| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Rechner mit Mysearchdial infiziertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.01.2014, 17:47
| #1 |
 |  Windows 7 Rechner mit Mysearchdial infiziert Hallo zusammen, mein Sohn hat sich beim Versuch nen Flashplayer zu installieren mysearchdial "geholt". Ausser Avira sollte eigentlich kein Programm installiert sein... Hier die Logfiles: FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 01
Ran by Spieler (ATTENTION: The logged in user is not administrator) on MARIUS-NOTEBOOK on 13-01-2014 17:29:22
Running from C:\Users\Spieler\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761536 2013-12-27] ()
HKLM-x32\...\Runonce: [Del366633] - cmd.exe /Q /D /c del "C:\Users\Marius\AppData\Local\Temp\0.del" [x]
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3A2582D9BA0FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDzytByDyCtBtByCzz0EyEtN0D0Tzu0SyBtByEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1917518309&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDzytByDyCtBtByCzz0EyEtN0D0Tzu0SyBtByEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1917518309&ir=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDzytByDyCtBtByCzz0EyEtN0D0Tzu0SyBtByEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1917518309&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDzytByDyCtBtByCzz0EyEtN0D0Tzu0SyBtByEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1917518309&ir=
BHO-x32: Jump Flip - {6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} - C:\Program Files (x86)\Jump Flip\JumpFlipbho.dll (Jump Flip)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 Update Jump Flip; C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe [97056 2014-01-12] ()
R2 Util Jump Flip; C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe [97056 2014-01-12] ()
R2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2013-11-11] (Wajam)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-13 17:29 - 2014-01-13 17:29 - 00004671 _____ C:\Users\Spieler\Desktop\FRST.txt
2014-01-13 17:28 - 2014-01-13 17:28 - 00000474 _____ C:\Users\Spieler\Desktop\defogger_disable.log
2014-01-13 17:24 - 2014-01-13 17:24 - 00377856 _____ C:\Users\Spieler\Desktop\usrrxy47.exe
2014-01-13 17:24 - 2014-01-13 17:24 - 00050477 _____ C:\Users\Spieler\Desktop\Defogger.exe
2014-01-13 17:08 - 2014-01-13 17:08 - 00000000 ____D C:\FRST
2014-01-13 17:07 - 2014-01-13 17:07 - 02075648 _____ (Farbar) C:\Users\Spieler\Desktop\FRST64.exe
2014-01-08 20:39 - 2014-01-08 20:39 - 00000000 ____D C:\Users\Spieler\Documents\Fax
2014-01-08 20:38 - 2014-01-08 20:38 - 00000000 ____D C:\Users\Spieler\AppData\Roaming\Systweak
2014-01-08 20:36 - 2014-01-08 20:37 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2014-01-08 20:35 - 2014-01-13 16:58 - 00000278 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-01-08 20:35 - 2014-01-09 18:32 - 00000000 ____D C:\Program Files (x86)\Jump Flip
2014-01-08 20:35 - 2014-01-08 20:35 - 00000286 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-01-08 20:35 - 2014-01-08 20:35 - 00000000 ____D C:\ProgramData\Systweak
2014-01-08 20:35 - 2014-01-08 20:35 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2014-01-08 20:35 - 2014-01-08 20:35 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2014-01-08 20:35 - 2013-12-27 18:10 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-01-08 20:35 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2014-01-08 19:08 - 2014-01-13 16:58 - 00000394 _____ C:\Users\Spieler\daemonprocess.txt
2014-01-06 16:31 - 2014-01-06 16:31 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-26 17:28 - 2014-01-12 18:21 - 00000000 ____D C:\Users\Public\Documents\phase6_19_Daten
2013-12-26 17:27 - 2013-12-26 17:27 - 00001978 _____ C:\Users\Public\Desktop\phase6_19.lnk
2013-12-26 17:27 - 2013-12-26 17:27 - 00000000 ____D C:\Program Files (x86)\phase6
2013-12-24 17:31 - 2014-01-13 17:09 - 01075764 _____ C:\Windows\WindowsUpdate.log
2013-12-24 17:31 - 2013-12-24 17:31 - 00001355 _____ C:\Windows\TSSysprep.log
2013-12-24 17:27 - 2013-12-24 11:05 - 00000000 ____D C:\Windows\Panther
2013-12-24 16:45 - 2013-12-24 16:45 - 00057560 _____ C:\Users\Spieler\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-24 14:04 - 2013-12-24 14:04 - 00000000 ____D C:\Users\Spieler\AppData\Roaming\Avira
2013-12-24 14:03 - 2014-01-13 17:03 - 00000296 _____ C:\Windows\Tasks\MySearchDial.job
2013-12-24 14:03 - 2013-12-27 14:25 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-24 14:03 - 2013-12-24 14:04 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-12-24 14:03 - 2013-12-24 14:03 - 00000000 ____D C:\Program Files (x86)\Mysearchdial
