Java/Jogek.QK gefunden
Hallo Leute.
Ich habe Gestern ein Virenscan (Avira) gemacht und heute dann nochmal, da habe ich
- JAVA/Jogek.QK
- EXP/CVE-2013-0422
gefunden. Bei Malwarebytes findet er jedoch nichts.
Ich hab Win 7 und hoffe, dass ihr mir helfen könnt.
Erstmal kommen die OTL Dateien.
Die Extras Datei habe ich als Anhang hoch geladen da ansonsten die Zeichenanzahl überschritten ist.
OTL Logfile: Code:
OTL logfile created on: 29.01.2013 13:24:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 5,39 Gb Available Physical Memory | 68,17% Memory free
15,82 Gb Paging File | 13,16 Gb Available in Paging File | 83,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 400,55 Gb Total Space | 198,07 Gb Free Space | 49,45% Space Free | Partition Type: NTFS
Drive D: | 505,96 Gb Total Space | 120,08 Gb Free Space | 23,73% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.01.29 13:23:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.26 22:32:54 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.09 21:24:13 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.05 14:56:39 | 000,037,440 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
PRC - [2012.05.02 06:15:59 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.20 19:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011.02.01 21:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 21:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.13 02:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.15 18:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010.08.17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.04.05 20:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.06.19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.05 14:56:39 | 000,037,440 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
MOD - [2012.07.05 14:56:24 | 000,052,800 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy_05.dll
MOD - [2011.04.28 11:44:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2009.11.02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
========== Services (SafeList) ==========
SRV:64bit: - [2011.01.25 22:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.11.29 23:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.01.19 02:27:04 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.01.19 02:25:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.09 02:10:29 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.10.19 15:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.08 10:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.10.02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011.02.01 21:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 21:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.13 02:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.04.05 20:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.08 10:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.10.08 10:42:14 | 000,284,008 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.20 01:24:15 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.07.20 01:12:56 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.05.05 19:22:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.05 01:47:58 | 001,327,104 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PLTGC.sys -- (PlantronicsGC)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.07 19:21:16 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.02.26 01:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2011.02.10 22:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 22:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.01.13 01:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.31 11:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.11.30 07:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.11.29 23:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011.05.26 03:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.finanzen.net/|hxxp://www.youtube.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 02:25:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 02:25:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.05.01 21:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.12.29 20:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\32m6mitz.default\extensions
[2012.12.29 20:00:56 | 002,319,618 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\32m6mitz.default\extensions\nasanightlaunch@example.com.xpi
[2013.01.11 01:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.19 02:25:27 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.18 11:36:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 10:35:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 11:36:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 11:36:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 11:36:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 11:36:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A97F8EFA-8789-452C-85B3-ED1535CA3CA5}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{920b21cb-96dc-11e1-80f6-14dae955eac2}\Shell - "" = AutoRun
O33 - MountPoints2\{920b21cb-96dc-11e1-80f6-14dae955eac2}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.29 13:23:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.28 22:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.01.28 22:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.01.16 11:23:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Canon
[2013.01.16 11:19:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Canon Easy-PhotoPrint EX
[2013.01.16 11:19:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX
[2013.01.11 01:54:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.09 04:08:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
========== Files - Modified Within 30 Days ==========
[2013.01.29 13:23:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.29 13:22:25 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.29 13:21:23 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.29 13:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.29 10:39:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.29 10:39:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.29 10:32:34 | 000,002,446 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013.01.29 10:32:25 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.01.29 10:32:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.29 10:32:05 | 2075,893,759 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.27 11:25:15 | 001,529,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.27 11:25:15 | 000,665,682 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.27 11:25:15 | 000,627,524 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.27 11:25:15 | 000,133,862 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.27 11:25:15 | 000,110,244 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.22 07:48:11 | 000,001,455 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013.01.22 07:47:33 | 000,295,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 03:59:13 | 000,007,619 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
