| |
| |||||||
Log-Analyse und Auswertung: Windows startet-Desktop und Taskleiste leerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
| |
03.11.2013, 14:15
| #1 |
 |  Windows startet-Desktop und Taskleiste leer Hallo, seit heute Morgen kann ich zwar meinen Rechner normal starten (Windows xp), aber nach Sekunden verschwinden alle Desktopsymbole und die Taskleiste und es ist nur ein schwarzer Bildschirm zu sehen. Über den abgesicherten Modus habe ich in eurem Forum einiges dazu gelesen und habe auch einige Logs (FRST.txt mit Additions.txt, Gmer.txt, Defogger hat bei mir nicht funktioniert oder ich habe einen Fehler gemacht, aber ich habe keinen Text erhalten) - wie von euch beschrieben - fertiggestellt. Die sende ich euch nun zu und bitte euch um Vorschläge zur weiteren Vorgehensweise. Vielen Dank! MKK Addition-Editor: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by MK at 2013-11-03 11:24:40
Running from C:\Users\MK\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 10 ActiveX (Version: 10.0.12.36)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.1) - Deutsch (Version: 10.1.1)
Amazon Kindle
Ask Toolbar (Version: 1.15.26.0)
Atheros Client Installation Program (Version: 7.0)
ATI Catalyst Install Manager (Version: 3.0.710.0)
Avira Free Antivirus (Version: 13.0.0.4052)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.3.0.23930)
Babylon toolbar on IE
calibre (Version: 1.4.0)
Cambridge Advanced Learner's Dictionary - 3rd Edition
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0127.2137.38780)
Catalyst Control Center Graphics Full Existing (Version: 2009.0127.2137.38780)
Catalyst Control Center Graphics Full New (Version: 2009.0127.2137.38780)
Catalyst Control Center Graphics Light (Version: 2009.0127.2137.38780)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0127.2137.38780)
Catalyst Control Center InstallProxy (Version: 2009.0127.2137.38780)
Catalyst Control Center Localization All (Version: 2009.0127.2137.38780)
CCC Help English (Version: 2009.0127.2136.38780)
CCC Help German (Version: 2009.0127.2136.38780)
ccc-core-static (Version: 2009.0127.2137.38780)
ccc-utility (Version: 2009.0127.2137.38780)
CharisSIL 4.102
Cisco EAP-FAST Module (Version: 2.2.9)
Cisco LEAP Module (Version: 1.0.15)
Cisco PEAP Module (Version: 1.1.2)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Deutsch (DMG) (Version: 1.0.3.40)
Deutsch mit arabischer Umschrift (Version: 1.0.3.40)
doPDF 7.3 printer
Drv (Version: 1.00.0000)
ESET Online Scanner v3
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
FilesFrog Update Checker
Free Studio version 5.9.0.1212 (Version: 5.9.0.1212)
Free YouTube Download version 3.1.27.508 (Version: 3.1.27.508)
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi-Software (Version: 12.01.2000)
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
Juniper Networks Setup Client (HKCU Version: 2.1.3.6931)
Juniper Networks Setup Client Activex Control (Version: 2.1.1.1)
jZip (HKCU Version: 2.0.0.129502)
LyricsContainer
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.130.8)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 14.0.1 (x86 de) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
One Touch Video Capture
OpenOffice.org 3.3 (Version: 3.3.9567)
pdfsam (HKCU Version: 2.2.0)
PDF-Viewer (Version: 2.5.211.0)
Plus-HD-1.6 (Version: 1.28.153.1)
PX Profile Update (Version: 1.00.1.)
Realtek High Definition Audio Driver (Version: 6.0.1.5807)
Search Protect (Version: 2.7.23.2)
Skins (Version: 2009.0127.2137.38780)
Skype Click to Call (Version: 6.3.11079)
Skype™ 5.10 (Version: 5.10.116)
Snap.Do (Version: 1.138.1.12259)
Snap.Do Engine (HKCU Version: 1.138.1.12259)
Stickies 7.1c
SuperLyrics-16 (Version: 1.29.153.3)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.1.11 (Version: 1.1.11)
Wsys Control 10.2.1.2652 (Version: 10.2.1.2652)
==================== Restore Points =========================
13-08-2013 05:32:39 Geplanter Prüfpunkt
13-08-2013 22:00:06 Geplanter Prüfpunkt
15-08-2013 01:00:15 Windows Update
15-08-2013 18:58:44 Geplanter Prüfpunkt
17-08-2013 06:50:40 Geplanter Prüfpunkt
17-08-2013 22:45:57 Geplanter Prüfpunkt
21-08-2013 19:53:52 Geplanter Prüfpunkt
27-08-2013 17:24:36 Geplanter Prüfpunkt
30-08-2013 23:43:16 Geplanter Prüfpunkt
11-09-2013 14:54:50 Geplanter Prüfpunkt
12-09-2013 01:00:41 Windows Update
12-09-2013 19:54:25 Geplanter Prüfpunkt
13-09-2013 01:01:29 Windows Update
14-09-2013 01:00:39 Windows Update
14-09-2013 17:14:15 Geplanter Prüfpunkt
15-09-2013 13:04:41 Geplanter Prüfpunkt
21-09-2013 12:41:30 Installed calibre
09-10-2013 01:00:22 Windows Update
15-10-2013 15:43:05 Installed Java 7 Update 40
01-11-2013 13:06:23 Uniblue SpeedUpMyPC installation
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2C6E2720-DF4F-414B-B9DC-F6592C230DC6} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-04-30] ()
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3D45E56C-59BE-400C-B542-1217D2CE1786} - System32\Tasks\EPUpdater => C:\Users\MK\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {55F12012-4D70-476B-879F-44EC9865C343} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1937972985-2424620537-2430839184-1000UA => C:\Users\MK\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {7B13D1A2-641C-4498-BC37-B9021D4342F4} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06] (Adobe Systems Incorporated)
Task: {7D1E912D-88A9-4E63-A367-1819ADC7B26B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1937972985-2424620537-2430839184-1000Core => C:\Users\MK\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\System32\pla.dll [2008-01-21] (Microsoft Corporation)
Task: {C02A64F3-436A-471C-B946-B36C404A470D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-01] (Adobe Systems Incorporated)