2013-12-24 13:59 - 2013-12-24 13:59 - 00001405 _____ C:\Users\Spieler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-12-24 13:58 - 2014-01-08 19:08 - 00000000 ____D C:\Users\Spieler
2013-12-24 13:58 - 2013-12-24 13:59 - 00001439 _____ C:\Users\Spieler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-24 13:58 - 2013-12-24 13:59 - 00000000 ___RD C:\Users\Spieler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-24 13:58 - 2013-12-24 13:59 - 00000000 ___RD C:\Users\Spieler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-24 13:58 - 2013-12-24 13:58 - 00000020 ___SH C:\Users\Spieler\ntuser.ini
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\Vorlagen
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\Startmenü
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\Netzwerkumgebung
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\Lokale Einstellungen
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\Eigene Dateien
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\Druckumgebung
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\Documents\Eigene Musik
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\Documents\Eigene Bilder
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\AppData\Local\Verlauf
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\AppData\Local\Anwendungsdaten
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\Anwendungsdaten
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 ____D C:\Users\Spieler\AppData\Local\VirtualStore
2013-12-24 13:58 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Spieler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-24 13:58 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Spieler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-24 12:16 - 2013-12-24 12:16 - 00000000 ____D C:\ProgramData\Avira
2013-12-24 12:16 - 2013-12-24 12:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-24 12:16 - 2013-12-09 11:37 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-24 12:16 - 2013-12-09 11:37 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-24 12:16 - 2013-12-09 11:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-24 12:16 - 2013-12-09 11:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-24 12:05 - 2012-02-17 07:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2013-12-24 12:05 - 2012-02-17 06:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2013-12-24 12:05 - 2012-02-17 05:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2013-12-24 12:05 - 2012-02-17 05:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2013-12-24 12:00 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-12-24 12:00 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-12-24 12:00 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-12-24 12:00 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-12-24 12:00 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-12-24 12:00 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-12-24 12:00 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-12-24 12:00 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-12-24 12:00 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-12-24 11:58 - 2013-12-24 11:58 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2013-12-24 11:57 - 2013-12-24 11:58 - 00000000 ____D C:\ProgramData\Qualcomm Atheros
2013-12-24 11:57 - 2013-12-24 11:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-24 11:57 - 2013-12-24 11:57 - 00000000 ____D C:\Windows\Options
2013-12-24 11:57 - 2012-11-26 22:55 - 00078369 ____N C:\Windows\system32\athrextx.cat
2013-12-24 11:57 - 2012-11-22 20:51 - 03831808 ____N (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\athrx.sys
2013-12-24 11:57 - 2012-11-22 20:51 - 03831808 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2013-12-24 11:15 - 2013-12-24 11:15 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-12-24 11:05 - 2014-01-13 17:28 - 00000000 ____D C:\Users\Marius
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Programme
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\ProgramData\Favoriten
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 __SHD C:\Recovery
==================== One Month Modified Files and Folders =======
2014-01-13 17:29 - 2014-01-13 17:29 - 00004671 _____ C:\Users\Spieler\Desktop\FRST.txt
2014-01-13 17:28 - 2014-01-13 17:28 - 00000474 _____ C:\Users\Spieler\Desktop\defogger_disable.log
