| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nach Installiernen von Leedhax(Cheat für Facebookspiele) lahmt der Pc und Firefox stürzt öfters abWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.03.2013, 14:43
| #1 |
| |  Nach Installiernen von Leedhax(Cheat für Facebookspiele) lahmt der Pc und Firefox stürzt öfters ab Hallo Liebe Helfer, ich habe mir gestern über die seite von Leedhax.de ein so mir vorgestellten Cheat für Facebook Spiele runtergeladen.Nach dem Download fragte mich Firefox ob ich diesen "Ad onns" erlauben möchte.Was ich dan auch tat.Super war das ich von da an viele vorteile im Facebook Spiel hatte,mehr Leben u.s.w. Doch seid heute Morgen hägnt mein Pc bei mehrbelastung und Firefox stürzt immer wieder ab.Meistens beim wechseln von Internetseiten.Ich habe mir die Forenregeln durchgelesen und versucht alles zu beachten.Falls ich etwas vergessen haben,war dies nicht beabsichtigt. [OTL logfile created on: 24.03.2013 14:05:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Manase\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 75,85% Memory free 7,74 Gb Paging File | 6,61 Gb Available in Paging File | 85,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 35,07 Gb Free Space | 31,39% Space Free | Partition Type: NTFS Computer Name: MANASE-PC | User Name: Manase | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.24 14:03:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manase\Downloads\OTL.exe PRC - [2012.12.05 03:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe PRC - [2012.11.19 17:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012.11.02 03:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe PRC - [2012.07.26 22:08:58 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2013.03.12 17:19:57 | 000,118,272 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\tapi3264.exe -- (opeofiles) SRV - [2013.03.10 12:05:55 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.07 15:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.05 03:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws) SRV - [2012.11.02 03:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.07.26 22:08:58 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.12.10 03:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.11.08 03:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.08.24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011.05.23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:35:46 | 000,416,768 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B) DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.02.13 13:17:10 | 000,686,592 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119816&tt=070313_9105&babsrc=HP_ss&mntrId=8c04dc5c000000000000002163862a55 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 2B 37 D7 7A 1D CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&tt=070313_9105&babsrc=SP_ss&mntrId=8c04dc5c000000000000002163862a55 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: leethax%40leethax.net:2013.03.22 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2013.03.13 15:37:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.13 14:49:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013.02.14 16:41:10 | 000,037,909 | ---- | M] () [2013.03.13 14:49:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manase\AppData\Roaming\mozilla\Extensions [2013.03.23 20:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manase\AppData\Roaming\mozilla\Firefox\Profiles\e6v3jmae.default-1363186961403\extensions [2013.03.23 20:24:02 | 000,021,605 | ---- | M] () (No name found) -- C:\Users\Manase\AppData\Roaming\mozilla\firefox\profiles\e6v3jmae.default-1363186961403\extensions\leethax@leethax.net.xpi [2013.03.13 14:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.10 16:59:02 | 000,006,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe File not found O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKCU..\Run: [iDevice Manager Launcher] C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Mit Mipony herunterladen - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found O8 - Extra context menu item: Mit Mipony herunterladen - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2ED457F3-C0D5-47FF-84D7-6EE0A66A9255}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{32d88768-8c7d-11e2-a3b5-001e336d6b35}\Shell - "" = AutoRun O33 - MountPoints2\{32d88768-8c7d-11e2-a3b5-001e336d6b35}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.24 13:14:57 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\Malwarebytes [2013.03.24 13:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.24 13:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.24 13:14:14 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.24 13:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.24 13:13:40 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Local\Programs [2013.03.23 20:22:11 | 000,000,000 | ---D | C] -- C:\Users\Manase\Qtrax [2013.03.23 20:22:08 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Local\Downloaded Installations [2013.03.23 20:21:52 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\Mipony [2013.03.23 20:21:00 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam [2013.03.23 20:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam [2013.03.23 20:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony [2013.03.23 20:20:40 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\DSite [2013.03.20 12:31:02 | 000,000,000 | ---D | C] -- C:\Users\Manase\Desktop\Von Sd Karte [2013.03.20 11:43:50 | 000,000,000 | ---D | C] -- C:\Users\Manase\Desktop\Neuer Ordner [2013.03.20 09:51:05 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Local\WBFSManager [2013.03.20 09:49:43 | 000,000,000 | ---D | C] -- C:\Users\Manase\Documents\WBFS Manager Covers [2013.03.20 09:49:43 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager [2013.03.20 09:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS [2013.03.19 20:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.03.19 20:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.19 20:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.19 12:33:05 | 000,000,000 | ---D | C] -- C:\Users\Manase\Desktop\227CDPFS [2013.03.19 12:23:57 | 000,000,000 | ---D | C] -- C:\Users\Manase\Desktop\Papu Beerdigung [2013.03.19 10:24:42 | 000,000,000 | ---D | C] -- C:\Users\Manase\Documents\UseNeXT [2013.03.19 10:24:41 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\UseNeXT [2013.03.19 10:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT [2013.03.19 10:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UseNeXT [2013.03.14 09:26:10 | 000,000,000 | ---D | C] -- C:\Users\Manase\Desktop\MSAMSUNG [2013.03.13 16:02:45 | 000,000,000 | ---D | C] -- C:\Users\Manase\Desktop\Alte Firefox-Daten [2013.03.13 15:38:29 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\AVG2012 [2013.03.13 15:38:08 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\TuneUp Software [2013.03.13 15:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.03.13 15:38:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG [2013.03.13 15:37:35 | 000,000,000 | -H-D | C] -- C:\$AVG [2013.03.13 15:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2013.03.13 15:37:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG [2013.03.13 15:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2013.03.13 15:33:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.03.13 15:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2013.03.13 14:49:16 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\Mozilla [2013.03.13 14:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.03.13 14:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.03.13 14:45:31 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\InstallShield [2013.03.13 13:51:45 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\vlc [2013.03.13 13:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.03.13 13:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.03.12 18:13:49 | 000,000,000 | ---D | C] -- C:\Users\Manase\Documents\iRinger Tones [2013.03.12 18:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\iRinger [2013.03.12 17:25:22 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\NCH Software [2013.03.12 17:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software [2013.03.12 17:25:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software [2013.03.12 17:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.12 17:20:46 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\OpenCandy [2013.03.12 17:20:46 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\DVDVideoSoft [2013.03.12 17:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.12 17:19:59 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\DesktopIconForAmazon [2013.03.12 17:19:58 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll [2013.03.12 15:59:51 | 000,000,000 | ---D | C] -- C:\Users\Manase\Desktop\Sprachmemos Iphone [2013.03.12 15:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.03.12 15:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.03.12 15:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.03.12 15:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.03.12 15:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.03.12 15:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.03.12 15:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.03.12 15:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.03.12 15:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.03.12 15:52:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.03.12 15:50:49 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\Software4u [2013.03.12 15:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager [2013.03.12 15:50:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Software4u [2013.03.12 00:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2013.03.11 23:16:28 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Local\Apple Computer [2013.03.11 23:16:27 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\Apple Computer [2013.03.11 23:16:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.03.11 23:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.03.11 23:15:13 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Local\Apple [2013.03.11 23:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.03.10 20:03:40 | 000,000,000 | ---D | C] -- C:\Users\Manase\Desktop\Zilo [2013.03.10 17:03:50 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Local\Facebook [2013.03.10 16:59:26 | 000,000,000 | ---D | C] -- C:\Users\Manase\Local Settings [2013.03.10 