========== Files Created - No Company Name ==========
[2013.01.29 13:22:25 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.01.29 13:21:22 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.21 16:02:33 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.01.10 03:59:13 | 000,007,619 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.11.08 14:09:10 | 000,000,402 | ---- | C] () -- C:\Windows\PLTGC.ini.cfl
[2012.11.08 14:09:03 | 000,003,489 | ---- | C] () -- C:\Windows\PLTGC.ini.cfg
[2012.11.08 14:09:03 | 000,000,432 | ---- | C] () -- C:\Windows\PLTGC.ini.imi
[2012.07.25 02:04:25 | 000,000,051 | ---- | C] () -- C:\ProgramData\lfjdiyfzxazgdbu
[2012.07.15 02:43:50 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.03.19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.09.29 20:27:43 | 000,000,447 | ---- | C] () -- C:\Windows\PLTGC.ini
[2011.06.20 15:01:42 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.13 03:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.05.01 06:38:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage
[2013.01.16 11:23:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2013.01.27 22:42:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro
[2012.06.13 20:20:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DarknessII
[2012.12.25 00:51:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.06.24 20:32:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fltk.org
[2012.08.04 15:59:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FX Flat
[2012.08.26 21:19:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2012.05.01 06:41:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance
[2012.05.01 23:05:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2013.01.29 13:06:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2012.08.25 23:08:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock
[2012.11.11 19:59:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.05.01 06:41:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon
========== Purity Check ==========
< End of report >
--- --- ---
Jetzt kommt die
Gmer-Datei: Code:
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-01-29 14:00:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.CC46 931,51GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\***\AppData\Local\Temp\pxdiqpow.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007709efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770c99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770d94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770d9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770fa500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff207490 11 bytes JMP 000007fffdd30228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1572] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff21bf00 7 bytes JMP 000007fffdd30260
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a51401 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a51419 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a51431 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a5144a 2 bytes [A5, 76]
.text ... * 9
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a514dd 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a514f5 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a5150d 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a51525 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a5153d 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a51555 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a5156d 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a51585 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a5159d 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a515b5 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a515cd 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a516b2 2 bytes [A5, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1896] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a516bd 2 bytes [A5, 76]
.text C:\Windows\system32\taskeng.exe[2464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Windows\system32\taskeng.exe[2464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Windows\system32\taskeng.exe[2464] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Windows\system32\taskeng.exe[2464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Windows\system32\taskeng.exe[2464] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Windows\system32\taskeng.exe[2464] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Windows\system32\taskeng.exe[2464] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff207490 11 bytes JMP 000007fffdd30228
.text C:\Windows\system32\taskeng.exe[2464] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff21bf00 7 bytes JMP 000007fffdd30260
.text C:\Windows\system32\Dwm.exe[2472] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Windows\system32\Dwm.exe[2472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Windows\system32\Dwm.exe[2472] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Windows\system32\Dwm.exe[2472] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Windows\system32\Dwm.exe[2472] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Windows\system32\Dwm.exe[2472] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Windows\system32\Dwm.exe[2472] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef7cd4da4 7 bytes JMP 000007fff7cc00d8
.text C:\Windows\system32\Dwm.exe[2472] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef7cf9af4 7 bytes JMP 000007fff7cc0110
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff207490 11 bytes JMP 000007fffdd30228
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff21bf00 7 bytes JMP 000007fffdd30260
.text C:\Windows\SysWOW64\ACEngSvr.exe[2872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Windows\SysWOW64\ACEngSvr.exe[2872] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Windows\SysWOW64\ACEngSvr.exe[2872] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Windows\SysWOW64\ACEngSvr.exe[2872] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Windows\SysWOW64\ACEngSvr.exe[2872] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Windows\SysWOW64\ACEngSvr.exe[2872] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Windows\SysWOW64\ACEngSvr.exe[2872] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff207490 11 bytes JMP 000007fffdd30228