2014-01-13 17:28 - 2013-12-24 11:05 - 00000000 ____D C:\Users\Marius
2014-01-13 17:24 - 2014-01-13 17:24 - 00377856 _____ C:\Users\Spieler\Desktop\usrrxy47.exe
2014-01-13 17:24 - 2014-01-13 17:24 - 00050477 _____ C:\Users\Spieler\Desktop\Defogger.exe
2014-01-13 17:09 - 2013-12-24 17:31 - 01075764 _____ C:\Windows\WindowsUpdate.log
2014-01-13 17:08 - 2014-01-13 17:08 - 00000000 ____D C:\FRST
2014-01-13 17:07 - 2014-01-13 17:07 - 02075648 _____ (Farbar) C:\Users\Spieler\Desktop\FRST64.exe
2014-01-13 17:03 - 2013-12-24 14:03 - 00000296 _____ C:\Windows\Tasks\MySearchDial.job
2014-01-13 16:58 - 2014-01-08 20:35 - 00000278 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-01-13 16:58 - 2014-01-08 19:08 - 00000394 _____ C:\Users\Spieler\daemonprocess.txt
2014-01-12 18:21 - 2013-12-26 17:28 - 00000000 ____D C:\Users\Public\Documents\phase6_19_Daten
2014-01-09 18:47 - 2009-07-14 05:45 - 00031280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-09 18:47 - 2009-07-14 05:45 - 00031280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-09 18:32 - 2014-01-08 20:35 - 00000000 ____D C:\Program Files (x86)\Jump Flip
2014-01-08 20:39 - 2014-01-08 20:39 - 00000000 ____D C:\Users\Spieler\Documents\Fax
2014-01-08 20:38 - 2014-01-08 20:38 - 00000000 ____D C:\Users\Spieler\AppData\Roaming\Systweak
2014-01-08 20:37 - 2014-01-08 20:36 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2014-01-08 20:36 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-08 20:35 - 2014-01-08 20:35 - 00000286 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-01-08 20:35 - 2014-01-08 20:35 - 00000000 ____D C:\ProgramData\Systweak
2014-01-08 20:35 - 2014-01-08 20:35 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2014-01-08 20:35 - 2014-01-08 20:35 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2014-01-08 19:15 - 2011-04-12 08:43 - 00643866 _____ C:\Windows\system32\perfh007.dat
2014-01-08 19:15 - 2011-04-12 08:43 - 00126394 _____ C:\Windows\system32\perfc007.dat
2014-01-08 19:15 - 2009-07-14 06:13 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-08 19:08 - 2013-12-24 13:58 - 00000000 ____D C:\Users\Spieler
2014-01-08 19:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-08 19:08 - 2009-07-14 05:51 - 00024020 _____ C:\Windows\setupact.log
2014-01-06 16:31 - 2014-01-06 16:31 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-27 18:10 - 2014-01-08 20:35 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-12-27 16:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-27 14:25 - 2013-12-24 14:03 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-26 17:27 - 2013-12-26 17:27 - 00001978 _____ C:\Users\Public\Desktop\phase6_19.lnk
2013-12-26 17:27 - 2013-12-26 17:27 - 00000000 ____D C:\Program Files (x86)\phase6
2013-12-24 17:33 - 2009-07-14 05:45 - 00274464 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-24 17:31 - 2013-12-24 17:31 - 00001355 _____ C:\Windows\TSSysprep.log
2013-12-24 17:31 - 2009-07-14 05:46 - 00002790 _____ C:\Windows\DtcInstall.log
2013-12-24 17:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sysprep
2013-12-24 17:29 - 2011-04-12 08:55 - 00000000 ____D C:\Windows\CSC
2013-12-24 16:45 - 2013-12-24 16:45 - 00057560 _____ C:\Users\Spieler\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-24 14:04 - 2013-12-24 14:04 - 00000000 ____D C:\Users\Spieler\AppData\Roaming\Avira
2013-12-24 14:04 - 2013-12-24 14:03 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-12-24 14:03 - 2013-12-24 14:03 - 00000000 ____D C:\Program Files (x86)\Mysearchdial
2013-12-24 13:59 - 2013-12-24 13:59 - 00001405 _____ C:\Users\Spieler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-12-24 13:59 - 2013-12-24 13:58 - 00001439 _____ C:\Users\Spieler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-24 13:59 - 2013-12-24 13:58 - 00000000 ___RD C:\Users\Spieler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-24 13:59 - 2013-12-24 13:58 - 00000000 ___RD C:\Users\Spieler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-24 13:58 - 2013-12-24 13:58 - 00000020 ___SH C:\Users\Spieler\ntuser.ini
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\Vorlagen
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\Startmenü
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\Netzwerkumgebung
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\Lokale Einstellungen
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\Eigene Dateien
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\Druckumgebung
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\Documents\Eigene Musik
