Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker
Hallo liebes Trojaner-Board-Team!
Nachdem ich gestern aus dem Winterurlaub zurück bin, erwartete mich eine böse Überraschung. Ich habe meinen USB Stick angeschlossen, der auf einmal nur Verknüpfungen angezeigt hat.
Nachdem ich mich ein bisschen informiert habe (grötenteils auf eurem Board), habe ich Malbarebytes Anti Rootkit heruntergeladen und damit einmal scannen lassen. Hierauf wurde der "Trojaner.Banker" auch gefunden, den ich dann 'eliminiert' habe. Nach einem Neustart wird mir nach nochmaligen Scannen mit Malbar nichts mehr angezeigt. Trotzdem bin ich skeptisch.
Hinzu kommt, dass ich gestern meine externe Festplatte (die nutze ich nur zur Datensicherung) angeschlossen habe, als ich noch nichts von dem Problem wusste (meine Freundin hat in meiner Abwesenheit vor einer Woche ihren Stick mit meinem Rechner benutzt, worauf das Problem mit den Verknüpfungen schon auftrag, wie sich im Nachhinein herausstellte). Sprich: Ich habe Angst, dass meine ganze Datensicherung hin ist. Ebenso habe ich gestern mit dem infizierten Stick auf meinem Laptop gearbeitet.
Ihr merkt also schon... Jackpot.
Ich habe mir einige Anleitungen und die Regeln in eurem Forum durchgelesen, die ich nun befolgen möchte:
Schritt 1:
Defogger habe ich durchlaufen lassen: keine Fehlermeldung, kein Log.
Schritt 2:
FRST Scan FRST:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by cripo (administrator) on CRIPO-PC on 21-01-2014 11:45:31
Running from C:\Users\cripo\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\cripo\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415752 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2093064 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4195848 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [ASRockXTU] - [x]
HKCU\...\Run: [zASRockInstantBoot] - [x]
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-03-10] ()
HKCU\...\Run: [Mozilla] - C:\Users\cripo\AppData\Roaming\Mozilla.vbs [9694 2013-10-06] ()
MountPoints2: {0a815ac9-0e2d-11e1-b280-806e6f6e6963} - E:\SETUP.EXE
Startup: C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla.vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD9148EB154EFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319402&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP84A12542-9F59-4511-8713-D77557C36016&q={searchTerms}&SSPV=
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
FireFox:
========
FF ProfilePath: C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\cripo\AppData\Roaming\5051
FF Extension: Java String Helper - C:\Users\cripo\AppData\Roaming\5051 [2011-11-28]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-08] ()
==================== Drivers (Whitelisted) ====================
R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-25] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-11-13] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2011-11-13] (FNet Co., Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-21 11:45 - 2014-01-21 11:45 - 00011712 _____ C:\Users\cripo\Downloads\FRST.txt
2014-01-21 11:45 - 2014-01-21 11:45 - 00000000 ____D C:\FRST
2014-01-21 11:43 - 2014-01-21 11:43 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64.exe
2014-01-21 11:42 - 2014-01-21 11:42 - 00000472 _____ C:\Users\cripo\Downloads\defogger_disable.log
2014-01-21 11:42 - 2014-01-21 11:42 - 00000000 _____ C:\Users\cripo\defogger_reenable
2014-01-21 11:41 - 2014-01-21 11:42 - 00050477 _____ C:\Users\cripo\Downloads\Defogger.exe
2014-01-21 11:10 - 2014-01-21 11:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-21 11:10 - 2014-01-21 11:27 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-21 11:10 - 2014-01-21 11:26 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-21 11:10 - 2014-01-21 11:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 11:09 - 2014-01-21 11:40 - 00000000 ____D C:\Users\cripo\Desktop\mbar
2014-01-21 11:09 - 2014-01-21 11:09 - 12582688 _____ (Malwarebytes Corp.) C:\Users\cripo\Desktop\mbar-1.07.0.1008.exe
2014-01-20 20:39 - 2014-01-20 20:50 - 338849929 _____ C:\Users\cripo\Desktop\Snow 1.mp4
2014-01-20 19:19 - 2014-01-20 20:53 - 00019674 _____ C:\Users\cripo\Documents\Snow 1.wlmp
