| |
| |||||||
Log-Analyse und Auswertung: Kann Antivir nach Trojanerangriff nicht mehr öffnen.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.05.2014, 15:24
| #1 |
| |  Kann Antivir nach Trojanerangriff nicht mehr öffnen. Hallo Leute, erst einmal hoffe ich dass ich mit meinem Problem hier richtig bin. Meine Frau hat letztens nichtsahnend eine mir verdächtige Mail geöffnet, ich denke mal dass der Angriff dadurch kam. Ich habe den Trojaner bemerkt als ich eine Überweisung von meinem Bankkonto tätigen wollte. Erst wurde mein PC von der Sparkassenseite direkt überprüft und danach kam eine vorbereitete Überweisung wo ich nur noch die TAN angeben sollte. Ohne dies zu machen habe ich mich gleich abgemeldet. Als nächstes holte ich mir zwei verschiedene Scanner, u.a. Trojanhunter. Habe viele gefunden, gelöscht und seit dem sieht alles gut aus. Aber ich werde das Gefühl nicht los dass noch was drauf ist. Mein Antivir Virenscanner lässt sich nicht öffnen: "Dieses Programm wurde durch eine Gruppenrichtlinie geblockt usw." Ich habe mal die Logs alle vorbereitet und hoffe dass mir jemand sagen kann was ich noch zu tun habe oder mir Entwarnung gibt. Habe wichtige Sachen auf dem PC, leider ist die Festplatte draufggegangen wo ich meine Windowssicherung drauf habe, daher wäre es verdammt blöd wenn auch noch dieser PC meine Daten infiziert. Ich weiss nicht ob es richtig war aber viele der Dateien die infiziert waren habe ich entweder gelöscht oder in Quarantäne verschoben.  Trojanhunter hab ich leider schon deinstalliert. Avira hab ich auch, nachdem ich die o.g. Meldung erhalten habe auch deinstalliert und wieder installiert. Aber das Problem ist weiterhin da. Die restlichen Logdatein sind unten. Danke vorab für alle Meldungen und Antworten. Grüßen, Goe-ki.  Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:23 on 02/05/2014 (goekky)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014 Ran by goekky (administrator) on GOEKKY-PC on 02-05-2014 14:25:33 Running from C:\Users\goekky\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe () C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-09-28] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1423904 2010-09-28] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [177448 2010-09-17] (Alps Electric Co., Ltd.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-09] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [Adobe Version Cue CS2] => c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM\...\Run: [HTC Sync Loader] => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [659456 2013-09-03] () HKLM\...\Run: [UnlockerAssistant] => "C:\Program Files\Unlocker\UnlockerAssistant.exe" HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-04-30] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN) HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION HKU\S-1-5-21-1423429963-998173470-4169035595-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1423429963-998173470-4169035595-1000\...\Run: [uwzyo.exe] => C:\Users\goekky\AppData\Roaming\Uqwu\uwzyo.exe HKU\S-1-5-21-1423429963-998173470-4169035595-1000\...\MountPoints2: {6e0c23c9-521f-11e3-9254-806e6f6e6963} - E:\setup.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=7ad5822f0000000000000026c783e704 SearchScopes: HKCU - DefaultScope {E66DAE83-E74F-4BA0-AAA7-E7049BF56EFF} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=7ad5822f0000000000000026c783e704&r=647 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {E66DAE83-E74F-4BA0-AAA7-E7049BF56EFF} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=7ad5822f0000000000000026c783e704&r=647 BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.) Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\goekky\AppData\Roaming\Mozilla\Firefox\Profiles\uzthgxq3.default-1394789172227 FF user.js: detected! => C:\Users\goekky\AppData\Roaming\Mozilla\Firefox\Profiles\uzthgxq3.default-1394789172227\user.js FF Homepage: hxxp://www.t-online.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml ========================== Services (Whitelisted) ================= R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-04-30] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-04-30] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-04-30] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [704512 2010-06-08] (Sony Corporation) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-04-30] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-04-30] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-31] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2014-04-30] (Avira Operations GmbH & Co. KG) R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [294952 2010-09-20] (Broadcom Corporation.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-11-21] (Disc Soft Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation) R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10382576 2013-07-25] (Intel Corporation) R2 rimspci; C:\Windows\System32\DRIVERS\rimssne86.sys [73216 2013-11-21] (REDC) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-31] (Avira GmbH) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-02 14:25 - 2014-05-02 14:25 - 00011527 _____ () C:\Users\goekky\Downloads\FRST.txt 2014-05-02 14:25 - 2014-05-02 14:25 - 00000000 ____D () C:\FRST 2014-05-02 14:24 - 2014-05-02 14:24 - 01050624 _____ (Farbar) C:\Users\goekky\Downloads\FRST.exe 2014-05-02 14:23 - 2014-05-02 14:23 - 00000544 _____ () C:\Users\goekky\Downloads\defogger_disable.log 2014-05-02 14:23 - 2014-05-02 14:23 - 00000156 _____ () C:\Users\goekky\defogger_reenable 2014-05-02 14:19 - 2014-05-02 14:19 - 00050477 _____ () C:\Users\goekky\Downloads\Defogger.exe 2014-05-02 08:25 - 2014-05-02 08:25 - 00002544 _____ () C:\Windows\diagwrn.xml 2014-05-02 08:25 - 2014-05-02 08:25 - 00001890 _____ () C:\Windows\diagerr.xml 2014-05-01 12:52 - 2014-05-01 12:52 - 00143400 _____ () C:\Windows\Minidump\050114-20685-01.dmp 2014-04-30 17:03 - 2014-05-02 14:06 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-30 17:03 - 2014-04-30 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-30 17:03 - 2014-04-30 17:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-04-30 17:03 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-30 