.text C:\Windows\SysWOW64\ACEngSvr.exe[2872] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff21bf00 7 bytes JMP 000007fffdd30260
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007709efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770c99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770d94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770d9640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770fa500 7 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff207490 11 bytes JMP 000007fffdd30228
.text C:\Windows\System32\igfxpers.exe[2940] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff21bf00 7 bytes JMP 000007fffdd30260
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007709efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770c99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770d94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770d9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770fa500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[1352] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076721429 7 bytes JMP 000000017398128f
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007673b223 5 bytes JMP 000000017398159b
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767b88f4 7 bytes JMP 0000000173981339
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767b8979 5 bytes JMP 00000001739816b8
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767b8ccf 5 bytes JMP 000000017398101e
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1d1b 5 bytes JMP 00000001739811d1
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1dc9 5 bytes JMP 0000000173981019
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df2aa4 5 bytes JMP 000000017398154b
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df2d0a 5 bytes JMP 0000000173981276
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076d7e9a2 5 bytes JMP 00000001739815b4
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076d7ebdc 5 bytes JMP 000000017398119a
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a51401 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a51419 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a51431 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a5144a 2 bytes [A5, 76]
.text ... * 9
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a514dd 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a514f5 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a5150d 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a51525 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a5153d 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a51555 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a5156d 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a51585 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a5159d 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a515b5 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a515cd 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a516b2 2 bytes [A5, 76]
.text C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a516bd 2 bytes [A5, 76]
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000000007709efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000770c99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000770d94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 00000000770d9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 00000000770fa500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff207490 11 bytes JMP 000007fffdd30228
.text C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[3096] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff21bf00 7 bytes JMP 000007fffdd30260
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076721429 7 bytes JMP 000000017398128f
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007673b223 5 bytes JMP 000000017398159b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767b88f4 7 bytes JMP 0000000173981339
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767b8979 5 bytes JMP 00000001739816b8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767b8ccf 5 bytes JMP 000000017398101e
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1d1b 5 bytes JMP 00000001739811d1
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1dc9 5 bytes JMP 0000000173981019
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df2aa4 5 bytes JMP 000000017398154b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df2d0a 5 bytes JMP 0000000173981276
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076d7e9a2 5 bytes JMP 00000001739815b4
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076d7ebdc 5 bytes JMP 000000017398119a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076905ea5 5 bytes JMP 00000001739815e6
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3176] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076939d0b 5 bytes JMP 000000017398122b
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076721429 7 bytes JMP 000000017398128f
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007673b223 5 bytes JMP 000000017398159b
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767b88f4 7 bytes JMP 0000000173981339
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767b8979 5 bytes JMP 00000001739816b8
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767b8ccf 5 bytes JMP 000000017398101e
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1d1b 5 bytes JMP 00000001739811d1
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1dc9 5 bytes JMP 0000000173981019
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df2aa4 5 bytes JMP 000000017398154b
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df2d0a 5 bytes JMP 0000000173981276
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076d7e9a2 5 bytes JMP 00000001739815b4
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076d7ebdc 5 bytes JMP 000000017398119a
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076905ea5 5 bytes JMP 00000001739815e6
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076939d0b 5 bytes JMP 000000017398122b
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a51401 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a51419 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a51431 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a5144a 2 bytes [A5, 76]
.text ... * 9
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a514dd 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a514f5 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a5150d 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a51525 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a5153d 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a51555 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a5156d 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a51585 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a5159d 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a515b5 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a515cd 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a516b2 2 bytes [A5, 76]