2014-01-20 16:57 - 2014-01-20 16:57 - 00002176 _____ C:\Users\cripo\Desktop\Wirtschaft PU.lnk
2014-01-19 19:37 - 2014-01-19 19:37 - 00001536 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-01-19 19:35 - 2014-01-19 19:36 - 34083424 _____ (DVDVideoSoft Ltd. ) C:\Users\cripo\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-19 15:40 - 2014-01-19 15:44 - 00013401 _____ C:\Users\cripo\Desktop\Noten WEH1A.xlsx
2014-01-19 12:20 - 2014-01-19 12:20 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 12:20 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-19 12:20 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-19 12:20 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-19 12:20 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-16 17:50 - 2013-10-06 19:07 - 00009694 ___SH C:\Users\cripo\AppData\Roaming\Mozilla.vbs
2014-01-16 17:49 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 17:49 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 17:49 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-07 10:31 - 2014-01-07 10:31 - 00001391 _____ C:\Users\cripo\Desktop\Sport PU.lnk
2014-01-05 12:17 - 2014-01-05 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-01-21 11:45 - 2014-01-21 11:45 - 00011712 _____ C:\Users\cripo\Downloads\FRST.txt
2014-01-21 11:45 - 2014-01-21 11:45 - 00000000 ____D C:\FRST
2014-01-21 11:45 - 2013-03-10 17:39 - 00000000 ____D C:\Users\cripo\AppData\Local\PMB Files
2014-01-21 11:43 - 2014-01-21 11:43 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64.exe
2014-01-21 11:42 - 2014-01-21 11:42 - 00000472 _____ C:\Users\cripo\Downloads\defogger_disable.log
2014-01-21 11:42 - 2014-01-21 11:42 - 00000000 _____ C:\Users\cripo\defogger_reenable
2014-01-21 11:42 - 2014-01-21 11:41 - 00050477 _____ C:\Users\cripo\Downloads\Defogger.exe
2014-01-21 11:42 - 2011-11-13 20:31 - 00000000 ____D C:\Users\cripo
2014-01-21 11:40 - 2014-01-21 11:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-21 11:40 - 2014-01-21 11:09 - 00000000 ____D C:\Users\cripo\Desktop\mbar
2014-01-21 11:32 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 11:32 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 11:31 - 2012-03-29 07:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 11:29 - 2011-11-13 20:26 - 02079511 _____ C:\Windows\WindowsUpdate.log
2014-01-21 11:27 - 2014-01-21 11:10 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-21 11:26 - 2014-01-21 11:10 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-21 11:26 - 2013-06-30 12:39 - 00000000 ____D C:\Users\cripo\AppData\Local\LogMeIn Hamachi
2014-01-21 11:24 - 2011-11-13 21:18 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-21 11:24 - 2011-04-12 08:55 - 00000000 ____D C:\Windows\CSC
2014-01-21 11:24 - 2010-11-21 04:47 - 00191394 _____ C:\Windows\PFRO.log
2014-01-21 11:24 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 11:24 - 2009-07-14 05:51 - 00043216 _____ C:\Windows\setupact.log
2014-01-21 11:10 - 2014-01-21 11:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 11:09 - 2014-01-21 11:09 - 12582688 _____ (Malwarebytes Corp.) C:\Users\cripo\Desktop\mbar-1.07.0.1008.exe
2014-01-21 09:48 - 2011-04-12 08:43 - 00696832 _____ C:\Windows\system32\perfh007.dat
2014-01-21 09:48 - 2011-04-12 08:43 - 00148128 _____ C:\Windows\system32\perfc007.dat
2014-01-21 09:48 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 20:53 - 2014-01-20 19:19 - 00019674 _____ C:\Users\cripo\Documents\Snow 1.wlmp
2014-01-20 20:50 - 2014-01-20 20:39 - 338849929 _____ C:\Users\cripo\Desktop\Snow 1.mp4
2014-01-20 18:50 - 2012-10-09 17:32 - 00000000 ____D C:\Users\cripo\AppData\Local\Windows Live
2014-01-20 16:57 - 2014-01-20 16:57 - 00002176 _____ C:\Users\cripo\Desktop\Wirtschaft PU.lnk
2014-01-20 14:01 - 2011-11-15 18:24 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-20 12:49 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-19 19:37 - 2014-01-19 19:37 - 00001536 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-01-19 19:37 - 2013-03-13 18:42 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2014-01-19 19:37 - 2011-11-25 14:08 - 00000000 ____D C:\Users\cripo\AppData\Roaming\DVDVideoSoft
2014-01-19 19:36 - 2014-01-19 19:35 - 34083424 _____ (DVDVideoSoft Ltd. ) C:\Users\cripo\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-19 15:44 - 2014-01-19 15:40 - 00013401 _____ C:\Users\cripo\Desktop\Noten WEH1A.xlsx