17:03 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-30 17:03 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-30 17:01 - 2014-04-30 17:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\goekky\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-30 16:39 - 2014-04-30 16:39 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork 2014-04-30 16:39 - 2014-04-30 16:39 - 00000000 ____D () C:\Program Files\AskPartnerNetwork 2014-04-30 16:37 - 2014-04-30 17:35 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-04-30 16:37 - 2014-04-30 17:35 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-04-30 16:37 - 2014-04-30 17:35 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-04-30 16:37 - 2014-04-30 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-04-30 16:37 - 2014-04-30 16:37 - 00000000 ____D () C:\ProgramData\Avira 2014-04-30 16:37 - 2014-04-30 16:37 - 00000000 ____D () C:\Program Files\Avira 2014-04-30 16:37 - 2013-10-31 19:25 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-04-30 16:37 - 2013-10-31 19:25 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2014-04-30 16:21 - 2014-04-30 16:21 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-04-30 16:12 - 2014-04-30 16:58 - 00000000 ____D () C:\Program Files\Unlocker 2014-04-30 15:42 - 2014-04-30 15:42 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\TrojanHunter 2014-04-30 14:22 - 2014-04-30 16:58 - 00000000 ____D () C:\Program Files\TrojanHunter 5.5 2014-04-30 14:22 - 2014-04-30 14:22 - 05843488 _____ (Mischel Internet Security ) C:\Users\goekky\Downloads\TrojanHunterSetup_5.5_Build_1003.exe 2014-04-30 14:22 - 2014-04-30 14:22 - 00059392 ____R () C:\Windows\system32\streamhlp.dll 2014-04-30 12:26 - 2014-04-30 19:35 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-04-29 17:41 - 2014-04-29 17:41 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 2014-04-29 17:39 - 2014-05-02 12:55 - 00000000 ____D () C:\Users\goekky\AppData\Local\Htc 2014-04-29 17:38 - 2014-04-29 17:41 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\HTC 2014-04-29 17:38 - 2014-04-29 17:38 - 00001077 _____ () C:\Users\Public\Desktop\HTC Sync.lnk 2014-04-29 17:38 - 2014-04-29 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync 2014-04-29 17:35 - 2014-04-29 17:35 - 00000000 ____D () C:\Users\goekky\AppData\Local\Downloaded Installations 2014-04-29 17:35 - 2014-04-29 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC 2014-04-29 17:35 - 2014-04-29 17:35 - 00000000 ____D () C:\Program Files\Spirent Communications 2014-04-29 17:34 - 2014-04-29 17:38 - 00000000 ____D () C:\Program Files\HTC 2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-04-29 17:31 - 2014-04-29 17:33 - 165708080 _____ (HTC Corporation ) C:\Users\goekky\Downloads\setup_3.3.63.exe 2014-04-29 12:22 - 2014-05-01 12:10 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\Uqwu 2014-04-29 12:22 - 2014-05-01 12:05 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\Waic 2014-04-22 19:51 - 2014-04-22 19:51 - 00208736 _____ () C:\Windows\Minidump\042214-18096-01.dmp 2014-04-11 10:07 - 2014-04-11 10:25 - 00000000 ____D () C:\sn0wbreeze 2014-04-10 17:34 - 2014-04-10 17:34 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Adobe 2014-04-10 17:34 - 2014-04-10 17:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Adobe 2014-04-10 17:32 - 2014-04-10 17:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Apple Computer 2014-04-10 15:36 - 2014-04-10 15:53 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\redsn0w ==================== One Month Modified Files and Folders ======= 2014-05-02 14:25 - 2014-05-02 14:25 - 00011527 _____ () C:\Users\goekky\Downloads\FRST.txt 2014-05-02 14:25 - 2014-05-02 14:25 - 00000000 ____D () C:\FRST 2014-05-02 14:24 - 2014-05-02 14:24 - 01050624 _____ (Farbar) C:\Users\goekky\Downloads\FRST.exe 2014-05-02 14:23 - 2014-05-02 14:23 - 00000544 _____ () C:\Users\goekky\Downloads\defogger_disable.log 2014-05-02 14:23 - 2014-05-02 14:23 - 00000156 _____ () C:\Users\goekky\defogger_reenable 2014-05-02 14:23 - 2013-11-20 22:16 - 00000000 ____D () C:\Users\goekky 2014-05-02 14:19 - 2014-05-02 14:19 - 00050477 _____ () C:\Users\goekky\Downloads\Defogger.exe 2014-05-02 14:18 - 2013-12-11 21:33 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\Skype 2014-05-02 14:06 - 2014-04-30 17:03 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-02 14:06 - 2014-01-21 18:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-02 14:06 - 2013-11-20 22:11 - 00901612 _____ () C:\Windows\WindowsUpdate.log 2014-05-02 13:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-05-02 13:03 - 2013-11-20 23:38 - 00000000 ____D () C:\Users\goekky\Desktop\Brotbestellung 2014-05-02 13:03 - 2009-07-14 06:34 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-02 13:03 - 2009-07-14 06:34 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-02 12:59 - 2010-11-20 23:01 - 01480602 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-02 12:55 - 2014-04-29 17:39 - 00000000 ____D () C:\Users\goekky\AppData\Local\Htc 2014-05-02 12:54 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-02 12:54 - 2009-07-14 06:39 - 00001197 _____ () C:\Windows\setupact.log 2014-05-02 08:25 - 2014-05-02 08:25 - 00002544 _____ () C:\Windows\diagwrn.xml 2014-05-02 08:25 - 2014-05-02 08:25 - 00001890 _____ () C:\Windows\diagerr.xml 2014-05-02 08:25 - 2009-07-14 06:39 - 00000000 _____ () C:\Windows\setuperr.log 2014-05-01 20:34 - 2013-11-20 23:38 - 00000000 ____D () C:\Users\goekky\Desktop\Buchhaltung 2014-05-01 12:52 - 2014-05-01 12:52 - 00143400 _____ () C:\Windows\Minidump\050114-20685-01.dmp 2014-05-01 12:52 - 2013-11-30 17:28 - 291483818 _____ () C:\Windows\MEMORY.DMP 2014-05-01 12:52 - 2013-11-30 17:28 - 00000000 ____D () C:\Windows\Minidump 2014-05-01 12:52 - 2013-11-26 13:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-01 12:52 - 2010-11-20 23:48 - 00221952 _____ () C:\Windows\PFRO.log 2014-05-01 12:10 - 2014-04-29 12:22 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\Uqwu 2014-05-01 12:05 - 2014-04-29 12:22 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\Waic 2014-04-30 19:35 - 2014-04-30 12:26 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-04-30 