.text C:\Windows\AsScrPro.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a516bd 2 bytes [A5, 76]
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076721429 7 bytes JMP 000000017398128f
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007673b223 5 bytes JMP 000000017398159b
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767b88f4 7 bytes JMP 0000000173981339
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767b8979 5 bytes JMP 00000001739816b8
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767b8ccf 5 bytes JMP 000000017398101e
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1d1b 5 bytes JMP 00000001739811d1
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1dc9 5 bytes JMP 0000000173981019
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df2aa4 5 bytes JMP 000000017398154b
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df2d0a 5 bytes JMP 0000000173981276
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076d7e9a2 5 bytes JMP 00000001739815b4
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076d7ebdc 5 bytes JMP 000000017398119a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076905ea5 5 bytes JMP 00000001739815e6
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076939d0b 5 bytes JMP 000000017398122b
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007709efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770c99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770d94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770d9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770fa500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3500] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007709efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770c99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770d94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770d9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770fa500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdda3460 7 bytes JMP 000007fffdd300d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdda9940 6 bytes JMP 000007fffdd30148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdda9fb0 5 bytes JMP 000007fffdd30180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefddaa150 5 bytes JMP 000007fffdd30110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff3f89e0 8 bytes JMP 000007fffdd301f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff3fbe40 8 bytes JMP 000007fffdd301b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff207490 11 bytes JMP 000007fffdd30228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3520] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff21bf00 7 bytes JMP 000007fffdd30260
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076721429 7 bytes JMP 000000017398128f
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007673b223 5 bytes JMP 000000017398159b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767b88f4 7 bytes JMP 0000000173981339
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767b8979 5 bytes JMP 00000001739816b8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767b8ccf 5 bytes JMP 000000017398101e
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1d1b 5 bytes JMP 00000001739811d1
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1dc9 5 bytes JMP 0000000173981019
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df2aa4 5 bytes JMP 000000017398154b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df2d0a 5 bytes JMP 0000000173981276
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076d7e9a2 5 bytes JMP 00000001739815b4
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076d7ebdc 5 bytes JMP 000000017398119a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076905ea5 5 bytes JMP 00000001739815e6
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4012] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076939d0b 5 bytes JMP 000000017398122b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076721429 7 bytes JMP 000000017398128f
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007673b223 5 bytes JMP 000000017398159b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767b88f4 7 bytes JMP 0000000173981339
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767b8979 5 bytes JMP 00000001739816b8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767b8ccf 5 bytes JMP 000000017398101e
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1d1b 5 bytes JMP 00000001739811d1
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1dc9 5 bytes JMP 0000000173981019
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df2aa4 5 bytes JMP 000000017398154b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df2d0a 5 bytes JMP 0000000173981276
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076d7e9a2 5 bytes JMP 00000001739815b4
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076d7ebdc 5 bytes JMP 000000017398119a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076905ea5 5 bytes JMP 00000001739815e6
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4040] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076939d0b 5 bytes JMP 000000017398122b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076721429 7 bytes JMP 000000017398128f
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007673b223 5 bytes JMP 000000017398159b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767b88f4 7 bytes JMP 0000000173981339
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767b8979 5 bytes JMP 00000001739816b8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767b8ccf 5 bytes JMP 000000017398101e
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1d1b 5 bytes JMP 00000001739811d1
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1dc9 5 bytes JMP 0000000173981019
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df2aa4 5 bytes JMP 000000017398154b
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df2d0a 5 bytes JMP 0000000173981276
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076d7e9a2 5 bytes JMP 00000001739815b4
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076d7ebdc 5 bytes JMP 000000017398119a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076905ea5 5 bytes JMP 00000001739815e6
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4048] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076939d0b 5 bytes JMP 000000017398122b
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076721429 7 bytes JMP 000000017398128f