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\Documents\Eigene Bilder
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\AppData\Local\Verlauf
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\AppData\Local\Anwendungsdaten
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 _SHDL C:\Users\Spieler\Anwendungsdaten
2013-12-24 13:58 - 2013-12-24 13:58 - 00000000 ____D C:\Users\Spieler\AppData\Local\VirtualStore
2013-12-24 12:24 - 2010-11-21 04:47 - 00105494 _____ C:\Windows\PFRO.log
2013-12-24 12:16 - 2013-12-24 12:16 - 00000000 ____D C:\ProgramData\Avira
2013-12-24 12:16 - 2013-12-24 12:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-24 12:00 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\restore
2013-12-24 11:58 - 2013-12-24 11:58 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2013-12-24 11:58 - 2013-12-24 11:57 - 00000000 ____D C:\ProgramData\Qualcomm Atheros
2013-12-24 11:57 - 2013-12-24 11:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-24 11:57 - 2013-12-24 11:57 - 00000000 ____D C:\Windows\Options
2013-12-24 11:15 - 2013-12-24 11:15 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-12-24 11:05 - 2013-12-24 17:27 - 00000000 ____D C:\Windows\Panther
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Programme
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\ProgramData\Favoriten
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-12-24 11:05 - 2013-12-24 11:05 - 00000000 __SHD C:\Recovery
2013-12-24 11:05 - 2010-11-21 03:50 - 00000000 ____D C:\Users\Administrator
2013-12-24 11:05 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-24 11:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Recovery
2013-12-24 11:05 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Windows NT
Some content of TEMP:
====================
C:\Users\Spieler\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-01-2014 01
Ran by Spieler at 2014-01-13 17:29:41
Running from C:\Users\Spieler\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Advanced System Protector (x32 Version: 2.1.1000.12580 - Systweak Software) <==== ATTENTION
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Jump Flip (Version: 2014.01.06.192505 - Jump Flip) <==== ATTENTION
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mobogenie (x32 Version: - Mobogenie.com) <==== ATTENTION
MyPC Backup (Version: - MyPC Backup) <==== ATTENTION
Mysearchdial (x32 Version: - Mysearchdial) <==== ATTENTION
phase6_19 (x32 Version: 1.90.0000 - phase6)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0 - Qualcomm Atheros)
RegClean Pro (x32 Version: 6.21 - Systweak Inc) <==== ATTENTION
Wajam (x32 Version: 2.05 - Wajam) <==== ATTENTION
==================== Restore Points =========================
Could not list Restore Points. Check WMI.
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\MySearchDial.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => ?
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => ?
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/08/2014 07:10:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/24/2013 01:59:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/24/2013 00:26:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/24/2013 11:21:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/24/2013 11:05:15 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT-AUTORITÄT)
Description: Das Profilverzeichnis kann nicht gelöscht werden C:\Users\Administrator. Dies liegt u. U. daran, dass Dateien in diesem Verzeichnis von einem anderen Programm verwendet werden.
DETAIL - Das Verzeichnis ist nicht leer.
Error: (12/24/2013 05:34:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/08/2014 07:08:23 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 08.01.2014 um 19:06:51 unerwartet heruntergefahren.
Error: (12/24/2013 11:15:38 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (12/24/2013 11:15:38 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (12/24/2013 11:15:37 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (12/24/2013 11:15:37 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Microsoft Office Sessions:
=========================
Error: (01/08/2014 07:10:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/24/2013 01:59:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/24/2013 00:26:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/24/2013 11:21:02 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/24/2013 11:05:15 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT-AUTORITÄT)
Description: C:\Users\AdministratorDas Verzeichnis ist nicht leer.
