 4.02 - Marianne Wartoft AB)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TIPP10 Version 2.0.3 (HKLM-x32\...\TIPP10_is1) (Version: - (c) 2006-2008, Tom Thielicke)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WinRAR 5.10 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.1 - win.rar GmbH)
XMind 2013 (v3.4.1) (HKLM-x32\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)
You Need A Budget 4 (YNAB) (HKLM-x32\...\Steam App 227320) (Version: - YouNeedABudget.com)
==================== Restore Points =========================
10-04-2014 07:32:28 Windows Update
15-04-2014 06:10:38 Windows Update
18-04-2014 06:37:57 Windows Update
18-04-2014 13:59:32 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {040FB331-D803-4781-AFFB-588DCAF57F76} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-13] (Adobe Systems Incorporated)
Task: {23E51D16-ADD8-4978-A27C-294EEB1BE1CB} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-03-29] (IObit)
Task: {F7D8B6EB-C8D0-4FB2-B322-971A96B88DA3} - System32\Tasks\avast! Emergency Update => E:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-27] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-03-29 16:17 - 2014-03-04 16:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-03-29 15:33 - 2013-04-25 17:32 - 00047104 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-03-29 15:33 - 2013-04-09 15:42 - 00265728 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe
2014-04-08 19:14 - 2014-03-07 22:39 - 03168576 _____ () C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2014-04-18 14:27 - 2014-04-18 14:27 - 02215424 _____ () E:\Program Files\AVAST Software\Avast\defs\14041800\algo.dll
2014-03-29 16:17 - 2014-03-04 16:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-03-29 15:24 - 2012-10-13 23:20 - 00805376 _____ () C:\Windows\SysWow64\EditCtlsU.ocx
2014-03-27 21:40 - 2014-03-27 21:40 - 19336120 _____ () E:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-18 15:12 - 2014-04-18 15:12 - 00041984 _____ () C:\Users\Heisenberg\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuqhljr.dll
2014-03-29 17:44 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-27 21:55 - 2014-03-15 10:40 - 03642480 _____ () E:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-29 16:48 - 2014-03-16 23:41 - 03018864 _____ () E:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-03-29 16:48 - 2014-03-16 23:41 - 00158832 _____ () E:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-03-29 16:48 - 2014-03-16 23:41 - 00023152 _____ () E:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2006-10-26 13:56 - 2006-10-26 13:56 - 00757008 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: Steam Client Service => 3
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/18/2014 08:35:40 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/16/2014 08:25:48 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/14/2014 08:11:22 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/14/2014 01:31:46 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/14/2014 08:05:28 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/13/2014 07:49:43 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/12/2014 08:02:39 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/12/2014 03:49:20 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/11/2014 08:05:18 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (04/10/2014 09:31:53 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 28.0.0.5186, Zeitstempel: 0x53240e37
Name des fehlerhaften Moduls: xul.dll, Version: 28.0.0.5186, Zeitstempel: 0x53240e04
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00184729
ID des fehlerhaften Prozesses: 0x238
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
System errors:
=============
Error: (04/18/2014 04:10:39 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/18/2014 04:10:16 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/18/2014 04:09:56 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/18/2014 04:09:36 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/18/2014 04:09:16 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/18/2014 04:08:56 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/18/2014 04:08:36 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/18/2014 04:08:16 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/18/2014 04:07:56 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (04/18/2014 04:07:36 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 8112.54 MB
Available physical RAM: 5328.69 MB
Total Pagefile: 16223.26 MB
Available Pagefile: 13548.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.56 GB) (Free:52.54 GB) NTFS
Drive d: (Heisenberg) (Fixed) (Total:371.09 GB) (Free:223.03 GB) NTFS
Drive e: () (Fixed) (Total:229.88 GB) (Free:213.34 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 255BBE1F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=371 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=230 GB) - (Type=07 NTFS)
==================== End Of Log ============================
GMER LOG Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-18 16:34:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD7500BPVX-22JC3T0 rev.01.01A01 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\HEISEN~1\AppData\Local\Temp\kxtyrkod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff80002df0000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 598 fffff80002df0036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7ef8d 1 byte [62]
.text C:\Windows\system32\services.exe[752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7ef8d 1 byte [62]
.text C:\Windows\system32\winlogon.exe[948] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7ef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7ef8d 1 byte [62]