17:35 - 2014-04-30 16:37 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-04-30 17:35 - 2014-04-30 16:37 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-04-30 17:35 - 2014-04-30 16:37 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-04-30 17:03 - 2014-04-30 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-30 17:03 - 2014-04-30 17:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-04-30 17:03 - 2014-04-30 17:01 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\goekky\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-30 16:58 - 2014-04-30 16:12 - 00000000 ____D () C:\Program Files\Unlocker 2014-04-30 16:58 - 2014-04-30 14:22 - 00000000 ____D () C:\Program Files\TrojanHunter 5.5 2014-04-30 16:39 - 2014-04-30 16:39 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork 2014-04-30 16:39 - 2014-04-30 16:39 - 00000000 ____D () C:\Program Files\AskPartnerNetwork 2014-04-30 16:37 - 2014-04-30 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-04-30 16:37 - 2014-04-30 16:37 - 00000000 ____D () C:\ProgramData\Avira 2014-04-30 16:37 - 2014-04-30 16:37 - 00000000 ____D () C:\Program Files\Avira 2014-04-30 16:31 - 2013-12-05 17:51 - 00000000 _____ () C:\Windows\Explorer.EXE.Z-missing.txt 2014-04-30 16:21 - 2014-04-30 16:21 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-04-30 15:42 - 2014-04-30 15:42 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\TrojanHunter 2014-04-30 15:40 - 2014-01-28 15:42 - 00000000 ____D () C:\Program Files\WinRAR 2014-04-30 14:22 - 2014-04-30 14:22 - 05843488 _____ (Mischel Internet Security ) C:\Users\goekky\Downloads\TrojanHunterSetup_5.5_Build_1003.exe 2014-04-30 14:22 - 2014-04-30 14:22 - 00059392 ____R () C:\Windows\system32\streamhlp.dll 2014-04-29 18:05 - 2013-11-21 11:57 - 00000000 ____D () C:\Users\goekky\Documents\Bluetooth-Exchange-Ordner 2014-04-29 17:41 - 2014-04-29 17:41 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 2014-04-29 17:41 - 2014-04-29 17:38 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\HTC 2014-04-29 17:38 - 2014-04-29 17:38 - 00001077 _____ () C:\Users\Public\Desktop\HTC Sync.lnk 2014-04-29 17:38 - 2014-04-29 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync 2014-04-29 17:38 - 2014-04-29 17:34 - 00000000 ____D () C:\Program Files\HTC 2014-04-29 17:35 - 2014-04-29 17:35 - 00000000 ____D () C:\Users\goekky\AppData\Local\Downloaded Installations 2014-04-29 17:35 - 2014-04-29 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC 2014-04-29 17:35 - 2014-04-29 17:35 - 00000000 ____D () C:\Program Files\Spirent Communications 2014-04-29 17:35 - 2013-11-21 13:09 - 00025136 _____ () C:\Windows\DPINST.LOG 2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-04-29 17:34 - 2013-11-22 23:33 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\Adobe 2014-04-29 17:34 - 2013-11-22 23:32 - 00000000 ____D () C:\Program Files\Adobe 2014-04-29 17:34 - 2013-11-22 23:31 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-29 17:34 - 2013-11-22 23:30 - 00000000 ____D () C:\Users\goekky\AppData\Local\Adobe 2014-04-29 17:33 - 2014-04-29 17:31 - 165708080 _____ (HTC Corporation ) C:\Users\goekky\Downloads\setup_3.3.63.exe 2014-04-28 19:34 - 2013-11-23 00:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-04-28 19:34 - 2013-11-23 00:03 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-04-22 19:51 - 2014-04-22 19:51 - 00208736 _____ () C:\Windows\Minidump\042214-18096-01.dmp 2014-04-22 17:01 - 2013-11-20 23:42 - 00010718 _____ () C:\Users\goekky\Desktop\Geschäftsverlauf.xlsx 2014-04-16 17:03 - 2013-11-20 23:42 - 00011039 _____ () C:\Users\goekky\Desktop\ausgabenliste.xlsx 2014-04-15 12:57 - 2013-11-20 23:39 - 00000000 ____D () C:\Users\goekky\Desktop\Milch & Honig 2014-04-11 10:25 - 2014-04-11 10:07 - 00000000 ____D () C:\sn0wbreeze 2014-04-10 17:34 - 2014-04-10 17:34 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Adobe 2014-04-10 17:34 - 2014-04-10 17:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Adobe 2014-04-10 17:33 - 2013-12-10 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Apple Computer 2014-04-10 17:32 - 2014-04-10 17:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Apple Computer 2014-04-10 15:53 - 2014-04-10 15:36 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\redsn0w 2014-04-03 09:51 - 2014-04-30 17:03 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-30 17:03 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-30 17:03 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\avgnt.exe C:\Users\goekky\AppData\Local\Temp\avgnt.exe C:\Users\goekky\AppData\Local\Temp\BackupSetup.exe C:\Users\goekky\AppData\Local\Temp\Difx64.exe C:\Users\goekky\AppData\Local\Temp\fp_pl_pfs_installer-1.exe C:\Users\goekky\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\goekky\AppData\Local\Temp\iO5cqcC.Difx64.exe C:\Users\goekky\AppData\Local\Temp\jvrtPUW.difxapi.dll C:\Users\goekky\AppData\Local\Temp\ose00000.exe C:\Users\goekky\AppData\Local\Temp\RxXiWYr.difxapi.dll C:\Users\goekky\AppData\Local\Temp\vcredist_x86.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 12:38 ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-02 15:02:11
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320325AS rev.0006SDM2 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\goekky\AppData\Local\Temp\uxdiapoc.sys
---- System - GMER 2.1 ----
SSDT 8EE53B2E ZwCreateSection
SSDT 8EE53B38 ZwRequestWaitReplyPort
SSDT 8EE53B33 ZwSetContextThread
SSDT 8EE53B3D ZwSetSecurityObject
SSDT 8EE53B42 ZwSystemDebugControl