Task: {C40DD17B-0A8E-4FB1-BA5C-7C8A947CA4C4} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FFF00779-FB60-40C4-97C6-961A2271127D} - System32\Tasks\LyricsContainer Update => C:\Program Files\LyricsContainer\LrcsCtrUpdr.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Desk 365 RunAsStdUser.job => C:\Program Files\Desk 365\desk365.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1937972985-2424620537-2430839184-1000Core.job => C:\Users\MK\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1937972985-2424620537-2430839184-1000UA.job => C:\Users\MK\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\LyricsContainer Update.job => C:\Program Files\LyricsContainer\LrcsCtrUpdr.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-firefoxinstaller.job => C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-firefoxinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-updater.exe
Task: C:\Windows\Tasks\SomotoUpdateCheckerAutoStart.job => C:\Users\MK\AppData\Local\FilesFrog Update Checker\update_checker.exe
Task: C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job => C:\Program Files\SuperLyrics-16\SuperLyrics-16-chromeinstaller.exe
Task: C:\Windows\Tasks\SuperLyrics-16-codedownloader.job => C:\Program Files\SuperLyrics-16\SuperLyrics-16-codedownloader.exe
Task: C:\Windows\Tasks\SuperLyrics-16-enabler.job => C:\Program Files\SuperLyrics-16\SuperLyrics-16-enabler.exe
Task: C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job => C:\Program Files\SuperLyrics-16\SuperLyrics-16-firefoxinstaller.exe
Task: C:\Windows\Tasks\SuperLyrics-16-updater.job => C:\Program Files\SuperLyrics-16\SuperLyrics-16-updater.exe
==================== Loaded Modules (whitelisted) =============
2011-10-13 09:30 - 2012-07-21 14:03 - 02003424 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-11-01 14:40 - 2013-11-01 14:40 - 16233864 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\51817044.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\51817044.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/03/2013 10:59:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/03/2013 10:58:04 AM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (11/03/2013 10:14:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/03/2013 10:13:43 AM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (11/03/2013 09:48:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/03/2013 09:47:34 AM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (11/03/2013 08:15:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/03/2013 08:14:37 AM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (11/03/2013 08:11:00 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/03/2013 08:09:56 AM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-11-03 11:24:05.442
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-03 11:24:05.352
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-03 11:24:05.272
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-03 11:24:05.192
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-03 11:24:05.102
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-03 11:24:05.022
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-03 11:24:04.932
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-03 11:24:04.852
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-03 10:59:35.969
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-03 10:59:35.906
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 3065.89 MB
Available physical RAM: 1621.14 MB
Total Pagefile: 6334.08 MB
Available Pagefile: 5068.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1929.2 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:455.99 GB) (Free:284.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: CEB6AECE)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=456 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013 Ran by MK (administrator) on MK-PC on 03-11-2013 11:23:54 Running from C:\Users\MK\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 7 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\helppane.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe () C:\Users\MK\Downloads\Defogger.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-01-27] (Advanced Micro Devices, Inc.) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6957600 2009-03-10] (Realtek Semiconductor) HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-03-10] (Realtek Semiconductor Corp.) HKLM\...\Run: [] - [x] HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1568976 2012-06-20] (Ask) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-09] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Runonce: [C8BEFC37-7C8C-4E53-85A5-8A848B83A666] - cmd.exe /C start /D "C:\Users\MK\AppData\Local\Temp" /B C8BEFC37-7C8C-4E53-85A5-8A848B83A666.exe -postboot HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [Facebook Update] - C:\Users\MK\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.) HKCU\...\Run: [Ikivq] - C:\Users\MK\AppData\Roaming\Unocuh\roko.exe [236544 2012-10-09] (ASUSTeK COMPUTER INC.) HKCU\...\Run: [IExplorer Util] - C:\Users\MK\AppData\Roaming\ie_util.exe HKCU\...\Run: [WindowsHost] - C:\Users\MK\AppData\Roaming\WinHost\svchost.exe HKCU\...\Run: [Avugepn] - C:\Users\MK\AppData\Roaming\Omlye\hezeo.exe [269824 2012-08-05] (ASUSTeK COMPUTER INC.) HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation) HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\MK\AppData\Local\Smartbar\Application\SnapDo.exe [21024 2013-09-02] (Smartbar) MountPoints2: {7981af02-1730-11e1-8eb8-001f16b56233} - F:\Setup.exe HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter AppInit_DLLs: [ ] () Startup: C:\Users\MK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\MK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk ShortcutTarget: Stickies.lnk -> C:\Program Files\Stickies\stickies.exe (Zhorn Software) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=a71a7159-439d-0589-0806-958859aaf594&searchtype=ds&q={searchTerms}&installDate=01/11/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=a71a7159-439d-0589-0806-958859aaf594&searchtype=hp&installDate=01/11/2013 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=a71a7159-439d-0589-0806-958859aaf594&searchtype=ds&q={searchTerms}&installDate=01/11/2013 