.text C:\Windows\system32\Dwm.exe[1456] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f2db0 5 bytes JMP 000007fffd0e0180
.text C:\Windows\system32\Dwm.exe[1456] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f37d0 7 bytes JMP 000007fffd0e00d8
.text C:\Windows\system32\Dwm.exe[1456] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f8ef0 6 bytes JMP 000007fffd0e0148
.text C:\Windows\system32\Dwm.exe[1456] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd10af60 5 bytes JMP 000007fffd0e0110
.text C:\Windows\system32\Dwm.exe[1456] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7389e0 8 bytes JMP 000007fffd0e01f0
.text C:\Windows\system32\Dwm.exe[1456] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd73be40 8 bytes JMP 000007fffd0e01b8
.text C:\Windows\system32\Dwm.exe[1456] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef9c84da4 7 bytes JMP 000007fff9c100d8
.text C:\Windows\system32\Dwm.exe[1456] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef9ca9af4 7 bytes JMP 000007fff9c10110
.text C:\Windows\Explorer.EXE[1480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7ef8d 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7ef8d 1 byte [62]
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[1812] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7ef8d 1 byte [62]
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[1888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7ef8d 1 byte [62]
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[1960] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000076c2a400 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[1960] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000076c33f20 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[1960] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000076c4ffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[1960] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000076c5f2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[1960] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7ef8d 1 byte [62]
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[1960] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000076c89a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[1960] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000076c994c0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[1960] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000076cb87e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[1960] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f2db0 5 bytes JMP 000007fffd0e0180
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[1960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f37d0 7 bytes JMP 000007fffd0e00d8
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[1960] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f8ef0 6 bytes JMP 000007fffd0e0148
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[1960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd10af60 5 bytes JMP 000007fffd0e0110
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[1960] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7389e0 8 bytes JMP 000007fffd0e01f0
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[1960] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd73be40 8 bytes JMP 000007fffd0e01b8
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[1960] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefef67490 11 bytes JMP 000007fffd0e0228
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[1960] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef7bf00 7 bytes JMP 000007fffd0e0260
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1968] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007690a2fd 1 byte [62]
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076571465 2 bytes [57, 76]
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765714bb 2 bytes [57, 76]
.text ... * 2
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[1256] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007690a2fd 1 byte [62]
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe[1472] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7ef8d 1 byte [62]
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000768e1f0e 7 bytes JMP 0000000170093550
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000768e5bad 7 bytes JMP 00000001700937f0
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768f1409 7 bytes JMP 0000000170093650
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000768fea45 7 bytes JMP 0000000170093540
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007690a2fd 1 byte [62]
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076988e24 7 bytes JMP 0000000170093310
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076988ea9 5 bytes JMP 00000001700933c0
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769891ff 5 bytes JMP 0000000170093320
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076891d1b 5 bytes JMP 00000001700932b0
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076891dc9 5 bytes JMP 0000000170093270
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076892aa4 5 bytes JMP 00000001700933d0
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076892d0a 5 bytes JMP 00000001700930b0
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076688a29 5 bytes JMP 0000000170092c60
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076694572 5 bytes JMP 0000000170093030
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000766ae567 5 bytes JMP 00000001700930a0
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000766e7a5c 5 bytes JMP 0000000170093020