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007673b223 5 bytes JMP 000000017398159b
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767b88f4 7 bytes JMP 0000000173981339
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767b8979 5 bytes JMP 00000001739816b8
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767b8ccf 5 bytes JMP 000000017398101e
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076df1d1b 5 bytes JMP 00000001739811d1
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076df1dc9 5 bytes JMP 0000000173981019
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076df2aa4 5 bytes JMP 000000017398154b
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076df2d0a 5 bytes JMP 0000000173981276
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076d7e9a2 5 bytes JMP 00000001739815b4
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076d7ebdc 5 bytes JMP 000000017398119a
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076905ea5 5 bytes JMP 00000001739815e6
.text C:\Users\***\Desktop\gmer_2.0.18454.exe[280] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076939d0b 5 bytes JMP 000000017398122b
---- Threads - GMER 2.0 ----
Thread C:\Windows\System32\svchost.exe [3904:3152] 000007fee7849688
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
---- EOF - GMER 2.0 ----
Jetzt kommt der Avira Bericht: Code:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 29. Januar 2013 11:51
Es wird nach 4739754 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : ***
Computername : ***-PC
Versionsinformationen:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 14.11.2012 13:15:54
AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50
LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 15.07.2012 14:02:51
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 14:02:44
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 20:19:52
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 16:53:55
VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 17:44:11
VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 17:44:11
VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 17:44:11
VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 17:44:11
VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 17:44:11
VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 19:12:53
VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 19:12:51
VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 19:13:00
VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 22:24:41
VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 06:11:53
VBASE018.VDF : 7.11.57.11 153088 Bytes 13.01.2013 12:06:15
VBASE019.VDF : 7.11.57.75 165888 Bytes 15.01.2013 19:39:41
VBASE020.VDF : 7.11.57.163 190976 Bytes 17.01.2013 07:34:44
VBASE021.VDF : 7.11.57.219 119808 Bytes 18.01.2013 07:34:41
VBASE022.VDF : 7.11.58.7 167936 Bytes 21.01.2013 07:34:47
VBASE023.VDF : 7.11.58.49 140288 Bytes 22.01.2013 08:06:50
VBASE024.VDF : 7.11.58.119 137728 Bytes 24.01.2013 11:48:26
VBASE025.VDF : 7.11.58.175 132608 Bytes 25.01.2013 11:48:23
VBASE026.VDF : 7.11.58.213 116736 Bytes 27.01.2013 11:48:30
VBASE027.VDF : 7.11.58.214 2048 Bytes 27.01.2013 11:48:31
VBASE028.VDF : 7.11.58.215 2048 Bytes 27.01.2013 11:48:31
VBASE029.VDF : 7.11.58.216 2048 Bytes 27.01.2013 11:48:31
VBASE030.VDF : 7.11.58.217 2048 Bytes 27.01.2013 11:48:31
VBASE031.VDF : 7.11.58.228 52736 Bytes 28.01.2013 12:15:31
Engineversion : 8.2.10.238
AEVDF.DLL : 8.1.2.10 102772 Bytes 15.07.2012 14:02:51
AESCRIPT.DLL : 8.1.4.84 467322 Bytes 25.01.2013 11:48:27
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 14:45:43
AESBX.DLL : 8.2.5.12 606578 Bytes 15.07.2012 14:02:51
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 22:24:44
AEPACK.DLL : 8.3.1.2 819574 Bytes 20.12.2012 16:49:00
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 06.11.2012 12:08:19
AEHEUR.DLL : 8.1.4.182 5706104 Bytes 25.01.2013 11:48:27
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 14:48:25
AEGEN.DLL : 8.1.6.16 434549 Bytes 25.01.2013 11:48:23
AEEXP.DLL : 8.3.0.14 188788 Bytes 25.01.2013 11:48:27
AEEMU.DLL : 8.1.3.2 393587 Bytes 15.07.2012 14:02:47
AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 14:45:42
AEBB.DLL : 8.1.1.4 53619 Bytes 06.11.2012 12:08:16
AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21
AVPREF.DLL : 12.3.0.32 50720 Bytes 14.11.2012 13:15:53
AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35
AVARKT.DLL : 12.3.0.33 209696 Bytes 14.11.2012 13:15:53
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 09.08.2012 20:24:25
NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 09.08.2012 20:22:55
RCTEXT.DLL : 12.3.0.32 98848 Bytes 14.11.2012 13:15:52
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Manuelle Auswahl
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Dienstag, 29. Januar 2013 11:51
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_146.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_146.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spotify.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KBFiltr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsScrPro.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpotifyWebHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sensorsrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hcdll2_ex_Win32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2507' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <OS>
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\3a8c48cf-24e53eea
[0] Archivtyp: ZIP
--> ewjvaiwebvhtuai124a.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-0422
--> test.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.QK
Beginne mit der Suche in 'D:\' <DATA>
Beginne mit der Desinfektion:
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\3a8c48cf-24e53eea
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.QK
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54f7158c.qua' verschoben!
Ende des Suchlaufs: Dienstag, 29. Januar 2013 13:02
Benötigte Zeit: 1:09:50 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
39970 Verzeichnisse wurden überprüft
1060698 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1060696 Dateien ohne Befall
7879 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Malwarebytes: Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Datenbank Version: v2013.01.29.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]
29.01.2013 14:42:34
mbam-log-2013-01-29 (14-42-34).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 441974
Laufzeit: 1 Stunde(n), 13 Minute(n), 32 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
Ich hoffe, dass ihr mir bei diesem Problem helfen könnt.
Lieben Gruss |
AdwCleaner auf deinen Desktop.