SSDT 8EE53ACF ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 82C75339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82CB5EEC 2 Bytes [2E, 3B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11FA 82CB5EEF 1 Byte [8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82CB6248 4 Bytes [38, 3B, E5, 8E] {CMP [EBX], BH; IN EAX, 0x8e}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82CB628C 4 Bytes [33, 3B, E5, 8E] {XOR EDI, [EBX]; IN EAX, 0x8e}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82CB6308 4 Bytes [3D, 3B, E5, 8E]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9443C000, 0x2C22CE, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!free 76D59894 5 Bytes JMP 0A90D2D0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!malloc 76D59CEE 5 Bytes JMP 0A90D230 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!??3@YAXPAX@Z 76D5B0B9 5 Bytes JMP 0A90D2D0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!??2@YAPAXI@Z 76D5B0C9 5 Bytes JMP 0A90D480 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!realloc 76D5B10D 5 Bytes JMP 0A90D2B0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!calloc 76D5C456 5 Bytes JMP 0A90D270 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_msize 76D5F43B 5 Bytes JMP 0A90D2E0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_aligned_free 76D75942 5 Bytes JMP 0A90D2D0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_aligned_malloc 76D8028D 5 Bytes JMP 0A90D3C0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_aligned_offset_malloc 76D802A9 5 Bytes JMP 0A90D3E0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 76DABFC9 5 Bytes JMP 0A90D500 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_aligned_offset_realloc 76DABFD9 5 Bytes JMP 0A90D420 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_aligned_realloc 76DAC163 5 Bytes JMP 0A90D400 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_expand 76DAC182 5 Bytes JMP 0A90D3A0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_heapadd 76DADCFB 5 Bytes JMP 0A90D550 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_heapchk 76DADD0F 5 Bytes JMP 0A90D560 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_heapset + 1 76DADE0E 4 Bytes JMP 0A90D581 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_heapmin 76DADE17 5 Bytes JMP 0A90D650 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_heapused 76DADEFD 5 Bytes JMP 0A90D620 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_heapwalk 76DADF10 5 Bytes JMP 0A90D590 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] ntdll.dll!LdrGetProcedureAddress + 26 76E622B3 7 Bytes JMP 63951FD9 C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75848996 7 Bytes JMP 5B7C40E1 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] kernel32.dll!GetEnvironmentStringsA + 11 75852FB1 7 Bytes JMP 5B7C4104 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] kernel32.dll!BaseThreadInitThunk + C9 75853CFC 7 Bytes JMP 5AE93255 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] GDI32.dll!GetViewportOrgEx + 26C 757B884B 7 Bytes JMP 5B7C4062 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4640] ntdll.dll!LdrGetProcedureAddress + 26 76E622B3 7 Bytes JMP 5FC05720 C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4640] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75848996 7 Bytes JMP 608A3624 C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4640] kernel32.dll!GetEnvironmentStringsA + 11 75852FB1 7 Bytes JMP 608A35DC C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4640] kernel32.dll!BaseThreadInitThunk + C9 75853CFC 7 Bytes JMP 5FC1650E C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4640] GDI32.dll!GetViewportOrgEx + 26C 757B884B 7 Bytes JMP 608A364B C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4836] USER32.dll!GetWindowInfo 754C4B5E 5 Bytes JMP 5B0C2366 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4836] USER32.dll!ToUnicodeEx + 71 754D2223 7 Bytes JMP 5B0BBD82 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtCreateFile + 6 76E455CE 4 Bytes [28, 00, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtCreateFile + B 76E455D3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtCreateKey + 6 76E4560E 4 Bytes [68, 01, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtCreateKey + B 76E45613 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtCreateMutant + 6 76E4564E 4 Bytes [68, 02, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtCreateMutant + B 76E45653 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtCreateSection + 6 76E456EE 4 Bytes [A8, 02, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtCreateSection + B 76E456F3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtMapViewOfSection + 6 76E45C2E 4 Bytes CALL 75E47337 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtMapViewOfSection + B 76E45C33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenFile + 6 76E45CDE 4 Bytes [68, 00, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenFile + B 76E45CE3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenKey + 6 76E45D0E 4 Bytes [A8, 01, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenKey + B 76E45D13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenKeyEx + 6 76E45D1E 4 Bytes CALL 75E47424 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenKeyEx + B 76E45D23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenMutant + 6 76E45D5E 4 Bytes [28, 02, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenMutant + B 76E45D63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenProcess + 6 76E45D8E 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenProcess + 6 76E45D8E 4 Bytes [68, 03, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenProcess + B 76E45D93 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenProcessToken + 6 76E45D9E 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenProcessToken + 6 76E45D9E 4 Bytes [A8, 03, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenProcessToken + B 76E45DA3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenProcessTokenEx + 6 76E45DAE 4 Bytes [68, 04, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenProcessTokenEx + B 76E45DB3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenSection + 6 76E45DCE 4 Bytes CALL 75E474D5 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenSection + B 76E45DD3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenThread + 6 76E45E0E 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenThread + 6 76E45E0E 4 Bytes [28, 03, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenThread + B 76E45E13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenThreadToken + 6 76E45E1E 4 Bytes [28, 04, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenThreadToken + B 76E45E23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenThreadTokenEx + 6 76E45E2E 4 Bytes [A8, 04, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenThreadTokenEx + B 76E45E33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtQueryAttributesFile + 6 76E45F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtQueryAttributesFile + B 76E45F43 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtQueryFullAttributesFile + 6 76E45FEE 4 Bytes CALL 75E476F3 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtQueryFullAttributesFile + B 76E45FF3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtSetInformationFile + 6 76E4663E 4 Bytes [28, 01, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtSetInformationFile + B 76E46643 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtSetInformationThread + 6 76E4669E 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtSetInformationThread + 6 76E4669E 4 Bytes CALL 75E47DA6 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtSetInformationThread + B 76E466A3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtUnmapViewOfSection + 6 76E469BE 4 Bytes [28, 05, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtUnmapViewOfSection + B 76E469C3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] kernel32.dll!CreateProcessW 7580204D 5 Bytes JMP 00180030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] kernel32.dll!CreateProcessA 75802082 5 Bytes JMP 00180070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!DeleteObject 757B5F14 5 Bytes JMP 002301B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SelectObject 757B6640 5 Bytes JMP 002305F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SetTextColor 757B6906 5 Bytes JMP 00230A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SetBkMode 757B69B1 5 Bytes JMP 002308F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!DeleteDC 757B6EAA 5 Bytes JMP 00230170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetDeviceCaps 757B6F7F 5 Bytes JMP 002303B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!ExtSelectClipRgn 757B7114 5 Bytes JMP 002302F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SelectClipRgn 757B7242 5 Bytes JMP 002305B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SetStretchBltMode 757B7705 5 Bytes JMP 002306B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetCurrentObject 757B7917 5 Bytes JMP 00230370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetTextMetricsW 757B7B8F 5 Bytes JMP 00230E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetTextAlign 757B7DAF 5 Bytes JMP 00230D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!IntersectClipRect 757B7DFE 5 Bytes JMP 002303F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!ExtTextOutW 757B8192 5 Bytes JMP 00230970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SetTextAlign 757B828E 5 Bytes JMP 002309F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetClipBox 757B8525 5 Bytes JMP 00230330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!MoveToEx 757B8C21 5 Bytes JMP 00230470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!StretchDIBits 757BA53E 5 Bytes JMP 00230770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!RestoreDC 757BA67B 5 Bytes JMP 00230530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SaveDC 757BA74B 5 Bytes JMP 00230570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetTextExtentPoint32W 757BB4B5 5 Bytes JMP 00230670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetTextFaceW 757BB73A 2 Bytes JMP 00230D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetTextFaceW + 3 757BB73D 2 Bytes [A7, 8A]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetFontData 757BBCC4 5 Bytes JMP 00230C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SetWorldTransform 757BC90A 5 Bytes JMP 002306F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!CreateDCA 757BCCA9 5 Bytes JMP 002300B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!CreateDCW 757BCF79 5 Bytes JMP 002300F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!CreateICW 757BCFD0 5 Bytes JMP 00230130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetTextMetricsA 757BD0F2 5 Bytes JMP 00230DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!Rectangle 757BF1FF 5 Bytes JMP 002309B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!LineTo 757BF59B 5 Bytes JMP 00230430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SetICMMode 757BFAA4 5 Bytes JMP 00230DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!ExtTextOutA 757C03F9 5 Bytes JMP 00230930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetTextExtentPoint32A 757C07B0 5 Bytes JMP 00230630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!ExtEscape 757C2949 5 Bytes JMP 002302B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!Escape 757C3939 5 Bytes JMP 00230270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetTextFaceA 757C3E6A 5 Bytes JMP 00230CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SetPolyFillMode 757CD851 5 Bytes JMP 00230B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SetMiterLimit 757CDA0D 5 Bytes JMP 00230B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!EndPage 757D00D7 5 Bytes JMP 00230230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!ResetDCW 757D050D 5 Bytes JMP 00230AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetGlyphOutlineW 757DC1BA 5 Bytes JMP 00230CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!CreateScalableFontResourceW 757DE817 5 Bytes JMP 00230BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!AddFontResourceW 757DEC13 5 Bytes JMP 00230BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!RemoveFontResourceW 757DF109 5 Bytes JMP 00230C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!AbortDoc 757E4C63 5 Bytes JMP 00230030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!EndDoc 757E50AA 5 Bytes JMP 002301F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!StartPage 757E5195 5 Bytes JMP 00230730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!StartDocW 757E5BB0 5 Bytes JMP 002307F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!BeginPath 757E635D 5 Bytes JMP 00230830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SelectClipPath 757E63B4 5 Bytes JMP 00230AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!CloseFigure 757E640F 5 Bytes JMP 00230070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!EndPath 