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007554e96b 5 bytes JMP 0000000170092cd0
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007554eba5 5 bytes JMP 0000000170092ce0
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076571465 2 bytes [57, 76]
.text E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765714bb 2 bytes [57, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [2108] entry point in ".rdata" section 00000000738271e6
.text C:\Windows\System32\rundll32.exe[2216] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7ef8d 1 byte [62]
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[2864] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f2db0 5 bytes JMP 000007fffd0e0180
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[2864] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f37d0 7 bytes JMP 000007fffd0e00d8
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[2864] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f8ef0 6 bytes JMP 000007fffd0e0148
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[2864] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd10af60 5 bytes JMP 000007fffd0e0110
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[2864] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7389e0 8 bytes JMP 000007fffd0e01f0
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[2864] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd73be40 8 bytes JMP 000007fffd0e01b8
.text C:\Windows\System32\igfxpers.exe[3136] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f2db0 5 bytes JMP 000007fffd0e0180
.text C:\Windows\System32\igfxpers.exe[3136] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f37d0 7 bytes JMP 000007fffd0e00d8
.text C:\Windows\System32\igfxpers.exe[3136] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f8ef0 6 bytes JMP 000007fffd0e0148
.text C:\Windows\System32\igfxpers.exe[3136] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd10af60 5 bytes JMP 000007fffd0e0110
.text C:\Windows\System32\igfxpers.exe[3136] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7389e0 8 bytes JMP 000007fffd0e01f0
.text C:\Windows\System32\igfxpers.exe[3136] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd73be40 8 bytes JMP 000007fffd0e01b8
.text C:\Windows\System32\igfxpers.exe[3136] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefef67490 11 bytes JMP 000007fffd0e0228
.text C:\Windows\System32\igfxpers.exe[3136] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef7bf00 7 bytes JMP 000007fffd0e0260
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000768e1f0e 7 bytes JMP 0000000170093550
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000768e5bad 7 bytes JMP 00000001700937f0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768f1409 7 bytes JMP 0000000170093650
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000768fea45 7 bytes JMP 0000000170093540
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007690a2fd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076988e24 7 bytes JMP 0000000170093310
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076988ea9 5 bytes JMP 00000001700933c0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769891ff 5 bytes JMP 0000000170093320
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076891d1b 5 bytes JMP 00000001700932b0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076891dc9 5 bytes JMP 0000000170093270
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076892aa4 5 bytes JMP 00000001700933d0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076892d0a 5 bytes JMP 00000001700930b0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076688a29 5 bytes JMP 0000000170092c60
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076694572 5 bytes JMP 0000000170093030
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000766ae567 5 bytes JMP 00000001700930a0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000766e7a5c 5 bytes JMP 0000000170093020
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007554e96b 5 bytes JMP 0000000170092cd0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007554eba5 5 bytes JMP 0000000170092ce0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075115ea5 5 bytes JMP 0000000170092c20
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3420] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075149d0b 5 bytes JMP 0000000170092bb0
.text C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[3564] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000768e1f0e 7 bytes JMP 0000000170093550
.text C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[3564] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000768e5bad 7 bytes JMP 00000001700937f0
.text C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[3564] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768f1409 7 bytes JMP 0000000170093650
.text C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[3564] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000768fea45 7 bytes JMP 0000000170093540
.text C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[3564] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007690a2fd 1 byte [62]
.text C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[3564] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076988e24 7 bytes JMP 0000000170093310
.text C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[3564] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076988ea9 5 bytes JMP 00000001700933c0
.text C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[3564] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769891ff 5 bytes JMP 0000000170093320
.text C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[3564] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076891d1b 5 bytes JMP 00000001700932b0