2014-01-19 12:20 - 2014-01-19 12:20 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 12:20 - 2013-10-17 15:24 - 00000000 ____D C:\ProgramData\Oracle
2014-01-19 12:20 - 2013-06-25 06:42 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-19 12:10 - 2009-07-14 05:45 - 00418800 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 21:09 - 2011-11-13 21:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 21:08 - 2013-08-14 20:45 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 21:06 - 2011-11-13 22:57 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 17:50 - 2011-11-13 20:31 - 00000000 ___RD C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-09 19:53 - 2012-11-07 16:54 - 00000000 ___RD C:\Users\cripo\Dropbox
2014-01-09 19:51 - 2012-11-07 16:50 - 00000000 ____D C:\Users\cripo\AppData\Roaming\Dropbox
2014-01-07 13:06 - 2012-11-07 16:51 - 00000000 ____D C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-07 10:31 - 2014-01-07 10:31 - 00001391 _____ C:\Users\cripo\Desktop\Sport PU.lnk
2014-01-07 09:50 - 2013-11-09 17:29 - 00000000 ____D C:\ProgramData\Skype
2014-01-07 09:50 - 2012-02-13 21:25 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-06 18:09 - 2012-07-25 13:26 - 00000000 ____D C:\Users\cripo\AppData\Local\2K Games
2014-01-06 13:04 - 2012-05-07 16:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-05 12:17 - 2014-01-05 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
Some content of TEMP:
====================
C:\Users\cripo\AppData\Local\Temp\AskSLib.dll
C:\Users\cripo\AppData\Local\Temp\AudibleDM_iTunesSetup.exe
C:\Users\cripo\AppData\Local\Temp\avgnt.exe
C:\Users\cripo\AppData\Local\Temp\icqsetup.exe
C:\Users\cripo\AppData\Local\Temp\installerdll2257194.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2268769.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2471648.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2472319.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2476890.dll
C:\Users\cripo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\cripo\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\cripo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\cripo\AppData\Local\Temp\LMkRstPt.exe
C:\Users\cripo\AppData\Local\Temp\nsa6C76.exe
C:\Users\cripo\AppData\Local\Temp\nsl5897.exe
C:\Users\cripo\AppData\Local\Temp\nsq5A3D.exe
C:\Users\cripo\AppData\Local\Temp\nsu6766.exe
C:\Users\cripo\AppData\Local\Temp\nsv6E2C.exe
C:\Users\cripo\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\cripo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\cripo\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\cripo\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\cripo\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\cripo\AppData\Local\Temp\nvStInst.exe
C:\Users\cripo\AppData\Local\Temp\OriginLauncher2471648.exe
C:\Users\cripo\AppData\Local\Temp\rootsupd.exe
C:\Users\cripo\AppData\Local\Temp\setpointdeu.exe
C:\Users\cripo\AppData\Local\Temp\Setup.exe
C:\Users\cripo\AppData\Local\Temp\sonarinst.exe
C:\Users\cripo\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\cripo\AppData\Local\Temp\vcredist_x64.exe
C:\Users\cripo\AppData\Local\Temp\vcredist_x86.exe
C:\Users\cripo\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\cripo\AppData\Local\Temp\_is1A82.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 21:01
==================== End Of Log ============================
--- --- ---
FRST Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-01-2014
Ran by cripo at 2014-01-21 11:46:04
Running from C:\Users\cripo\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-PDF Split & Merge Version 2.0.4 (Build 112) (x32 Version: 7-PDF Split & Merge - Version 2.0.4 (Build 112) - 7-PDF, Germany - Thorsten Hodes)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (x32 Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (x32 Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (x32 Version: - )
AFPL Ghostscript Fonts (x32 Version: - )
Apple Application Support (x32 Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ASRock 3TB+ Unlocker v1.0 (Version: - ASRock Inc.)
ASRock App Charger v1.0.4 (Version: - ASRock Inc.)