757E6466 5 Bytes JMP 00230A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!StrokePath 757E6699 5 Bytes JMP 002307B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!FillPath 757E6726 5 Bytes JMP 00230870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!PolylineTo 757E6B94 5 Bytes JMP 002304F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!PolyBezierTo 757E6C25 5 Bytes JMP 002304B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!PolyDraw 757E6CD7 5 Bytes JMP 002308B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!ActivateKeyboardLayout 754B8203 5 Bytes JMP 002404F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!ScreenToClient 754BA506 7 Bytes JMP 00240670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!RegisterClipboardFormatA 754BC091 5 Bytes JMP 002402F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!RegisterClipboardFormatW 754BDF8D 5 Bytes JMP 002402B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!SetCursor 754C3075 5 Bytes JMP 00240530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!MonitorFromWindow 754C3622 7 Bytes JMP 00240630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!PostMessageW 754C447B 5 Bytes JMP 002405F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!IsWindowVisible 754C4D69 7 Bytes JMP 002406B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetClientRect 754C54DD 7 Bytes JMP 002405B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!MapWindowPoints 754C5CAA 5 Bytes JMP 00240570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetParent 754C6029 7 Bytes JMP 002406F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!EmptyClipboard 754D290C 5 Bytes JMP 00240130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!SetClipboardData 754D2962 5 Bytes JMP 00240170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetClipboardData 754D2BA7 5 Bytes JMP 00240030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetClipboardFormatNameW 754D5FD2 5 Bytes JMP 00240230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!SetClipboardViewer 754D6FF6 5 Bytes JMP 002404B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetClipboardFormatNameA 754D700A 5 Bytes JMP 00240270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!ChangeClipboardChain 754E147C 5 Bytes JMP 00240430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetTopWindow 754E24D9 7 Bytes JMP 00240730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!CloseClipboard 754E446C 5 Bytes JMP 002400B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!OpenClipboard 754E447E 5 Bytes JMP 00240070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!IsClipboardFormatAvailable 754E44FF 5 Bytes JMP 002400F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetClipboardSequenceNumber 754E4513 5 Bytes JMP 00240330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetClipboardOwner 754E4525 5 Bytes JMP 00240370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!CountClipboardFormats 754E470A 5 Bytes JMP 002401F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!EnumClipboardFormats 754E47EC 5 Bytes JMP 002401B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetOpenClipboardWindow 754E480B 5 Bytes JMP 002403F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!SetCursorPos 754FC1B0 5 Bytes JMP 00240770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetClipboardViewer 75514AF7 5 Bytes JMP 00240470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetPriorityClipboardFormat 75514BF9 5 Bytes JMP 002403B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ole32.dll!OleSetClipboard 76AA0045 5 Bytes JMP 00250030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ole32.dll!OleIsCurrentClipboard 76AA36B2 5 Bytes JMP 00250070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ole32.dll!OleGetClipboard 76ACFDCD 5 Bytes JMP 002500B0
---- Devices - GMER 2.1 ----
Device \Driver\BTHUSB \Device\00000073 bthport.sys
Device \Driver\BTHUSB \Device\00000075 bthport.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38d919db
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38d919db@1cb094fe5795 0xF5 0x65 0x7C 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38d919db (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38d919db@1cb094fe5795 0xF5 0x65 0x7C 0xBF ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-05-2014
Ran by goekky at 2014-05-02 14:25:55
Running from C:\Users\goekky\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (Version: - Microsoft) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Creative Suite 2 (HKLM\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe Illustrator CS2 (Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InDesign CS2 (Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Adobe Version Cue CS2 (Version: 2.0 - Adobe Systems, Inc.) Hidden
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{2C659C60-BDF5-33B7-E136-9D1F4D7699AB}) (Version: 3.0.750.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-4300-A758B70C0A03}) (Version: 12.10.3.4691 - APN, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Core Implementation (Version: 2010.0209.16.306 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2010.0209.16.306 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2010.0209.16.306 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2010.0209.16.306 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0209.16.306 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0209.16.306 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0209.16.306 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0209.16.306 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Czech (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Danish (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Dutch (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help English (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Finnish (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help French (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help German (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Greek (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Hungarian (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Italian (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Japanese (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Korean (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Polish (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Russian (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Spanish (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Swedish (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Thai (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Turkish (Version: 2010.0209.0015.306 - ATI) Hidden