.text C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[3564] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076891dc9 5 bytes JMP 0000000170093270
.text C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[3564] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076892aa4 5 bytes JMP 00000001700933d0
.text C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[3564] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076892d0a 5 bytes JMP 00000001700930b0
.text C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[3564] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076688a29 5 bytes JMP 0000000170092c60
.text C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[3564] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076694572 5 bytes JMP 0000000170093030
.text C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[3564] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000766ae567 5 bytes JMP 00000001700930a0
.text C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[3564] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000766e7a5c 5 bytes JMP 0000000170093020
.text C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[3564] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007554e96b 5 bytes JMP 0000000170092cd0
.text C:\Users\Heisenberg\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe[3564] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007554eba5 5 bytes JMP 0000000170092ce0
.text E:\Program Files\AVAST Software\Avast\AvastUI.exe[4044] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000768e8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text E:\Program Files\AVAST Software\Avast\AvastUI.exe[4044] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007690a2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000768e1f0e 7 bytes JMP 0000000170093550
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000768e5bad 7 bytes JMP 00000001700937f0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768f1409 7 bytes JMP 0000000170093650
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000768fea45 7 bytes JMP 0000000170093540
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007690a2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076988e24 7 bytes JMP 0000000170093310
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076988ea9 5 bytes JMP 00000001700933c0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769891ff 5 bytes JMP 0000000170093320
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076891d1b 5 bytes JMP 00000001700932b0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076891dc9 5 bytes JMP 0000000170093270
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076892aa4 5 bytes JMP 00000001700933d0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076892d0a 5 bytes JMP 00000001700930b0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007554e96b 5 bytes JMP 0000000170092cd0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007554eba5 5 bytes JMP 0000000170092ce0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076688a29 5 bytes JMP 0000000170092c60
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076694572 5 bytes JMP 0000000170093030
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000766ae567 5 bytes JMP 00000001700930a0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000766e7a5c 5 bytes JMP 0000000170093020
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075115ea5 5 bytes JMP 0000000170092c20
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3088] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075149d0b 5 bytes JMP 0000000170092bb0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000768e1f0e 7 bytes JMP 0000000170093550
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000768e5bad 7 bytes JMP 00000001700937f0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768f1409 7 bytes JMP 0000000170093650
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000768fea45 7 bytes JMP 0000000170093540
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007690a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076988e24 7 bytes JMP 0000000170093310
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076988ea9 5 bytes JMP 00000001700933c0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769891ff 5 bytes JMP 0000000170093320
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076891d1b 5 bytes JMP 00000001700932b0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076891dc9 5 bytes JMP 0000000170093270
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076892aa4 5 bytes JMP 00000001700933d0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076892d0a 5 bytes JMP 00000001700930b0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007554e96b 5 bytes JMP 0000000170092cd0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007554eba5 5 bytes JMP 0000000170092ce0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076688a29 5 bytes JMP 0000000170092c60
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076694572 5 bytes JMP 0000000170093030
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000766ae567 5 bytes JMP 00000001700930a0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000766e7a5c 5 bytes JMP 0000000170093020
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075115ea5 5 bytes JMP 0000000170092c20
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3228] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075149d0b 5 bytes JMP 0000000170092bb0
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000768e1f0e 7 bytes JMP 0000000170093550
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000768e5bad 7 bytes JMP 00000001700937f0
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768f1409 7 bytes JMP 0000000170093650