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=a71a7159-439d-0589-0806-958859aaf594&searchtype=ds&q={searchTerms}&installDate=01/11/2013 SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=a71a7159-439d-0589-0806-958859aaf594&searchtype=ds&q={searchTerms}&installDate=01/11/2013 SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms} SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=a71a7159-439d-0589-0806-958859aaf594&searchtype=ds&q={searchTerms}&installDate=01/11/2013 SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=a71a7159-439d-0589-0806-958859aaf594&searchtype=ds&q={searchTerms}&installDate=01/11/2013 SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=4C1F001F16B56233&affID=119557&tsp=4978 SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=bd4bccf4-2ea2-4aab-9501-23e8dace5a42&apn_sauid=EC02CC3D-94FF-4A34-B916-F675F8DDAAF4 SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Plus-HD-1.6 - {11111111-1111-1111-1111-110311201102} - C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-bho.dll (Plus HD) BHO: SuperLyrics-16 - {11111111-1111-1111-1111-110411411162} - C:\Program Files\SuperLyrics-16\SuperLyrics-16-bho.dll (VandV-Expoltech) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll No File BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) BHO: MinibarBHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files\Minibar\Minibar.dll (KangoExtensions) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll No File Toolbar: HKLM - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) Toolbar: HKCU - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 33 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194 FireFox: ======== FF ProfilePath: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\vjh2equ8.default FF user.js: detected! => C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\vjh2equ8.default\user.js FF NewTab: hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=4C1F001F16B56233&affID=119557&tsp=4978 FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\MK\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\vjh2equ8.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\vjh2equ8.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\vjh2equ8.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\vjh2equ8.default\searchplugins\cafeuni.xml FF SearchPlugin: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\vjh2equ8.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\vjh2equ8.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\vjh2equ8.default\searchplugins\holasearch.xml FF SearchPlugin: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\vjh2equ8.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\vjh2equ8.default\searchplugins\Search_Results.xml FF SearchPlugin: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\vjh2equ8.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: SuperLyrics-16 - C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\vjh2equ8.default\Extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com FF Extension: Plus-HD-1.6 - C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\vjh2equ8.default\Extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com FF Extension: Filesfrog Update Checker - C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\vjh2equ8.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} FF Extension: toolbar - C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\vjh2equ8.default\Extensions\toolbar@web.de.xpi FF Extension: No Name - C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\vjh2equ8.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] - C:\Users\MK\AppData\Roaming\14001.012 FF Extension: Java Link Helper - C:\Users\MK\AppData\Roaming\14001.012 FF HKCU\...\Firefox\Extensions: [Lyrics@LyricsContainer.co] - C:\Program Files\LyricsContainer\128.xpi FF Extension: No Name - C:\Program Files\LyricsContainer\128.xpi ========================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-09] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-09] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-09] (Avira Operations GmbH & Co. KG) S2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [1753376 2013-10-18] (Conduit) S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.) S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.) S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [1706136 2013-10-31] (Wsys Co., Ltd.) S2 desksvc; C:\Program Files\Desk 365\deskSvc.exe [x] S2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [x] S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [x] ==================== Drivers (Whitelisted) ==================== S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-09] (Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-09] (Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-08-06] (Avira Operations GmbH & Co. KG) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [153952 2009-02-20] (Realtek Semiconductor Corp.) S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-06] (Avira GmbH) S3 U6000ALL; C:\Windows\System32\DRIVERS\U6000ALL.sys [230784 2007-07-13] () S0 51817044; system32\drivers\82296768.sys [x] S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S4 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S2 SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-03 11:23 - 2013-11-03 11:23 - 01089445 _____ (Farbar) C:\Users\MK\Downloads\FRST.exe 2013-11-03 11:23 - 2013-11-03 11:23 - 00000000 ____D C:\FRST 2013-11-03 11:21 - 2013-11-03 11:21 - 00000000 _____ C:\Users\MK\defogger_reenable 2013-11-03 11:20 - 2013-11-03 11:20 - 00050477 _____ C:\Users\MK\Downloads\Defogger.exe 2013-11-03 10:52 - 2013-11-03 10:52 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-11-03 10:52 - 2013-11-03 10:52 - 00000000 ____D C:\Users\MK\AppData\Roaming\Malwarebytes 2013-11-03 10:52 - 2013-11-03 10:52 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-03 10:52 - 2013-11-03 10:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-11-03 10:52 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-11-03 10:50 - 2013-11-03 10:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\MK\Downloads\mbam-setup-1.75.0.1300.exe 2013-11-03 10:24 - 2013-11-03 10:24 - 00000000 ____D C:\Program Files\ESET 2013-11-03 10:23 - 2013-11-03 10:24 - 02347384 _____ (ESET) C:\Users\MK\Downloads\esetsmartinstaller_enu.exe 2013-11-03 10:10 - 2013-11-03 10:10 - 00000000 ____D C:\TDSSKiller_Quarantine 2013-11-03 10:07 - 2013-11-03 10:08 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\MK\Downloads\tdsskiller.exe 2013-11-02 18:29 - 2013-11-02 18:29 - 104684788 _____ C:\Windows\system32\③縕ᰤŽ 2013-11-01 19:11 - 2013-11-01 19:12 - 00000000 ____D C:\Users\MK\AppData\Local\SuperLyrics-16 2013-11-01 16:27 - 2013-11-01 16:27 - 00335088 _____ C:\Users\MK\Downloads\Java7(2).exe 2013-11-01 14:06 - 2013-11-01 14:09 - 00000000 ____D C:\Users\MK\AppData\Local\Smartbar 2013-11-01 14:06 - 2013-11-01 14:06 - 00001334 _____ C:\Windows\Tasks\SuperLyrics-16-updater.job 2013-11-01 14:06 - 2013-11-01 14:06 - 00001240 _____ C:\Windows\Tasks\SuperLyrics-16-codedownloader.job 2013-11-01 14:06 - 2013-11-01 14:06 - 00001140 _____ C:\Windows\Tasks\SuperLyrics-16-enabler.job 2013-11-01 14:05 - 2013-11-01 14:06 - 00000000 ____D C:\Users\MK\AppData\Local\Minibar 2013-11-01 14:05 - 2013-11-01 14:05 - 00001866 _____ C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job 2013-11-01 14:05 - 2013-11-01 14:05 - 00000000 ____D C:\Program Files\Minibar 2013-11-01 14:04 - 2013-11-01 14:06 - 00000000 ____D C:\Program Files\SuperLyrics-16 2013-11-01 14:04 - 2013-11-01 14:04 - 00001942 _____ C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job 2013-11-01 14:04 - 2013-11-01 14:04 - 00000318 _____ C:\Windows\Tasks\SomotoUpdateCheckerAutoStart.job 2013-11-01 14:04 - 2013-11-01 14:04 - 00000000 ____D C:\Users\MK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker 2013-11-01 14:04 - 2013-11-01 14:04 - 00000000 ____D C:\Users\MK\AppData\Local\FilesFrog Update Checker 2013-11-01 14:02 - 2013-11-01 14:02 - 00318824 _____ C:\Users\MK\Downloads\Java7.exe 2013-11-01 14:02 - 2013-11-01 14:02 - 00318824 _____ C:\Users\MK\Downloads\Java7(1).exe 2013-11-01 13:47 - 2013-11-01 13:47 - 00915368 _____ (Oracle Corporation) C:\Users\MK\Downloads\jxpiinstall(5).exe 2013-11-01 13:36 - 2013-11-01 13:36 - 00915368 _____ (Oracle Corporation) C:\Users\MK\Downloads\jxpiinstall(4).exe 2013-11-01 13:35 - 2013-11-01 13:35 - 00915368 _____ (Oracle Corporation) C:\Users\MK\Downloads\jxpiinstall(3).exe 2013-10-31 12:46 - 2013-10-31 12:46 - 00000000 ____D C:\Program Files\Common Files\337 2013-10-31 12:45 - 2013-11-01 19:09 - 00000000 ____D C:\Program Files\MyPC Backup 2013-10-31 12:45 - 2013-10-31 12:45 - 00000232 _____ C:\Windows\Tasks\Desk 365 RunAsStdUser.job 2013-10-31 12:44 - 2013-11-03 10:55 - 00000000 ____D C:\ProgramData\eSafe 2013-10-31 12:44 - 2013-11-01 19:15 - 00000000 ____D C:\Program Files\Optimizer Pro 2013-10-31 12:44 - 2013-11-01 19:08 - 00000000 ____D C:\Program Files\Desk 365 2013-10-31 12:44 - 2013-11-01 14:29 - 00000000 ____D C:\Users\MK\AppData\Roaming\Desk 365 2013-10-31 12:44 - 2013-10-31 12:44 - 00000000 ____D C:\Users\MK\Documents\Optimizer Pro 2013-10-31 12:43 - 2013-10-31 12:43 - 00000000 ____D C:\Users\MK\AppData\Roaming\DealPly 2013-10-31 12:43 - 2013-10-31 12:43 - 00000000 ____D C:\Users\MK\AppData\Local\Google 2013-10-31 12:41 - 2013-10-31 12:44 - 00000000 _____ C:\END 2013-10-31 12:41 - 2013-10-31 12:43 - 00000000 ____D C:\Users\MK\AppData\Local\SearchProtect 2013-10-31 12:41 - 2013-10-31 12:43 - 00000000 ____D C:\Program Files\SearchProtect 2013-10-31 12:37 - 2013-10-31 12:37 - 00335088 _____ C:\Users\MK\Downloads\Java.exe 2013-10-27 16:22 - 2013-10-27 16:22 - 103334033 _____ C:\Windows\system32\犳᭄* 2013-10-20 20:33 - 2013-10-20 20:33 - 00001919 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-10-15 17:56 - 2013-10-15 17:56 - 101148298 _____ C:\Windows\system32\몘鮹᭄“ 2013-10-15 16:46 - 2013-10-15 16:46 - 00000000 ____D C:\ProgramData\Oracle 2013-10-15 16:46 - 2013-10-15 16:46 - 00000000 ____D C:\Program Files\Common Files\Java 2013-10-15 16:46 - 2013-10-15 16:45 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-10-15 16:45 - 2013-10-15 16:45 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-10-15 16:45 - 2013-10-15 16:45 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-10-15 16:45 - 2013-10-15 16:45 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-10-15 16:45 - 2013-10-15 16:45 - 00000000 ____D C:\Program Files\Java 2013-10-15 16:41 - 2013-10-15 16:41 - 00913832 _____ (Oracle Corporation) C:\Users\MK\Downloads\jxpiinstall(2).exe 2013-10-06 15:14 - 2013-10-06 15:17 - 00000000 ____D C:\Users\MK\Desktop\Islam. Lit 2013-10-05 10:41 - 2013-10-05 10:41 - 00000000 ____D C:\ProgramData\䇈ƽ㹸ƽÄƽ㋘ƽ8520-1533-40C5-AD09-953C574F14BCÄƽ㞨ƽ 2013-10-04 22:03 - 2013-10-04 22:03 - 00000000 ____D C:\Users\MK\AppData\Local\BeamriseUninstall 2013-10-04 22:02 - 2013-10-04 22:02 - 00001272 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job 2013-10-04 22:02 - 2013-10-04 22:02 - 00001176 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job 2013-10-04 22:02 - 2013-10-04 22:02 - 00001076 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job 2013-10-04 22:01 - 2013-10-04 22:02 - 00000000 ____D C:\Program Files\Plus-HD-1.6 2013-10-04 22:01 - 2013-10-04 22:01 - 00001796 _____ C:\Windows\Tasks\Plus-HD-1.6-firefoxinstaller.job 2013-10-04 22:00 - 2013-10-04 22:00 - 00168760 _____ (Firseria ) C:\Users\MK\Downloads\FLV_Media_Player(1).exe ==================== One Month Modified Files and Folders ======= 2013-11-03 11:23 - 2013-11-03 11:23 - 01089445 _____ (Farbar) C:\Users\MK\Downloads\FRST.exe 2013-11-03 11:23 - 2013-11-03 11:23 - 00000000 ____D C:\FRST 2013-11-03 11:21 - 2013-11-03 11:21 - 00000000 _____ C:\Users\MK\defogger_reenable 2013-11-03 11:21 - 2011-10-13 09:30 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-03 11:21 - 2011-09-30 15:44 - 00000000 ____D C:\Users\MK 2013-11-03 11:20 - 2013-11-03 11:20 - 00050477 _____ C:\Users\MK\Downloads\Defogger.exe 2013-11-03 11:03 - 2008-01-21 08:16 - 01445310 