16:58:52 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\Babylon [2013.03.10 16:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.03.10 16:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverSleuth [2013.03.10 16:01:16 | 000,686,592 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\SysNative\drivers\PFC027.SYS [2013.03.10 16:01:16 | 000,008,704 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\SysNative\CoInst_080213.dll [2013.03.10 16:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trust [2013.03.10 16:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trust [2013.03.10 16:01:15 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\Windows\SysWow64\SP207.ax [2013.03.10 16:01:14 | 000,014,336 | ---- | C] (PixArt Imaging Inc.) -- C:\Windows\SysWow64\P207USD.dll [2013.03.10 16:01:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.03.10 16:01:14 | 000,000,000 | ---D | C] -- C:\Windows\PixArt [2013.03.10 15:52:25 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\Easeware [2013.03.10 15:47:05 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Local\ElevatedDiagnostics [2013.03.10 14:01:43 | 000,000,000 | ---D | C] -- C:\Users\Manase\Desktop\Evangeliastion [2013.03.10 13:19:07 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Local\Nero_AG [2013.03.10 12:28:01 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Local\Nero [2013.03.10 12:15:54 | 000,000,000 | ---D | C] -- C:\Users\Manase\Documents\NeroVision [2013.03.10 12:15:49 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\Nero [2013.03.10 12:13:45 | 000,000,000 | ---D | C] -- C:\Users\Manase\Desktop\Nero [2013.03.10 12:04:53 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\Macromedia [2013.03.10 12:04:53 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Local\Macromedia [2013.03.10 12:04:53 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\Adobe [2013.03.10 12:04:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.03.10 12:04:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.03.10 12:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.03.10 12:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2013.03.10 11:59:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2013.03.10 11:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2013.03.10 11:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2013.03.10 11:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.03.10 11:45:25 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.03.10 11:37:25 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Local\Mozilla [2013.03.10 11:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.10 11:33:01 | 000,000,000 | R--D | C] -- C:\Users\Manase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.10 11:33:01 | 000,000,000 | R--D | C] -- C:\Users\Manase\Searches [2013.03.10 11:33:01 | 000,000,000 | R--D | C] -- C:\Users\Manase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.03.10 11:32:52 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\Identities [2013.03.10 11:32:49 | 000,000,000 | R--D | C] -- C:\Users\Manase\Contacts [2013.03.10 11:32:45 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Local\VirtualStore [2013.03.10 11:32:22 | 000,000,000 | -HSD | C] -- C:\Users\Manase\Vorlagen [2013.03.10 11:32:22 | 000,000,000 | -HSD | C] -- C:\Users\Manase\AppData\Local\Verlauf [2013.03.10 11:32:22 | 000,000,000 | -HSD | C] -- C:\Users\Manase\AppData\Local\Temporary Internet Files [2013.03.10 11:32:22 | 000,000,000 | -HSD | C] -- C:\Users\Manase\Startmenü [2013.03.10 11:32:22 | 000,000,000 | -HSD | C] -- C:\Users\Manase\SendTo [2013.03.10 11:32:22 | 000,000,000 | -HSD | C] -- C:\Users\Manase\Recent [2013.03.10 11:32:22 | 000,000,000 | -HSD | C] -- C:\Users\Manase\Netzwerkumgebung [2013.03.10 11:32:22 | 000,000,000 | -HSD | C] -- C:\Users\Manase\Lokale Einstellungen [2013.03.10 11:32:22 | 000,000,000 | -HSD | C] -- C:\Users\Manase\Documents\Eigene Videos [2013.03.10 11:32:22 | 000,000,000 | -HSD | C] -- C:\Users\Manase\Documents\Eigene Musik [2013.03.10 11:32:22 | 000,000,000 | -HSD | C] -- C:\Users\Manase\Eigene Dateien [2013.03.10 11:32:22 | 000,000,000 | -HSD | C] -- C:\Users\Manase\Documents\Eigene Bilder [2013.03.10 11:32:22 | 000,000,000 | -HSD | C] -- C:\Users\Manase\Druckumgebung [2013.03.10 11:32:22 | 000,000,000 | -HSD | C] -- C:\Users\Manase\Cookies [2013.03.10 11:32:22 | 000,000,000 | -HSD | C] -- C:\Users\Manase\AppData\Local\Anwendungsdaten [2013.03.10 11:32:22 | 000,000,000 | -HSD | C] -- C:\Users\Manase\Anwendungsdaten [2013.03.10 11:32:21 | 000,000,000 | --SD | C] -- C:\Users\Manase\AppData\Roaming\Microsoft [2013.03.10 11:32:21 | 000,000,000 | R--D | C] -- C:\Users\Manase\Videos [2013.03.10 11:32:21 | 000,000,000 | R--D | C] -- C:\Users\Manase\Saved Games [2013.03.10 11:32:21 | 000,000,000 | R--D | C] -- C:\Users\Manase\Pictures [2013.03.10 11:32:21 | 000,000,000 | R--D | C] -- C:\Users\Manase\Music [2013.03.10 11:32:21 | 000,000,000 | R--D | C] -- C:\Users\Manase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.03.10 11:32:21 | 000,000,000 | R--D | C] -- C:\Users\Manase\Links [2013.03.10 11:32:21 | 000,000,000 | R--D | C] -- C:\Users\Manase\Favorites [2013.03.10 11:32:21 | 000,000,000 | R--D | C] -- C:\Users\Manase\Downloads [2013.03.10 11:32:21 | 000,000,000 | R--D | C] -- C:\Users\Manase\Documents [2013.03.10 11:32:21 | 000,000,000 | R--D | C] -- C:\Users\Manase\Desktop [2013.03.10 11:32:21 | 000,000,000 | R--D | C] -- C:\Users\Manase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.03.10 11:32:21 | 000,000,000 | -H-D | C] -- C:\Users\Manase\AppData [2013.03.10 11:32:21 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Local\Temp [2013.03.10 11:32:21 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Local\Microsoft [2013.03.10 11:32:21 | 000,000,000 | ---D | C] -- C:\Users\Manase\AppData\Roaming\Media Center Programs [2013.03.10 11:31:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.03.10 11:31:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.03.10 11:31:58 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.03.10 11:31:58 | 000,000,000 | -HSD | C] -- C:\Programme [2013.03.10 11:31:58 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.03.10 11:31:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.03.10 11:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.03.10 11:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.03.10 11:31:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.03.10 11:31:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.03.10 11:31:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.03.10 11:31:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.03.10 11:24:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.03.10 11:21:28 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.03.10 11:20:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.03.10 11:20:09 | 000,000,000 | ---D | C] -- C:\Windows\Panther ========== Files - Modified Within 30 Days ========== [2013.03.24 14:02:06 | 000,000,000 | ---- | M] () -- C:\Users\Manase\defogger_reenable [2013.03.24 13:26:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.24 13:14:28 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.24 12:00:10 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 12:00:10 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 11:59:40 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.24 11:59:40 | 000,696,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.24 11:59:40 | 000,651,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.24 11:59:40 | 000,147,634 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.24 11:59:40 | 000,120,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.24 11:52:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.24 11:52:05 | 3117,420,544 | -HS- | M] () -- C:\hiberfil.sys [2013.03.24 10:05:37 | 114,334,608 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2013.03.23 20:21:03 | 000,000,000 | ---- | M] () -- C:\END [2013.03.20 22:36:12 | 006,892,062 | ---- | M] () -- C:\Users\Manase\Desktop\i will folow-region-000.wav [2013.03.20 22:11:15 | 001,322,928 | ---- | M] () -- C:\Users\Manase\Desktop\ich.m4a [2013.03.20 21:57:37 | 000,896,902 | ---- | M] () -- C:\Users\Manase\Desktop\üben (2).m4a [2013.03.20 21:51:53 | 013,337,416 | ---- | M] () -- C:\Users\Manase\Desktop\Lito.m4a [2013.03.20 21:49:42 | 000,743,206 | ---- | M] () -- C:\Users\Manase\Desktop\üben.m4a [2013.03.20 21:47:21 | 001,377,394 | ---- | M] () -- C:\Users\Manase\Desktop\20130317 224114.m4a [2013.03.20 21:47:21 | 000,896,146 | ---- | M] () -- C:\Users\Manase\Desktop\20130318 165238.m4a [2013.03.20 21:47:21 | 000,172,588 | ---- | M] () -- C:\Users\Manase\Desktop\20130319 112953.m4a [2013.03.20 21:47:21 | 000,103,667 | ---- | M] () -- C:\Users\Manase\Desktop\20130319 112853.m4a [2013.03.20 21:47:21 | 000,031,607 | ---- | M] () -- C:\Users\Manase\Desktop\20130319 112930.m4a [2013.03.20 21:47:20 | 004,197,987 | ---- | M] () -- C:\Users\Manase\Desktop\20130317 222926.m4a [2013.03.20 09:49:43 | 000,003,045 | ---- | M] () -- C:\Users\Manase\Desktop\WBFS Manager 4.0.lnk [2013.03.19 10:24:35 | 000,001,857 | ---- | M] () -- C:\Users\Manase\Desktop\UseNeXT by Tangysoft.lnk [2013.03.13 15:38:08 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2013.03.13 15:38:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2013.03.13 15:38:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm [2013.03.13 15:38:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2013.03.13 14:49:09 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.13 13:49:48 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.12 17:25:07 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\WavePad Sound Editor.lnk [2013.03.12 17:19:57 | 000,118,272 | ---- | M] () -- C:\Windows\SysNative\tapi3264.exe [2013.03.12 15:54:05 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.03.12 15:50:40 | 000,002,234 | ---- | M] () -- C:\Users\Manase\Desktop\iDevice Manager.lnk [2013.03.12 15:50:36 | 001,589,182 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.11 23:21:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.03.10 16:30:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.03.10 11:33:07 | 000,000,477 | ---- | M] () -- C:\Users\Manase\Desktop\Desktop.lnk [2013.03.10 11:26:25 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.10 11:24:55 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.03.10 11:24:55 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf ========== Files Created - No Company Name ========== [2013.03.24 14:02:06 | 000,000,000 | ---- | C] () -- C:\Users\Manase\defogger_reenable [2013.03.24 13:14:28 