Error: (12/24/2013 05:34:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 3988.36 MB
Available physical RAM: 3245.04 MB
Total Pagefile: 7974.91 MB
Available Pagefile: 6892.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:447.45 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
[CODE] GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-13 17:37:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500LT012-9WS142 rev.0001SDM1 465,76GB
Running: usrrxy47.exe; Driver: C:\Users\Marius\AppData\Local\Temp\fwpcrpoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2484] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c68a29 5 bytes JMP 0000000169eb3834
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2484] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076c8cbf3 5 bytes JMP 0000000169fedcd8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2484] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076c8cfca 5 bytes JMP 0000000169de7f59
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2484] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076cacb0c 5 bytes JMP 0000000169fedc75
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2484] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076cace64 5 bytes JMP 0000000169fedd3b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2484] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076cbfbd1 5 bytes JMP 0000000169fedc0a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2484] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076cbfc9d 5 bytes JMP 0000000169fedb9f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2484] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076cbfcd6 5 bytes JMP 0000000169fedb3d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2484] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076cbfcfa 5 bytes JMP 0000000169fedadb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2484] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076db93fc 5 bytes JMP 0000000169fee83a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2484] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000730f388e 5 bytes JMP 0000000169fef282
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2484] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073197922 5 bytes JMP 0000000169fef323
? C:\Windows\system32\mssprxy.dll [2484] entry point in ".rdata" section 0000000072a571e6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3340] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000077396143 5 bytes JMP 0000000169fee036
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3340] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000773d9d0b 5 bytes JMP 0000000169eb33c2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3340] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000730f388e 5 bytes JMP 0000000169fef282
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3340] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073197922 5 bytes JMP 0000000169fef323
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c68a29 5 bytes JMP 0000000169eb3834
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076c76285 5 bytes JMP 0000000169e23c96
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 0000000169e77df9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076c8cbf3 5 bytes JMP 0000000169fedcd8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076c8cfca 5 bytes JMP 0000000169de7f59
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 0000000169edd963
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076cacb0c 5 bytes JMP 0000000169fedc75
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076cace64 5 bytes JMP 0000000169fedd3b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076cbfbd1 5 bytes JMP 0000000169fedc0a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076cbfc9d 5 bytes JMP 0000000169fedb9f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076cbfcd6 5 bytes JMP 0000000169fedb3d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076cbfcfa 5 bytes JMP 0000000169fedadb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000077396143 5 bytes JMP 0000000169fee036
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000773d9d0b 5 bytes JMP 0000000169eb33c2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076d53e59 5 bytes JMP 0000000169ecd8fb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076d53eae 5 bytes JMP 0000000169ece408
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076d54731 5 bytes JMP 0000000169feec33
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076d55dee 5 bytes JMP 0000000169feec7e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076db93fc 5 bytes JMP 0000000169fee83a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000075aa1402 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000075aa141a 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000075aa1432 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000075aa144b 1 byte [75]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000075aa14de 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000075aa14f6 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000075aa150e 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000075aa1526 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000075aa153e 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000075aa1556 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000075aa156e 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000075aa1586 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000075aa159e 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000075aa15b6 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000075aa15ce 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000075aa16b3 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000075aa16be 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000730f388e 5 bytes JMP 0000000169fef282
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073197922 5 bytes JMP 0000000169fef323
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3976] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000077262694 5 bytes JMP 0000000169feea33
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076c68a29 5 bytes JMP 0000000169eb3834
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076c76285 5 bytes JMP 0000000169e23c96
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c77603 5 bytes JMP 0000000169e77df9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076c8cbf3 5 bytes JMP 0000000169fedcd8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076c8cfca 5 bytes JMP 0000000169de7f59
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c8f52b 5 bytes JMP 0000000169edd963
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000076cacb0c 5 bytes JMP 0000000169fedc75
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076cace64 5 bytes JMP 0000000169fedd3b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076cbfbd1 5 bytes JMP 0000000169fedc0a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076cbfc9d 5 bytes JMP 0000000169fedb9f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076cbfcd6 5 bytes JMP 0000000169fedb3d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076cbfcfa 5 bytes JMP 0000000169fedadb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000077396143 5 bytes JMP 0000000169fee036
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000773d9d0b 5 bytes JMP 0000000169eb33c2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076d53e59 5 bytes JMP 0000000169ecd8fb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076d53eae 5 bytes JMP 0000000169ece408
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076d54731 5 bytes JMP 0000000169feec33
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076d55dee 5 bytes JMP 0000000169feec7e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076db93fc 5 bytes JMP 0000000169fee83a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000075aa1402 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000075aa141a 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000075aa1432 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000075aa144b 1 byte [75]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000075aa14de 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000075aa14f6 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000075aa150e 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000075aa1526 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000075aa153e 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000075aa1556 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000075aa156e 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000075aa1586 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000075aa159e 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000075aa15b6 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000075aa15ce 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000075aa16b3 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000075aa16be 1 byte [75]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 00000000730f388e 5 bytes JMP 0000000169fef282
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000073197922 5 bytes JMP 0000000169fef323
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2748] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000077262694 5 bytes JMP 0000000169feea33
? C:\Windows\system32\mssprxy.dll [2748] entry point in ".rdata" section 0000000072a571e6
---- EOF - GMER 2.1 ----
danke für eure Hilfe! Geändert von 6cylinders (13.01.2014 um 17:51 Uhr) Grund: Gmer Log vergessen |
Baum-Darstellung