ASRock eXtreme Tuner v0.1.78 (x32 Version: - )
ASRock InstantBoot v1.26 (x32 Version: - )
ASUS E-Green Uninstall (x32 Version: - )
Atom Zombie Smasher (x32 Version: - Blendo Games)
Audiograbber 1.83 SE (x32 Version: 1.83 SE - Audiograbber Deutschland)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Bastion (x32 Version: - Supergiant Games)
Battlelog Web Plugins (x32 Version: 2.1.2 - EA Digital Illusions CE AB)
BioShock (x32 Version: - 2K Boston)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (x32 Version: - Gearbox Software)
Brothers - A Tale of Two Sons (x32 Version: - Starbreeze Studios AB)
Call of Duty(R) 2 (x32 Version: 1.2 - Activision)
Call of Duty(R) 2 (x32 Version: 1.2 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Call of Duty: Black Ops II - Multiplayer (x32 Version: - )
Call of Duty: Black Ops II - Zombies (x32 Version: - )
Call of Duty: Black Ops II (x32 Version: - )
CDBurnerXP (x32 Version: 4.4.1.3184 - CDBurnerXP)
CIB pdf brewer (Version: 2.6.0049 - CIB software GmbH)
Counter-Strike (x32 Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (x32 Version: 4.47.1.0333 - Disc Soft Ltd)
Deponia (x32 Version: - Daedalic Entertainment)
Deus Ex: Human Revolution (x32 Version: - Eidos Montreal)
Diablo III (x32 Version: 1.0.3.10485 - Blizzard Entertainment)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology) Hidden
Far Cry 3 Version 1.01 (x32 Version: 1.01 - ZKY)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.17.1125 (x32 Version: 3.2.17.1125 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (x32 Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
IBM SPSS Statistics 20 (Version: 20.0.0.0 - IBM Corp)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
iTunes (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (x32 Version: 1.3 - Riot Games)
Left 4 Dead 2 (x32 Version: - Valve)
Lexmark Universal v2 Deinstallationsprogamm (Version: - Lexmark International, Inc.)
LIMBO (x32 Version: - Playdead)
Logitech GamePanel Software 3.03.133 (Version: 3.03.133 - Logitech Inc.)
Logitech SetPoint 6.32 (Version: 6.32.20 - Logitech)
LogMeIn Hamachi (x32 Version: 2.2.0.58 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.58 - LogMeIn, Inc.) Hidden
Mass Effect 2 (x32 Version: - BioWare)
Max Payne 3 (x32 Version: - Rockstar)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0 - Microsoft Corporation)
Monaco (x32 Version: - Pocketwatch Games)
MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSI Afterburner 2.1.0 (x32 Version: 2.1.0 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero BurnRights 10 (x32 Version: 4.0.11300.14.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.0.12900.2.6 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.16800.7.15 - Nero AG) Hidden
Nero CoverDesigner 10 (x32 Version: 5.0.11200.16.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero DiscSpeed 10 (x32 Version: 6.0.11400.18.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Express 10 (x32 Version: 10.0.12300.23.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero InfoTool 10 (x32 Version: 7.0.11400.15.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero MediaHub 10 (x32 Version: 1.0.14800.28.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (x32 Version: 10.0.10300 - Nero AG)
Nero StartSmart 10 (x32 Version: 10.0.12600.30.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Update (x32 Version: 1.0.0018 - Nero AG)
NVIDIA 3D Vision Controller-Treiber 314.07 (Version: 314.07 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 314.07 (Version: 314.07 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.07 (Version: 314.07 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1407 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 314.07 (Version: 314.07 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
OpenAL (x32 Version: - )
Origin (x32 Version: 9.1.3.2637 - Electronic Arts, Inc.)
Pando Media Booster (x32 Version: 2.6.0.8 - Pando Networks Inc.)
PDF Blender (x32 Version: - )
PDFCreator (x32 Version: 1.4.2 - Frank Heindörfer, Philip Chinery)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Portal 2 (x32 Version: - Valve)
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
RIFT (HKCU Version: - Trion Worlds, Inc.)
Rockstar Games Social Club (x32 Version: 1.1.0.1 - Rockstar Games)
Secure Download Manager (x32 Version: 3.1.0 - Kivuto Solutions Inc.)