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000768fea45 7 bytes JMP 0000000170093540
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007690a2fd 1 byte [62]
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076988e24 7 bytes JMP 0000000170093310
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076988ea9 5 bytes JMP 00000001700933c0
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769891ff 5 bytes JMP 0000000170093320
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076891d1b 5 bytes JMP 00000001700932b0
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076891dc9 5 bytes JMP 0000000170093270
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076892aa4 5 bytes JMP 00000001700933d0
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076892d0a 5 bytes JMP 00000001700930b0
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076688a29 5 bytes JMP 0000000170092c60
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076694572 5 bytes JMP 0000000170093030
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000766ae567 5 bytes JMP 00000001700930a0
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000766e7a5c 5 bytes JMP 0000000170093020
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007554e96b 5 bytes JMP 0000000170092cd0
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007554eba5 5 bytes JMP 0000000170092ce0
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075115ea5 5 bytes JMP 0000000170092c20
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075149d0b 5 bytes JMP 0000000170092bb0
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076571465 2 bytes [57, 76]
.text C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe[3968] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000765714bb 2 bytes [57, 76]
.text ... * 2
.text E:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[3544] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000768e1f0e 7 bytes JMP 0000000170093550
.text E:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[3544] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000768e5bad 7 bytes JMP 00000001700937f0
.text E:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[3544] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768f1409 7 bytes JMP 0000000170093650
.text E:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[3544] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000768fea45 7 bytes JMP 0000000170093540
.text E:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[3544] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007690a2fd 1 byte [62]
.text E:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[3544] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076988e24 7 bytes JMP 0000000170093310
.text E:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[3544] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076988ea9 5 bytes JMP 00000001700933c0
.text E:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[3544] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769891ff 5 bytes JMP 0000000170093320
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7ef8d 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000768e1f0e 7 bytes JMP 0000000170093550
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000768e5bad 7 bytes JMP 00000001700937f0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768f1409 7 bytes JMP 0000000170093650
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000768fea45 7 bytes JMP 0000000170093540
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007690a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076988e24 7 bytes JMP 0000000170093310
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076988ea9 5 bytes JMP 00000001700933c0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769891ff 5 bytes JMP 0000000170093320
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076891d1b 5 bytes JMP 00000001700932b0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076891dc9 5 bytes JMP 0000000170093270
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076892aa4 5 bytes JMP 00000001700933d0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076892d0a 5 bytes JMP 00000001700930b0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076688a29 5 bytes JMP 0000000170092c60
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076694572 5 bytes JMP 0000000170093030
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000766ae567 5 bytes JMP 00000001700930a0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000766e7a5c 5 bytes JMP 0000000170093020
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007554e96b 5 bytes JMP 0000000170092cd0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007554eba5 5 bytes JMP 0000000170092ce0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075115ea5 5 bytes JMP 0000000170092c20
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4748] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075149d0b 5 bytes JMP 0000000170092bb0
.text C:\Windows\servicing\TrustedInstaller.exe[1096] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7ef8d 1 byte [62]
.text C:\Windows\system32\wuauclt.exe[4740] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f2db0 5 bytes JMP 000007fffd0e0180
.text C:\Windows\system32\wuauclt.exe[4740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f37d0 7 bytes JMP 000007fffd0e00d8
.text C:\Windows\system32\wuauclt.exe[4740] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f8ef0 6 bytes JMP 000007fffd0e0148
.text C:\Windows\system32\wuauclt.exe[4740] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd10af60 5 bytes JMP 000007fffd0e0110
.text C:\Windows\system32\wuauclt.exe[4740] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefef67490 11 bytes JMP 000007fffd0e0228