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.24 10:05:37 | 114,334,608 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2013.03.23 20:21:01 | 000,000,000 | ---- | C] () -- C:\END [2013.03.20 23:06:03 | 003,689,595 | ---- | C] () -- C:\Users\Manase\Desktop\zando1.wma [2013.03.20 22:36:09 | 006,892,062 | ---- | C] () -- C:\Users\Manase\Desktop\i will folow-region-000.wav [2013.03.20 22:11:14 | 001,322,928 | ---- | C] () -- C:\Users\Manase\Desktop\ich.m4a [2013.03.20 21:57:37 | 000,896,902 | ---- | C] () -- C:\Users\Manase\Desktop\üben (2).m4a [2013.03.20 21:51:51 | 013,337,416 | ---- | C] () -- C:\Users\Manase\Desktop\Lito.m4a [2013.03.20 21:49:42 | 000,743,206 | ---- | C] () -- C:\Users\Manase\Desktop\üben.m4a [2013.03.20 21:47:21 | 001,377,394 | ---- | C] () -- C:\Users\Manase\Desktop\20130317 224114.m4a [2013.03.20 21:47:21 | 000,896,146 | ---- | C] () -- C:\Users\Manase\Desktop\20130318 165238.m4a [2013.03.20 21:47:21 | 000,172,588 | ---- | C] () -- C:\Users\Manase\Desktop\20130319 112953.m4a [2013.03.20 21:47:21 | 000,103,667 | ---- | C] () -- C:\Users\Manase\Desktop\20130319 112853.m4a [2013.03.20 21:47:21 | 000,031,607 | ---- | C] () -- C:\Users\Manase\Desktop\20130319 112930.m4a [2013.03.20 21:47:20 | 004,197,987 | ---- | C] () -- C:\Users\Manase\Desktop\20130317 222926.m4a [2013.03.20 09:49:43 | 000,003,045 | ---- | C] () -- C:\Users\Manase\Desktop\WBFS Manager 4.0.lnk [2013.03.19 10:24:35 | 000,001,857 | ---- | C] () -- C:\Users\Manase\Desktop\UseNeXT by Tangysoft.lnk [2013.03.13 15:38:08 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2013.03.13 15:38:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2013.03.13 15:38:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm [2013.03.13 15:38:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2013.03.13 14:49:09 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.13 14:49:09 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.13 13:49:48 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.12 18:04:47 | 004,093,107 | ---- | C] () -- C:\Users\Manase\Desktop\Something To Sing About (Cry Holy) Written by Brent Jones (2001) - YouTube.mp3 [2013.03.12 17:25:07 | 000,001,130 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk [2013.03.12 17:25:07 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\WavePad Sound Editor.lnk [2013.03.12 17:19:58 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013.03.12 17:19:57 | 000,118,272 | ---- | C] () -- C:\Windows\SysNative\tapi3264.exe [2013.03.12 15:54:05 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.03.12 15:53:13 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.03.12 15:50:40 | 000,002,234 | ---- | C] () -- C:\Users\Manase\Desktop\iDevice Manager.lnk [2013.03.12 15:49:14 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.11 23:21:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.03.10 16:30:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.03.10 16:07:44 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysNative\csnpstd3.dll [2013.03.10 16:01:15 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP207.ini [2013.03.10 12:05:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.10 11:33:08 | 000,001,405 | ---- | C] () -- C:\Users\Manase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.03.10 11:33:03 | 000,001,439 | ---- | C] () -- C:\Users\Manase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.03.10 11:33:01 | 000,000,477 | ---- | C] () -- C:\Users\Manase\Desktop\Desktop.lnk [2013.03.10 11:24:40 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.03.10 11:24:39 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.03.10 11:20:58 | 3117,420,544 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010.11.21 04:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.11.21 04:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.13 15:38:29 | 000,000,000 | ---D | M] -- C:\Users\Manase\AppData\Roaming\AVG2012 [2013.03.10 16:58:52 | 000,000,000 | ---D | M] -- C:\Users\Manase\AppData\Roaming\Babylon [2013.03.12 20:47:04 | 000,000,000 | ---D | M] -- C:\Users\Manase\AppData\Roaming\DesktopIconForAmazon [2013.03.23 20:20:40 | 000,000,000 | ---D | M] -- C:\Users\Manase\AppData\Roaming\DSite [2013.03.12 17:21:14 | 000,000,000 | ---D | M] -- C:\Users\Manase\AppData\Roaming\DVDVideoSoft [2013.03.10 15:52:25 | 000,000,000 | ---D | M] -- C:\Users\Manase\AppData\Roaming\Easeware [2013.03.23 20:22:05 | 000,000,000 | ---D | M] -- C:\Users\Manase\AppData\Roaming\Mipony [2013.03.12 17:20:46 | 000,000,000 | ---D | M] -- C:\Users\Manase\AppData\Roaming\OpenCandy [2013.03.12 15:50:49 | 000,000,000 | ---D | M] -- C:\Users\Manase\AppData\Roaming\Software4u [2013.03.13 15:38:08 | 000,000,000 | ---D | M] -- C:\Users\Manase\AppData\Roaming\TuneUp Software [2013.03.24 14:03:22 | 000,000,000 | ---D | M] -- C:\Users\Manase\AppData\Roaming\UseNeXT ========== Purity Check ========== < End of report > ] [OTL Extras logfile created on: 24.03.2013 14:05:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Manase\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,94 Gb Available Physical Memory | 75,85% Memory free 7,74 Gb Paging File | 6,61 Gb Available in Paging File | 85,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 35,07 Gb Free Space | 31,39% Space Free | Partition Type: NTFS Computer Name: MANASE-PC | User