SPEED-LINK DUAL SHOCK ADAPTER (x32 Version: 1.00.0000 - GASIA)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (x32 Version: - Team Meat)
TeamSpeak 3 Client (Version: 3.0.10.1 - TeamSpeak Systems GmbH)
Terraria (x32 Version: - )
The Binding of Isaac (x32 Version: - )
The Elder Scrolls V: Skyrim (x32 Version: - Bethesda Game Studios)
Torchlight II (x32 Version: - Runic Games)
TP-LINK TL-WN821N_WN822N Treiber (x32 Version: 1.2.1 - TP-LINK)
TP-LINK-Konfigurationstool (x32 Version: 1.2.1 - TP-LINK)
Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
Uninstall 1.0.0.1 (x32 Version: - )
Unreal Tournament 2003 (x32 Version: - )
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32 Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
VLC media player 1.1.11 (x32 Version: 1.1.11 - VideoLAN)
Winamp (x32 Version: 5.622 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.01 (64-Bit) (Version: 4.01.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2013 (x32 Version: 20.00.8137 - Buhl Data Service GmbH)
XFastUsb (x32 Version: - )
==================== Restore Points =========================
16-01-2014 19:42:19 Geplanter Prüfpunkt
16-01-2014 20:06:48 Windows Update
19-01-2014 11:19:38 Installed Java 7 Update 51
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {760C929A-BEE5-4F31-AD68-4C5D55A91C78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {DC8D26A1-57B6-498F-908D-8B9813D6B94A} - System32\Tasks\{EF9F7D2C-E1DE-4194-9708-190286C496C9} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-02-20] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2012-05-24 19:08 - 2012-05-15 11:48 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2011-10-07 10:39 - 2011-10-07 10:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-03-19 21:09 - 2012-03-19 21:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-03-25 13:00 - 2013-03-25 12:53 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-24 19:08 - 2012-05-15 11:48 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-05 12:17 - 2014-01-05 12:17 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/21/2014 11:26:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2014 09:46:06 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2014 01:19:51 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (01/20/2014 00:50:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/19/2014 09:23:24 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (01/19/2014 09:02:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (01/19/2014 00:11:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/16/2014 08:36:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (01/16/2014 05:46:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/10/2014 04:10:56 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (01/21/2014 11:27:19 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/21/2014 11:27:19 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/21/2014 11:27:15 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126
Error: (01/21/2014 11:21:11 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (01/21/2014 09:47:15 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/21/2014 09:47:15 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/21/2014 09:44:23 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126
Error: (01/20/2014 00:51:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/20/2014 00:51:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/20/2014 00:48:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126
Microsoft Office Sessions:
=========================
Error: (04/04/2013 03:00:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 180 seconds with 180 seconds of active time. This session ended with a crash.
Error: (04/04/2013 02:56:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1336 seconds with 720 seconds of active time. This session ended with a crash.
Error: (01/09/2013 09:46:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash.
Error: (08/03/2012 06:34:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 8104.67 MB
Available physical RAM: 6168.84 MB
Total Pagefile: 16207.52 MB
Available Pagefile: 13978.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:348.47 GB) (Free:92.02 GB) NTFS
Drive d: () (Fixed) (Total:117.19 GB) (Free:21.34 GB) NTFS
Drive e: (SKYRIM_DE) (CDROM) (Total:4.91 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: D94EC641)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=348 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=117 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Schritt 3: GMER Code:
GMER 2.1.19324 - hxxp://www.gmer.net
Rootkit scan 2014-01-21 12:23:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD502HJ rev.1AJ10001 465,76GB
Running: gmer.exe; Driver: C:\Users\cripo\AppData\Local\Temp\ugloqpoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035be000 40 bytes [89, AB, 40, 47, 00, 00, FB, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 569 fffff800035be029 24 bytes {MOV ECX, ESI; MOV [RSI+0x166], BL; CALL 0x759e7}
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 11 bytes JMP 000007fffd3d0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd9dbf00 7 bytes JMP 000007fffd3d0260
.text C:\Windows\system32\Dwm.exe[1808] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text C:\Windows\system32\Dwm.exe[1808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text C:\Windows\system32\Dwm.exe[1808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text C:\Windows\system32\Dwm.exe[1808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text C:\Windows\system32\Dwm.exe[1808] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text C:\Windows\system32\Dwm.exe[1808] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text C:\Windows\system32\Dwm.exe[1808] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef883dc88 5 bytes JMP 000007fff86300d8
.text C:\Windows\system32\Dwm.exe[1808] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef883de10 5 bytes JMP 000007fff8630110