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-03 10:55 - 2013-10-31 12:44 - 00000000 ____D C:\ProgramData\eSafe 2013-11-03 10:55 - 2006-11-02 13:47 - 00004192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-03 10:55 - 2006-11-02 13:47 - 00004192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-03 10:52 - 2013-11-03 10:52 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-11-03 10:52 - 2013-11-03 10:52 - 00000000 ____D C:\Users\MK\AppData\Roaming\Malwarebytes 2013-11-03 10:52 - 2013-11-03 10:52 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-03 10:52 - 2013-11-03 10:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-11-03 10:51 - 2013-11-03 10:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\MK\Downloads\mbam-setup-1.75.0.1300.exe 2013-11-03 10:44 - 2011-09-30 15:44 - 00001356 _____ C:\Users\MK\AppData\Local\d3d9caps.dat 2013-11-03 10:24 - 2013-11-03 10:24 - 00000000 ____D C:\Program Files\ESET 2013-11-03 10:24 - 2013-11-03 10:23 - 02347384 _____ (ESET) C:\Users\MK\Downloads\esetsmartinstaller_enu.exe 2013-11-03 10:10 - 2013-11-03 10:10 - 00000000 ____D C:\TDSSKiller_Quarantine 2013-11-03 10:08 - 2013-11-03 10:07 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\MK\Downloads\tdsskiller.exe 2013-11-03 03:57 - 2008-01-21 02:35 - 01676169 _____ C:\Windows\WindowsUpdate.log 2013-11-02 18:29 - 2013-11-02 18:29 - 104684788 _____ C:\Windows\system32\③縕ᰤŽ 2013-11-01 20:12 - 2012-08-08 13:05 - 00000000 ____D C:\Users\MK\AppData\Roaming\Skype 2013-11-01 19:45 - 2011-10-06 10:39 - 00032768 _____ C:\Users\MK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-11-01 19:40 - 2012-10-31 10:41 - 00000000 ____D C:\Users\MK\AppData\Roaming\stickies 2013-11-01 19:40 - 2008-01-21 03:47 - 00199842 _____ C:\Windows\PFRO.log 2013-11-01 19:15 - 2013-10-31 12:44 - 00000000 ____D C:\Program Files\Optimizer Pro 2013-11-01 19:14 - 2011-12-13 09:27 - 00000000 ____D C:\Users\MK\AppData\Roaming\vlc 2013-11-01 19:12 - 2013-11-01 19:11 - 00000000 ____D C:\Users\MK\AppData\Local\SuperLyrics-16 2013-11-01 19:09 - 2013-10-31 12:45 - 00000000 ____D C:\Program Files\MyPC Backup 2013-11-01 19:08 - 2013-10-31 12:44 - 00000000 ____D C:\Program Files\Desk 365 2013-11-01 16:27 - 2013-11-01 16:27 - 00335088 _____ C:\Users\MK\Downloads\Java7(2).exe 2013-11-01 14:42 - 2013-08-18 10:01 - 00000000 ____D C:\Program Files\LyricsContainer 2013-11-01 14:40 - 2012-05-02 20:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-11-01 14:40 - 2012-05-02 20:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-01 14:40 - 2011-10-13 20:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-11-01 14:29 - 2013-10-31 12:44 - 00000000 ____D C:\Users\MK\AppData\Roaming\Desk 365 2013-11-01 14:09 - 2013-11-01 14:06 - 00000000 ____D C:\Users\MK\AppData\Local\Smartbar 2013-11-01 14:06 - 2013-11-01 14:06 - 00001334 _____ C:\Windows\Tasks\SuperLyrics-16-updater.job 2013-11-01 14:06 - 2013-11-01 14:06 - 00001240 _____ C:\Windows\Tasks\SuperLyrics-16-codedownloader.job 2013-11-01 14:06 - 2013-11-01 14:06 - 00001140 _____ C:\Windows\Tasks\SuperLyrics-16-enabler.job 2013-11-01 14:06 - 2013-11-01 14:05 - 00000000 ____D C:\Users\MK\AppData\Local\Minibar 2013-11-01 14:06 - 2013-11-01 14:04 - 00000000 ____D C:\Program Files\SuperLyrics-16 2013-11-01 14:05 - 2013-11-01 14:05 - 00001866 _____ C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job 2013-11-01 14:05 - 2013-11-01 14:05 - 00000000 ____D C:\Program Files\Minibar 2013-11-01 14:04 - 2013-11-01 14:04 - 00001942 _____ C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job 2013-11-01 14:04 - 2013-11-01 14:04 - 00000318 _____ C:\Windows\Tasks\SomotoUpdateCheckerAutoStart.job 2013-11-01 14:04 - 2013-11-01 14:04 - 00000000 ____D C:\Users\MK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker 2013-11-01 14:04 - 2013-11-01 14:04 - 00000000 ____D C:\Users\MK\AppData\Local\FilesFrog Update Checker 2013-11-01 14:02 - 2013-11-01 14:02 - 00318824 _____ C:\Users\MK\Downloads\Java7.exe 2013-11-01 14:02 - 2013-11-01 14:02 - 00318824 _____ C:\Users\MK\Downloads\Java7(1).exe 2013-11-01 13:47 - 2013-11-01 13:47 - 00915368 _____ (Oracle Corporation) C:\Users\MK\Downloads\jxpiinstall(5).exe 2013-11-01 13:36 - 2013-11-01 13:36 - 00915368 _____ (Oracle Corporation) C:\Users\MK\Downloads\jxpiinstall(4).exe 2013-11-01 13:35 - 2013-11-01 13:35 - 00915368 _____ (Oracle Corporation) C:\Users\MK\Downloads\jxpiinstall(3).exe 2013-10-31 12:46 - 2013-10-31 12:46 - 00000000 ____D C:\Program Files\Common Files\337 2013-10-31 12:45 - 2013-10-31 12:45 - 00000232 _____ C:\Windows\Tasks\Desk 365 RunAsStdUser.job 2013-10-31 12:44 - 2013-10-31 12:44 - 00000000 ____D C:\Users\MK\Documents\Optimizer Pro 2013-10-31 12:44 - 2013-10-31 12:41 - 00000000 _____ C:\END 2013-10-31 12:43 - 2013-10-31 12:43 - 00000000 ____D C:\Users\MK\AppData\Roaming\DealPly 2013-10-31 12:43 - 2013-10-31 12:43 - 00000000 ____D C:\Users\MK\AppData\Local\Google 2013-10-31 12:43 - 2013-10-31 12:41 - 00000000 ____D C:\Users\MK\AppData\Local\SearchProtect 2013-10-31 12:43 - 2013-10-31 12:41 - 00000000 ____D C:\Program Files\SearchProtect 2013-10-31 12:37 - 2013-10-31 12:37 - 00335088 _____ C:\Users\MK\Downloads\Java.exe 2013-10-30 20:23 - 2012-01-04 09:58 - 00000000 ____D C:\Users\MK\Desktop\Gesundheit 2013-10-27 16:22 - 2013-10-27 16:22 - 103334033 _____ C:\Windows\system32\犳᭄* 2013-10-20 21:36 - 2011-10-26 19:15 - 00000000 ____D C:\Users\MK\Desktop\Offizielles 2013-10-20 20:33 - 2013-10-20 20:33 - 00001919 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-10-20 20:33 - 2011-10-13 20:16 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-10-15 17:56 - 2013-10-15 17:56 - 101148298 _____ C:\Windows\system32\몘鮹᭄“ 2013-10-15 16:46 - 2013-10-15 16:46 - 00000000 ____D C:\ProgramData\Oracle 2013-10-15 16:46 - 2013-10-15 16:46 - 00000000 ____D C:\Program Files\Common Files\Java 2013-10-15 16:45 - 2013-10-15 16:46 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-10-15 16:45 - 2013-10-15 16:45 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-10-15 16:45 - 2013-10-15 16:45 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-10-15 