ccc-core-static (Version: 2010.0209.16.306 - Ihr Firmenname) Hidden
ccc-utility (Version: 2010.0209.16.306 - ATI) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.5.0.001 - HTC Corporation)
HTC Sync (HKLM\...\{CBDAE89D-8ABD-4DC5-9309-C2C58696B371}) (Version: 3.3.63 - HTC Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
PDF24 Creator 6.0.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
VAIO Smart Network (HKLM\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.0.06080 - Sony Corporation)
Wartung Samsung CLX-3180 Series (HKLM\...\Samsung CLX-3180 Series) (Version: - Samsung Electronics Co., Ltd.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Restore Points =========================
14-03-2014 15:01:03 Geplanter Prüfpunkt
25-03-2014 14:05:23 Geplanter Prüfpunkt
02-04-2014 13:37:48 Geplanter Prüfpunkt
10-04-2014 07:46:58 Geplanter Prüfpunkt
19-04-2014 10:37:55 Geplanter Prüfpunkt
26-04-2014 12:42:11 Windows-Sicherung
26-04-2014 19:19:44 Windows-Sicherung
26-04-2014 20:27:36 Windows-Sicherung
26-04-2014 21:11:58 Windows-Sicherung
29-04-2014 15:38:25 Installed HTC Sync.
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {2FA50F1F-E0E1-451F-B7B8-AED189D61953} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2013-09-03] ()
Task: {A759D865-176A-4876-AC50-703A422AF444} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {DB376296-55DF-44FE-B189-7135FD5DD51E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-11-22 12:40 - 2011-06-22 18:13 - 00024064 _____ () C:\Windows\System32\sst2cl3.dll
2013-11-22 12:40 - 2011-06-22 18:12 - 00540672 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\sst2cdu.dll
2014-04-30 16:37 - 2013-10-31 19:25 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2005-04-06 17:52 - 2005-04-06 17:52 - 00028791 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00057453 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00102515 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00053364 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00057455 _____ () C:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00032880 _____ () C:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00434255 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 01019904 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-29 17:35 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2005-04-06 17:53 - 2005-04-06 17:53 - 03502080 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
2013-09-03 11:58 - 2013-09-03 11:58 - 00659456 _____ () C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
2013-09-03 11:58 - 2013-09-03 11:58 - 00109056 _____ () C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00516599 _____ () C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00094208 _____ () C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00405504 _____ () C:\Program Files\HTC\HTC Sync 3.0\HtcDetect.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00159744 _____ () C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00172032 _____ () C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00559244 _____ () C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00010240 _____ () C:\Program Files\HTC\HTC Sync 3.0\ItemSyncLimit.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 01515520 _____ () C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
2013-11-21 13:20 - 2013-11-21 13:20 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-04-30 12:26 - 2014-04-30 12:26 - 03019888 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-04-30 12:26 - 2014-04-30 12:26 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-04-30 12:26 - 2014-04-30 12:26 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-03-19 21:23 - 2014-03-19 21:23 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-28 19:34 - 2014-04-28 19:34 - 16351920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
Description: Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/02/2014 00:56:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/02/2014 00:55:20 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 108.2.168.192.in-addr.arpa. PTR goekky-PC.local.
Error: (05/02/2014 00:55:20 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.108:5353 19 108.2.168.192.in-addr.arpa. PTR goekky-PC-2.local.
Error: (05/02/2014 11:47:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/02/2014 11:45:58 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 108.2.168.192.in-addr.arpa. PTR goekky-PC.local.
Error: (05/02/2014 11:45:58 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.108:5353 19 108.2.168.192.in-addr.arpa. PTR goekky-PC-2.local.
Error: (05/02/2014 10:10:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2543
Error: (05/02/2014 10:10:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2543
Error: (05/02/2014 10:10:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/02/2014 02:50:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4212
System errors:
=============
Error: (05/02/2014 02:06:44 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst VSNService erreicht.
Error: (05/02/2014 11:44:29 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst VSNService erreicht.
Error: (05/02/2014 02:50:35 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst VSNService erreicht.
Error: (05/01/2014 08:33:53 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst VSNService erreicht.
Error: (05/01/2014 00:52:52 PM) (Source: BugCheck) (User: )
Description: 0x00000019 (0x00000020, 0x88f0f2b0, 0x88f0f2c8, 0x08030017)C:\Windows\MEMORY.DMP050114-20685-01
Error: (05/01/2014 00:52:47 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 01.05.2014 um 12:51:45 unerwartet heruntergefahren.