Name: Manase | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0ABDE477-BEC3-47AE-A35D-13D788C9F837}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0FF17B47-ADC9-4639-ABD4-C189DFA1C9D8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{16622FFF-B865-42AD-95FD-29F50CB07F09}" = rport=137 | protocol=17 | dir=out | app=system | "{1F7EC315-E60E-4D88-9ADF-2392B31101C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{32C55C14-C39D-44A2-AB65-8D781740DFC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3752BB05-4E45-4BA4-BA8D-C06C959CD537}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{48B9440D-664B-46BD-AD94-E7A030A352D5}" = rport=139 | protocol=6 | dir=out | app=system | "{496308E1-18B7-4295-8BBD-3FFE6BCCBEDE}" = rport=138 | protocol=17 | dir=out | app=system | "{5380819F-9847-43C4-95C4-5DE7CE680D05}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6AC0EFA2-B274-4FC2-923C-2C6694D33408}" = rport=10243 | protocol=6 | dir=out | app=system | "{73C1C7AA-5AE6-4D22-89B3-AD7912A4F2AE}" = lport=10243 | protocol=6 | dir=in | app=system | "{93A29F33-6D9F-4B9A-8205-1D2B6E48E697}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{967DFAA9-2702-4685-8CED-CAEFD8437A73}" = rport=445 | protocol=6 | dir=out | app=system | "{AC3883CC-BEC8-419A-A667-744EE9A9EF49}" = lport=445 | protocol=6 | dir=in | app=system | "{C30EEF68-8265-40D0-BE0E-DE33A64FED5D}" = lport=138 | protocol=17 | dir=in | app=system | "{C9E614A1-0186-4921-9B82-A42E478B0A54}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CE050B24-20E3-4A3D-8D9C-D4D9F9D7A1C2}" = lport=2869 | protocol=6 | dir=in | app=system | "{DE778BF1-75D4-427D-B367-7D037BE9D327}" = lport=137 | protocol=17 | dir=in | app=system | "{E0A78FDD-50C6-4CE6-AB21-E812623BF8F4}" = lport=139 | protocol=6 | dir=in | app=system | "{E361B427-7BE0-4AC4-88DA-679850E06796}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E8C316DF-F0F6-4ABD-8636-6870CCFAA964}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06197C18-2D88-4227-96C4-36CE1E6301D2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{0A69A35B-961E-436D-99B1-D12F70AAA9BF}" = protocol=17 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe | "{0BDA4C2D-D7B7-46A3-9EBC-15B692BE9863}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{0CB23115-E9BB-4020-A4E2-308DB51178DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0E98DE50-4BC7-4D13-BD44-B6C4E2CD3C57}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{10AFAD0E-C02A-43E4-B492-7309143A516A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{152E36EC-634A-443D-929A-0780256446F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{17B32FF9-4DC1-422E-BDBF-764D561A887C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{1EA77B77-9829-40D3-A04F-B603AD083867}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1F10FE8C-BF17-460C-BFAC-3E70B488EF43}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{23D5D697-BA44-4351-8A74-6A7BA49A2C51}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{34FC8360-F7CC-455F-A56C-F917E9828738}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{366F9E53-DC4B-44A2-9E8D-C346F81EA9E0}" = protocol=6 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe | "{44DD8E67-12D6-4CEE-A626-DA3CE1B0EBC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4F5BF3D4-761F-4EFC-A5DD-4857A42B63B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{636392DD-7785-4974-A468-CB4098CCD7F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{64CE222B-94D4-4BE7-A7E0-ABB05976E040}" = protocol=6 | dir=out | app=system | "{6646E639-DE28-43A0-B1F6-AE0ABDCD06F3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{66BE664E-78AA-41E7-8C30-CB4345084A53}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6B77D18F-5484-4968-8241-A5FFA390B294}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{756BA198-3677-4165-81CF-754B8CA96DD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7E0A864B-1351-45E2-B306-8BD8B5C00AE8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{898543B8-FF07-4FEE-A5F3-B1D58B4983DC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{89F614EB-C9C4-4DCA-ACB4-DD8DAC1590F5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A122E1BE-62E9-4AAC-9ADB-968ECBB70822}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AF9D49D6-4387-452A-BD03-A32946EA848B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B4B4D4A2-1C0F-4EDE-95D6-067B6CCDE14E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C69DAA34-9527-4CDA-8BAE-69FC663ECE15}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CB64546E-75EB-484A-9BA9-E379A64DAC48}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{DD8482ED-C9D2-4C49-9EC9-EBA4DC932C68}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E00320E7-685A-4D2A-816C-4F07F6B0723E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E397D3AB-E907-42B5-AA24-910B60D4CFC3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{E6CF77B8-87A3-42D1-A6E2-5FA0384C360F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EFC1FA9A-8124-469E-8369-B9D7276F2FBF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{EFF7E068-A2FC-4443-8098-35D88E3C9546}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{31CE1406-5C12-44C5-B6C5-0F55F2039DE3}" = AVG 2012 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EBE1375-11F7-482D-936C-4C575F3D9BCB}" = AVG 2012 "{D34C07CA-DCF0-4A5C-A4DD-55522B17F4F2}" = WBFS