.text C:\Windows\system32\wuauclt.exe[4740] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef7bf00 7 bytes JMP 000007fffd0e0260
.text C:\Windows\system32\wuauclt.exe[4740] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefd7389e0 8 bytes JMP 000007fffd0e01f0
.text C:\Windows\system32\wuauclt.exe[4740] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefd73be40 8 bytes JMP 000007fffd0e01b8
.text C:\Users\Heisenberg\Downloads\Gmer-19357.exe[5740] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000768e1f0e 7 bytes JMP 0000000170093550
.text C:\Users\Heisenberg\Downloads\Gmer-19357.exe[5740] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000768e5bad 7 bytes JMP 00000001700937f0
.text C:\Users\Heisenberg\Downloads\Gmer-19357.exe[5740] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768f1409 7 bytes JMP 0000000170093650
.text C:\Users\Heisenberg\Downloads\Gmer-19357.exe[5740] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000768fea45 7 bytes JMP 0000000170093540
.text C:\Users\Heisenberg\Downloads\Gmer-19357.exe[5740] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007690a2fd 1 byte [62]
.text C:\Users\Heisenberg\Downloads\Gmer-19357.exe[5740] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076988e24 7 bytes JMP 0000000170093310
.text C:\Users\Heisenberg\Downloads\Gmer-19357.exe[5740] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076988ea9 5 bytes JMP 00000001700933c0
.text C:\Users\Heisenberg\Downloads\Gmer-19357.exe[5740] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000769891ff 5 bytes JMP 0000000170093320
.text C:\Users\Heisenberg\Downloads\Gmer-19357.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076891d1b 5 bytes JMP 00000001700932b0
.text C:\Users\Heisenberg\Downloads\Gmer-19357.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076891dc9 5 bytes JMP 0000000170093270
.text C:\Users\Heisenberg\Downloads\Gmer-19357.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076892aa4 5 bytes JMP 00000001700933d0
.text C:\Users\Heisenberg\Downloads\Gmer-19357.exe[5740] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076892d0a 5 bytes JMP 00000001700930b0
.text C:\Users\Heisenberg\Downloads\Gmer-19357.exe[5740] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007554e96b 5 bytes JMP 0000000170092cd0
.text C:\Users\Heisenberg\Downloads\Gmer-19357.exe[5740] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007554eba5 5 bytes JMP 0000000170092ce0
.text C:\Users\Heisenberg\Downloads\Gmer-19357.exe[5740] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076688a29 5 bytes JMP 0000000170092c60
.text C:\Users\Heisenberg\Downloads\Gmer-19357.exe[5740] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076694572 5 bytes JMP 0000000170093030
.text C:\Users\Heisenberg\Downloads\Gmer-19357.exe[5740] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000766ae567 5 bytes JMP 00000001700930a0
.text C:\Users\Heisenberg\Downloads\Gmer-19357.exe[5740] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000766e7a5c 5 bytes JMP 0000000170093020
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2480:3808] 000007fefb332a7c
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5408:4980] 0000000075667587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5408:4612] 0000000065ba7712
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5408:2844] 0000000077072e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5408:5836] 0000000077073e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5408:4056] 0000000077073e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5408:3284] 0000000077073e85
---- Processes - GMER 2.1 ----
Library C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe [3968](2014-03-29 15:44:20) 0000000003b70000
Library c:\users\heisen~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuqhljr.dll (*** suspicious ***) @ C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe [3968](2014-04-18 13:12:55) 0000000004140000
Library C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe [3968](2014-03-29 15:44:19) 00000000667d0000
Library C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Heisenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe [3968] (ICU Data DLL/The ICU Project)(2014-03-29 15:44:19) 0000000065e40000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\54271e0c9de3
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\54271e0c9de3 (not active ControlSet)
---- EOF - GMER 2.1 ----
Malewarebytes LOG Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 18.04.2014
Scan Time: 16:38:02
Logfile: Malewarebytes.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.04.18.04
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Heisenberg
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 241544
Time Elapsed: 1 hr, 8 min, 16 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 5
PUP.Optional.SearchProtect.A, C:\Users\Heisenberg\AppData\Local\Temp\nss9062.exe, , [eddf73b8abd0c472fe248c98778a649c],
PUP.Optional.SearchProtect.A, C:\Users\Heisenberg\AppData\Local\Temp\nssD6C6.exe, , [b8147ead5d1e2610081a28fc61a0a45c],
PUP.Optional.Conduit.A, C:\Users\Heisenberg\AppData\Local\Temp\nss6433\SpSetup.exe, , [dcf08ba04536d56145cca27724dd7f81],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc9DD8.exe, , [b715e249552643f3fa28d64e59a8b947],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsxBEFF.exe, , [9636b675512a6ec8bd65081c659cc63a],
Physical Sectors: 0
(No malicious items detected)
(end)
Die FRST LOG Datei ist zu groß, weshalb ich sie als Anhang dazugepackt habe.
Ich hoffe ich habe alles entstprechend der Anleitung richtig gemacht und dass ihr mir helfen könnt. Falls ich Infos vergessen haben sollte liefere ich die natürlich gerne nach. Schonmal Dankeschön! |