16:45 - 2013-10-15 16:45 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-10-15 16:45 - 2013-10-15 16:45 - 00000000 ____D C:\Program Files\Java 2013-10-15 16:45 - 2013-03-25 22:33 - 00868264 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-10-15 16:45 - 2011-10-14 05:09 - 00790440 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-10-15 16:41 - 2013-10-15 16:41 - 00913832 _____ (Oracle Corporation) C:\Users\MK\Downloads\jxpiinstall(2).exe 2013-10-09 02:05 - 2013-04-24 10:27 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-06 15:20 - 2012-08-09 00:12 - 00000000 ____D C:\Users\MK\Desktop\Uni OS 2013-10-06 15:17 - 2013-10-06 15:14 - 00000000 ____D C:\Users\MK\Desktop\Islam. Lit 2013-10-06 15:09 - 2012-04-27 18:41 - 00000000 ____D C:\Users\MK\Desktop\Sufismus 2013-10-05 10:41 - 2013-10-05 10:41 - 00000000 ____D C:\ProgramData\䇈ƽ㹸ƽÄƽ㋘ƽ8520-1533-40C5-AD09-953C574F14BCÄƽ㞨ƽ 2013-10-04 22:03 - 2013-10-04 22:03 - 00000000 ____D C:\Users\MK\AppData\Local\BeamriseUninstall 2013-10-04 22:02 - 2013-10-04 22:02 - 00001272 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job 2013-10-04 22:02 - 2013-10-04 22:02 - 00001176 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job 2013-10-04 22:02 - 2013-10-04 22:02 - 00001076 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job 2013-10-04 22:02 - 2013-10-04 22:01 - 00000000 ____D C:\Program Files\Plus-HD-1.6 2013-10-04 22:01 - 2013-10-04 22:01 - 00001796 _____ C:\Windows\Tasks\Plus-HD-1.6-firefoxinstaller.job 2013-10-04 22:00 - 2013-10-04 22:00 - 00168760 _____ (Firseria ) C:\Users\MK\Downloads\FLV_Media_Player(1).exe Some content of TEMP: ==================== C:\Users\MK\AppData\Local\Temp\AskSLib.dll C:\Users\MK\AppData\Local\Temp\BackupSetup.exe C:\Users\MK\AppData\Local\Temp\C8BEFC37-7C8C-4E53-85A5-8A848B83A666.exe C:\Users\MK\AppData\Local\Temp\DealPlyUpdateVer.exe C:\Users\MK\AppData\Local\Temp\FilesFrog.exe C:\Users\MK\AppData\Local\Temp\IminentSetup.exe C:\Users\MK\AppData\Local\Temp\installhelper.dll C:\Users\MK\AppData\Local\Temp\Java.exe C:\Users\MK\AppData\Local\Temp\Java7.exe C:\Users\MK\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\MK\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe C:\Users\MK\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\MK\AppData\Local\Temp\NEW27CF.tmp.exe C:\Users\MK\AppData\Local\Temp\nsj1657.exe C:\Users\MK\AppData\Local\Temp\nso8254.exe C:\Users\MK\AppData\Local\Temp\nst102E.exe C:\Users\MK\AppData\Local\Temp\nsy7A67.exe C:\Users\MK\AppData\Local\Temp\RtkBtMnt.exe C:\Users\MK\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\MK\AppData\Local\Temp\setup.exe C:\Users\MK\AppData\Local\Temp\setup_fsu_cid.exe C:\Users\MK\AppData\Local\Temp\SRAssetsHelper.dll C:\Users\MK\AppData\Local\Temp\uninst1.exe C:\Users\MK\AppData\Local\Temp\vcredist_x86.exe C:\Users\MK\AppData\Local\Temp\_isFDDE.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-03 11:17 ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-03 13:41:35
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC60F 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\MK\AppData\Local\Temp\pxldypoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1312] ntdll.dll!LdrLoadDll 779F79B3 5 Bytes JMP 6DC0B52A C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1312] kernel32.dll!LockResource + C 76B5813B 7 Bytes JMP 6DEBB6D2 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1312] kernel32.dll!VirtualAllocEx + 54 76B5BA7A 7 Bytes JMP 6DEBB6F5 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1312] GDI32.dll!StretchDIBits + 179 779875BB 7 Bytes JMP 6DEBB653 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1700] USER32.dll!GetWindowInfo 76500560 5 Bytes JMP 6DD8BACC C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1700] USER32.dll!IsZoomed + 80 76500731 7 Bytes JMP 6DFCC453 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1700] USER32.dll!AdjustWindowRectEx + 76 76501F30 7 Bytes JMP 6DFCC3E2 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1700] USER32.dll!CheckMenuRadioItem + 12E 76511412 7 Bytes JMP 6DD8C0F9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtCreateFile + 6 77A27C7E 4 Bytes [28, A0, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtCreateFile + B 77A27C83 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtCreateKey + 6 77A27CBE 4 Bytes [68, A1, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtCreateKey + B 77A27CC3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtCreateMutant + 6 77A27CEE 4 Bytes [28, A2, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtCreateMutant + B 77A27CF3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtCreateSection + 6 77A27D6E 4 Bytes [68, A2, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtCreateSection + B 77A27D73 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtMapViewOfSection + 6 77A283CE 4 Bytes [A8, A4, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtMapViewOfSection + B 77A283D3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenFile + 6 77A2845E 4 Bytes [68, A0, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenFile + B 77A28463 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenKey + 6 77A2848E 4 Bytes [A8, A1, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenKey + B 77A28493 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenMutant + 6 77A284AE 4 Bytes CALL 76A29B54
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenMutant + B 77A284B3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenProcess + 6 77A284DE 4 Bytes [28, A3, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenProcess + B 77A284E3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenProcessToken + 6 77A284EE 4 Bytes [68, A3, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenProcessToken + B 77A284F3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenProcessTokenEx + 6 77A284FE 4 Bytes [28, A4, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenProcessTokenEx + B 77A28503 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenSection + 6 77A2850E 4 Bytes [A8, A2, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenSection + B 77A28513 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenThread + 6 77A2854E 4 Bytes CALL 76A29BF5