.text C:\Windows\SysWOW64\PnkBstrA.exe[1836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072011a22 2 bytes [01, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072011ad0 2 bytes [01, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072011b08 2 bytes [01, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072011bba 2 bytes [01, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072011bda 2 bytes [01, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000763f1465 2 bytes [3F, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763f14bb 2 bytes [3F, 76]
.text ... * 2
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 11 bytes JMP 000007fffd3d0228
.text C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd9dbf00 7 bytes JMP 000007fffd3d0260
.text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768013e1 7 bytes JMP 00000001718812ad
.text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007681b1d3 5 bytes JMP 00000001718815be
.text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768988b4 7 bytes JMP 0000000171881357
.text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898939 5 bytes JMP 00000001718816e0
.text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076898c8f 5 bytes JMP 0000000171881028
.text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075061d1b 5 bytes JMP 00000001718811ef
.text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075061dc9 5 bytes JMP 0000000171881023
.text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075062aa4 5 bytes JMP 000000017188156e
.text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075062d0a 5 bytes JMP 0000000171881294
.text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f68a29 5 bytes JMP 0000000171881050
.text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f74572 5 bytes JMP 00000001718810d2
.text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fae96b 5 bytes JMP 00000001718815d7
.text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075faeba5 5 bytes JMP 00000001718811b8
.text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000171881609
.text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 0000000171881249
.text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000763f1465 2 bytes [3F, 76]
.text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763f14bb 2 bytes [3F, 76]
.text ... * 2
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 11 bytes JMP 000007fffd3d0228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd9dbf00 7 bytes JMP 000007fffd3d0260
.text C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe[3812] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe[3812] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe[3812] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe[3812] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe[3812] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe[3812] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe[3812] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 11 bytes JMP 000007fffd3d0228
.text C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe[3812] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd9dbf00 7 bytes JMP 000007fffd3d0260
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 11 bytes JMP 000007fffd3d0228
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd9dbf00 7 bytes JMP 000007fffd3d0260
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 11 bytes JMP 000007fffd3d0228
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd9dbf00 7 bytes JMP 000007fffd3d0260
.text C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 11 bytes JMP 000007fffd3d0228
.text C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd9dbf00 7 bytes JMP 000007fffd3d0260
.text C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 11 bytes JMP 000007fffd3d0228
.text C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd9dbf00 7 bytes JMP 000007fffd3d0260
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000768013e1 7 bytes JMP 00000001718812ad
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007681b1d3 5 bytes JMP 00000001718815be
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000768988b4 7 bytes JMP 0000000171881357
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076898939 5 bytes JMP 00000001718816e0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076898c8f 5 bytes JMP 0000000171881028
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075061d1b 5 bytes JMP 00000001718811ef
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075061dc9 5 bytes JMP 0000000171881023
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075062aa4 5 bytes JMP 000000017188156e
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075062d0a 5 bytes JMP 0000000171881294
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075fae96b 5 bytes JMP 00000001718815d7
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075faeba5 5 bytes JMP 00000001718811b8
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076f68a29 5 bytes JMP 0000000171881050
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076f74572 5 bytes JMP 00000001718810d2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076515ea5 5 bytes JMP 0000000171881609
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076549d0b 5 bytes JMP 0000000171881249
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
---- EOF - GMER 2.1 ----
Für Hilfe wäre ich euch sehr dankbar!
Noch zur Info:
Sonst treten keine sichtbaren Probleme an meinem Rechner auf.
Ich nutze Win 7 Professional und Avira AntiVir.
Gestern habe ich natürlich (wenn es schon dicke kommt...) einige Überweiseung via Online-Banking getätigt. Das Konto habe ich vorsichtshalber telefonisch sperren lassen.
Ich habe sehr viele wichtige Daten (v. a. Word-Dokument) (da ich auch beruflich viel an dem Rechner arbeite) auf dem Rechner. Muss ich davon ausgehen, dass diese unbrauchbar sind?
Falls möglich würde ich gerne das Formatieren der Platte umgehen.
Viele Grüße
Christian |
Lesestoff:
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
AdwCleaner auf deinen Desktop.
FRST 32-Bit | FRST 64-Bit