Manager 4.0 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2012 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "VLC media player" = VLC media player 2.0.5 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft "Wajam" = Wajam "WavePad" = WavePad Sound Editor ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 22.03.2013 18:38:46 | Computer Name = Manase-PC | Source = WinMgmt | ID = 10 Description = Error - 23.03.2013 10:10:57 | Computer Name = Manase-PC | Source = WinMgmt | ID = 10 Description = Error - 23.03.2013 12:08:14 | Computer Name = Manase-PC | Source = WinMgmt | ID = 10 Description = Error - 23.03.2013 13:42:23 | Computer Name = Manase-PC | Source = WinMgmt | ID = 10 Description = Error - 23.03.2013 15:08:24 | Computer Name = Manase-PC | Source = WinMgmt | ID = 10 Description = Error - 23.03.2013 18:07:13 | Computer Name = Manase-PC | Source = WinMgmt | ID = 10 Description = Error - 24.03.2013 04:33:16 | Computer Name = Manase-PC | Source = WinMgmt | ID = 10 Description = Error - 24.03.2013 06:01:15 | Computer Name = Manase-PC | Source = WinMgmt | ID = 10 Description = Error - 24.03.2013 06:12:56 | Computer Name = Manase-PC | Source = WinMgmt | ID = 10 Description = Error - 24.03.2013 06:53:29 | Computer Name = Manase-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 20.03.2013 04:47:09 | Computer Name = Manase-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 20.03.2013 04:47:10 | Computer Name = Manase-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 20.03.2013 04:47:10 | Computer Name = Manase-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 20.03.2013 04:47:11 | Computer Name = Manase-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 20.03.2013 04:51:00 | Computer Name = Manase-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 20.03.2013 16:48:08 | Computer Name = Manase-PC | Source = DCOM | ID = 10010 Description = Error - 20.03.2013 17:49:41 | Computer Name = Manase-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 20.03.2013 18:39:04 | Computer Name = Manase-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden. Error - 22.03.2013 18:37:25 | Computer Name = Manase-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?22.?03.?2013 um 23:35:17 unerwartet heruntergefahren. Error - 24.03.2013 06:52:12 | Computer Name = Manase-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?24.?03.?2013 um 11:50:24 unerwartet heruntergefahren. < End of report >] [GMER 2.1.19155 - hxxp://www.gmer.net Rootkit scan 2013-03-24 14:27:51 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1200BEVS-26UST0 rev.01.01A01 111,79GB Running: gmer_2.1.19155.exe; Driver: C:\Users\Manase\AppData\Local\Temp\kwdiypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075031465 2 bytes [03, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750314bb 2 bytes [03, 75] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007714f9a1 8 bytes {MOV EDX, 0x903e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 000000007714f9ab 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007714fa1d 8 bytes {MOV EDX, 0x901a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 000000007714fa27 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007714fb35 8 bytes {MOV EDX, 0x90168; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 000000007714fb3f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007714fbe5 8 bytes {MOV EDX, 0x90428; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 000000007714fbef 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007714fc15 8 bytes {MOV EDX, 0x90368; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 000000007714fc1f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007714fc2d 8 bytes {MOV EDX, 0x90128; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 000000007714fc37 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007714fc45 8 bytes {MOV EDX, 0x904e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 000000007714fc4f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007714fc75 8 bytes {MOV EDX, 0x90528; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 000000007714fc7f 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007714fcf5 8 bytes {MOV EDX, 0x904a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 000000007714fcff 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007714fd0d 8 bytes {MOV EDX, 0x90468; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 000000007714fd17 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007714fd59 8 bytes {MOV EDX, 0x90068; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 000000007714fd63 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 000000007714fdbd 8 bytes {MOV EDX, 0x902e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 000000007714fdc7 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007714fe51 8 bytes {MOV EDX, 0x900a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 000000007714fe5b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 000000007714ff99 8 bytes {MOV EDX, 0x902a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 000000007714ffa3 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771500a9 8 bytes {MOV EDX, 0x90028; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 00000000771500b3 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077150791 8 