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenThread + B 77A28553 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenThreadToken + 6 77A2855E 4 Bytes CALL 76A29C06
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenThreadToken + B 77A28563 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenThreadTokenEx + 6 77A2856E 4 Bytes [68, A4, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtOpenThreadTokenEx + B 77A28573 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtQueryAttributesFile + 6 77A285FE 4 Bytes [A8, A0, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtQueryAttributesFile + B 77A28603 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtQueryFullAttributesFile + 6 77A286AE 4 Bytes CALL 76A29D53
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtQueryFullAttributesFile + B 77A286B3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtSetInformationFile + 6 77A28B8E 4 Bytes [28, A1, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtSetInformationFile + B 77A28B93 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtSetInformationThread + 6 77A28BDE 4 Bytes [A8, A3, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtSetInformationThread + B 77A28BE3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtUnmapViewOfSection + 6 77A28E7E 4 Bytes CALL 76A2A527
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ntdll.dll!NtUnmapViewOfSection + B 77A28E83 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] kernel32.dll!CreateProcessW 76B11C01 5 Bytes JMP 001700B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] kernel32.dll!CreateProcessA 76B11C36 5 Bytes JMP 001700F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] kernel32.dll!OpenEventW 76B2C8AD 5 Bytes JMP 00170070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] kernel32.dll!CreateEventW 76B5447A 5 Bytes JMP 00170030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!GetDeviceCaps 77985AF0 5 Bytes JMP 001A03B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!DeleteObject 77985BED 5 Bytes JMP 001A01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!SelectObject 77986100 5 Bytes JMP 001A05F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!SetTextColor 77986549 5 Bytes JMP 001A0A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!SetBkMode 779865F4 5 Bytes JMP 001A08F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!DeleteDC 77986A44 5 Bytes JMP 001A0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!SetStretchBltMode 77986D78 5 Bytes JMP 001A06B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!GetCurrentObject 77986F4B 5 Bytes JMP 001A0370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!StretchDIBits 77987442 5 Bytes JMP 001A0770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!SaveDC 7798772D 5 Bytes JMP 001A0570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!RestoreDC 779877C6 5 Bytes JMP 001A0530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!ExtSelectClipRgn 779879DA 5 Bytes JMP 001A02F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!SelectClipRgn 77987AE5 5 Bytes JMP 001A05B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!Rectangle 77987D49 5 Bytes JMP 001A09B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!GetTextAlign 77988178 5 Bytes JMP 001A0D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!ExtTextOutW 779882B1 5 Bytes JMP 001A0970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!GetClipBox 77988629 5 Bytes JMP 001A0330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!SetTextAlign 779886EA 5 Bytes JMP 001A09F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!MoveToEx 7798878E 5 Bytes JMP 001A0470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!GetTextMetricsW 77989434 5 Bytes JMP 001A0E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!IntersectClipRect 77989698 5 Bytes JMP 001A03F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!SetICMMode 77989DAB 5 Bytes JMP 001A0DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!GetTextExtentPoint32W 7798A926 5 Bytes JMP 001A0670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!CreateDCA 7798AC01 5 Bytes JMP 001A00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!CreateDCW 7798ADA5 5 Bytes JMP 001A00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!CreateICW 7798ADFD 5 Bytes JMP 001A0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!GetTextFaceW 7798C1CF 5 Bytes JMP 001A0D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!GetFontData 7798C835 5 Bytes JMP 001A0C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!SetWorldTransform 7798CAB8 5 Bytes JMP 001A06F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!GetTextMetricsA 7798D65F 5 Bytes JMP 001A0DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!LineTo 7798EF82 5 Bytes JMP 001A0430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!ExtTextOutA 7798FE29 5 Bytes JMP 001A0930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!GetTextExtentPoint32A 77990B59 5 Bytes JMP 001A0630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!ExtEscape 7799208D 5 Bytes JMP 001A02B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!Escape 77992A7B 5 Bytes JMP 001A0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!ResetDCW 7799321A 5 Bytes JMP 001A0AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!SetPolyFillMode 779949EE 5 Bytes JMP 001A0B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!SetMiterLimit 77996298 5 Bytes JMP 001A0B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!EndPage 7799F173 5 Bytes JMP 001A0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!GetTextFaceA 7799F321 5 Bytes JMP 001A0CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!GetGlyphOutlineW 779AA04F 5 Bytes JMP 001A0CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!CreateScalableFontResourceW 779AC4BB 5 Bytes JMP 