Error: (05/01/2014 01:35:43 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst VSNService erreicht.
Error: (04/30/2014 07:32:36 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst VSNService erreicht.
Error: (04/30/2014 06:01:30 PM) (Source: DCOM) (User: )
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Error: (04/30/2014 05:33:03 PM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 3566.11 MB
Available physical RAM: 2217.33 MB
Total Pagefile: 7130.5 MB
Available Pagefile: 5195.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.25 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:200.34 GB) (Free:99.77 GB) NTFS
Drive d: () (Fixed) (Total:97.66 GB) (Free:96.03 GB) NTFS
Drive e: (GSP1RMCPRFREO_DE_DVD) (CDROM) (Total:2.34 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 9788BCBB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 30.04.2014 Scan Time: 17:28:27 Logfile: mbam.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.04.30.07 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: goekky Scan Type: Threat Scan Result: Completed Objects Scanned: 260549 Time Elapsed: 23 min, 6 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.Softonic.A, HKU\S-1-5-21-1423429963-998173470-4169035595-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\softonicToolbar, Delete-on-Reboot, [3f400f2181fa50e6b086611a8979619f], Registry Values: 2 Trojan.Ransom.Gend, HKU\S-1-5-21-1423429963-998173470-4169035595-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|bhcwzj, regsvr32.exe "C:\ProgramData\bhcwzj.dat", Delete-on-Reboot, [017e5dd332490e288a5abb4ce71a8f71] Trojan.Ransom.Gend, HKU\S-1-5-21-1423429963-998173470-4169035595-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|bhcwzj, regsvr32.exe "C:\ProgramData\bhcwzj.dat", Quarantined, [017e5dd332490e288a5abb4ce71a8f71] Registry Data: 0 (No malicious items detected) Folders: 7 PUP.Optional.OpenCandy, C:\Users\goekky\AppData\Roaming\OpenCandy, Quarantined, [94eb43ed84f7c175a4672244d62c5ca4], PUP.Optional.OpenCandy, C:\Users\goekky\AppData\Roaming\OpenCandy\E7D5A0CF28DC40179FE1B8950C497D91, Quarantined, [94eb43ed84f7c175a4672244d62c5ca4], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Temp\mt_ffx\Softonic, Quarantined, [57283cf40d6e5bdb9a49b3ba8e7415eb], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Temp\mt_ffx\Softonic\Softonic, Quarantined, [57283cf40d6e5bdb9a49b3ba8e7415eb], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Temp\mt_ffx\Softonic\Softonic\1.8.21.14, Quarantined, [57283cf40d6e5bdb9a49b3ba8e7415eb], Files: 22 Trojan.Ransom.Gend, C:\ProgramData\bhcwzj.dat, Quarantined, [017e5dd332490e288a5abb4ce71a8f71], PUP.Optional.OpenCandy.A, C:\Users\goekky\AppData\Roaming\OpenCandy\E7D5A0CF28DC40179FE1B8950C497D91\Setupsft_chr_p1v7.exe, Quarantined, [ea95aa86077425118717a483e1235ea2], Trojan.Agent.EF, C:\Users\goekky\AppData\Local\Temp\Rar$EXa0.498\vertrag_16.08.2013-signed_8D18939261524451E.exe, Quarantined, [2c533000106b0630540be942aa5a32ce], Backdoor.Bot, C:\Users\goekky\AppData\Local\Temp\Rar$EXa0.702\fax_FC63589826333C70656B.exe, Quarantined, [7e0177b998e31a1ce60c0f4037ca926e], PUP.Optional.OpenCandy, C:\Users\goekky\Downloads\DTLite4481-0347.exe, Quarantined, [9ae52010a3d865d158ea3029df25a45c], PUP.Optional.Babylon.A, C:\Users\goekky\Downloads\Unlocker1.9.2.exe, Quarantined, [6f10ee420d6ea88e07b424de05fcec14], PUP.Optional.Spigot.A, C:\Users\goekky\Downloads\YTD471Setup.exe, Quarantined, [f788230d42395bdbeb928e98ce329868], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\appCntrl.js, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\bg.html, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\bg.js, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\chMntz.dll, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\CrmAdpt.dll, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\ct.js, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\CTB.dll, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\dpk.js, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\hprtkMsg.htm, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\hprtkMsg.js, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\json2.min.js, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\logo.png, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\manifest.json, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\pref.json, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Temp\mt_ffx\Softonic\Softonic\1.8.21.14\softonic.xpi, Quarantined, [57283cf40d6e5bdb9a49b3ba8e7415eb], Physical Sectors: 0 (No malicious items detected) (end) |
| Themen zu Kann Antivir nach Trojanerangriff nicht mehr öffnen. |
| 4d36e972-e325-11ce-bfc1-08002be10318, avira, backdoor.bot, cursor, dieses programm wurde durch eine gruppenrichtlinie geblockt, festplatte, flash player, google, homepage, launch, nicht öffnen, problem, programm, pup.optional.babylon.a, pup.optional.opencandy, pup.optional.opencandy.a, pup.optional.softonic.a, pup.optional.spigot.a, registry, software, svchost.exe, trojan.agent.ef, trojan.ransom.gend, trojaner, vcredist, verdächtige mail |
Baum-Darstellung