001A0BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!AddFontResourceW 779AC8C3 5 Bytes JMP 001A0BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!RemoveFontResourceW 779ACD59 5 Bytes JMP 001A0C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!AbortDoc 779B2A4E 5 Bytes JMP 001A0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!EndDoc 779B2E62 5 Bytes JMP 001A01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!StartPage 779B2F4D 5 Bytes JMP 001A0730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!StartDocW 779B3A31 5 Bytes JMP 001A07F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!BeginPath 779B41ED 5 Bytes JMP 001A0830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!SelectClipPath 779B4244 5 Bytes JMP 001A0AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!CloseFigure 779B429F 5 Bytes JMP 001A0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!EndPath 779B42F6 5 Bytes JMP 001A0A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!StrokePath 779B4528 5 Bytes JMP 001A07B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!FillPath 779B45B4 5 Bytes JMP 001A0870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!PolylineTo 779B4A1D 5 Bytes JMP 001A04F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!PolyBezierTo 779B4AAD 5 Bytes JMP 001A04B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] GDI32.dll!PolyDraw 779B4B5E 5 Bytes JMP 001A08B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!SetCursor 764FE563 5 Bytes JMP 001B0530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!RegisterClipboardFormatW 764FE869 5 Bytes JMP 001B02B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!MonitorFromWindow 765013F6 7 Bytes JMP 001B0630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!ActivateKeyboardLayout 76505A50 5 Bytes JMP 001B04F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!GetClientRect 765089F9 7 Bytes JMP 001B05B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!GetParent 7650918E 7 Bytes JMP 001B06F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!RegisterClipboardFormatA 7650974D 5 Bytes JMP 001B02F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!GetClipboardFormatNameA 76509AB5 5 Bytes JMP 001B0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!PostMessageW 7650A064 5 Bytes JMP 001B05F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!MapWindowPoints 7650A14F 5 Bytes JMP 001B0570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!ScreenToClient 76510C02 7 Bytes JMP 001B0670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!IsWindowVisible 76510CDC 7 Bytes JMP 001B06B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!GetOpenClipboardWindow 765126DC 5 Bytes JMP 001B03F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!SetClipboardViewer 7651BE37 5 Bytes JMP 001B04B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!IsClipboardFormatAvailable 7651C8D4 5 Bytes JMP 001B00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!CloseClipboard 7651C8E8 5 Bytes JMP 001B00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!OpenClipboard 7651C90E 5 Bytes JMP 001B0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!GetTopWindow 7651D329 7 Bytes JMP 001B0730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!GetClipboardSequenceNumber 7651E355 5 Bytes JMP 001B0330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!ChangeClipboardChain 7651E52F 5 Bytes JMP 001B0430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!GetClipboardOwner 76520A5E 5 Bytes JMP 001B0370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!CountClipboardFormats 76520E19 5 Bytes JMP 001B01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!SetClipboardData 765362F8 5 Bytes JMP 001B0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!EnumClipboardFormats 76536C7E 5 Bytes JMP 001B01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!SetCursorPos 76536F1A 5 Bytes JMP 001B0770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!GetClipboardData 765370B2 5 Bytes JMP 001B0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!GetClipboardFormatNameW 7653A93C 5 Bytes JMP 001B0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!EmptyClipboard 7655390B 5 Bytes JMP 001B0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!GetClipboardViewer 7655396D 5 Bytes JMP 001B0470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] USER32.dll!GetPriorityClipboardFormat 76553A6F 5 Bytes JMP 001B03B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] Secur32.dll!FreeContextBuffer 760D2825 5 Bytes JMP 001D00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] Secur32.dll!DeleteSecurityContext 760D2ABF 5 Bytes JMP 001D0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] Secur32.dll!FreeCredentialsHandle 760D31F5 5 Bytes JMP 001D0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] Secur32.dll!EncryptMessage 760D4BDE 5 Bytes JMP 001D01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] Secur32.dll!DecryptMessage 760D4CAB 5 Bytes JMP 001D0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] Secur32.dll!InitializeSecurityContextA 760D8233 5 Bytes JMP 001D0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] Secur32.dll!AcquireCredentialsHandleA 760D833B 5 Bytes JMP 001D0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] Secur32.dll!QueryContextAttributesA 760D8747 5 Bytes JMP 001D0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] Secur32.dll!ApplyControlToken 760DDDB2 5 Bytes JMP 001D01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] Secur32.dll!QueryCredentialsAttributesA 760DDFB5 5 Bytes JMP 001D00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ole32.dll!OleGetClipboard 778A2AC1 5 Bytes JMP 001E00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ole32.dll!OleSetClipboard 778CEC7D 5 Bytes JMP 001E0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[1768] ole32.dll!OleIsCurrentClipboard 778D8B31 5 Bytes JMP 001E0070
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Processes - GMER 2.1 ----
Process (*** hidden *** ) [4] 84540A90
---- EOF - GMER 2.1 ----
|
Baum-Darstellung