bytes {MOV EDX, 0x90268; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 000000007715079b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 000000007715100d 8 bytes {MOV EDX, 0x901e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077151017 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 000000007715106d 8 bytes {MOV EDX, 0x90228; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077151077 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771510b5 8 bytes {MOV EDX, 0x903a8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 00000000771510bf 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007715112d 8 bytes {MOV EDX, 0x90328; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077151137 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077151331 8 bytes {MOV EDX, 0x900e8; JMP RDX} .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 000000007715133b 1 byte [90] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007508103d 5 bytes JMP 0000000100010030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075081072 5 bytes JMP 0000000100010070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 0000000075190518 5 bytes JMP 0000000100020030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 0000000075190548 5 bytes JMP 0000000100020070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 00000000751e4de0 5 bytes JMP 00000001000b03b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SelectObject 00000000751e4f70 5 bytes JMP 00000001000b05f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000751e51a2 5 bytes JMP 00000001000b08f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SetTextColor 00000000751e522d 5 bytes JMP 00000001000b0a30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!DeleteObject 00000000751e5689 5 bytes JMP 00000001000b01b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000751e58b3 5 bytes JMP 00000001000b0170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 00000000751e6bad 5 bytes JMP 00000001000b0370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SaveDC 00000000751e6e05 5 bytes JMP 00000001000b0570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!RestoreDC 00000000751e6ead 5 bytes JMP 00000001000b0530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 00000000751e7180 5 bytes JMP 00000001000b06b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!StretchDIBits 00000000751e7435 5 bytes JMP 00000001000b0770 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000751e7bcc 5 bytes JMP 00000001000b00b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 00000000751e7dc4 5 bytes JMP 00000001000b03f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetTextAlign 00000000751e7fd5 5 bytes JMP 00000001000b0d70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000751e82b2 5 bytes JMP 00000001000b0e30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SetTextAlign 00000000751e8401 5 bytes JMP 00000001000b09f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 00000000751e879f 5 bytes JMP 00000001000b02f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 00000000751e8916 5 bytes JMP 00000001000b05b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 00000000751e8b7a 5 bytes JMP 00000001000b0970 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!MoveToEx 00000000751e8ee6 5 bytes JMP 00000001000b0470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetFontData 00000000751e9875 5 bytes JMP 00000001000b0c70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 00000000751e9936 5 bytes JMP 00000001000b0d30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!Rectangle 00000000751ea53a 5 bytes JMP 00000001000b09b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetClipBox 00000000751eaf9f 5 bytes JMP 00000001000b0330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!LineTo 00000000751eb9e5 5 bytes JMP 00000001000b0430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SetICMMode 00000000751ebd55 5 bytes JMP 00000001000b0db0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!CreateICW 00000000751ec040 5 bytes JMP 00000001000b0130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 00000000751ec107 5 bytes JMP 00000001000b0670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 00000000751ec269 5 bytes JMP 00000001000b06f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 00000000751ed1f1 5 bytes JMP 00000001000b0df0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 00000000751ed349 5 bytes JMP 00000001000b0630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 00000000751edce4 5 bytes JMP 00000001000b0930 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000751ee743 5 bytes JMP 00000001000b00f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000751f03b7 5 bytes JMP 00000001000b02b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!Escape 00000000751f1bda 5 bytes JMP 00000001000b0270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 00000000751f1e89 5 bytes JMP 00000001000b0cf0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 00000000751f4843 5 bytes JMP 00000001000b0b30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000751f5690 5 bytes JMP 00000001000b0b70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!EndPage 00000000751f6bde 5 bytes JMP 00000001000b0230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000751fe2db 5 bytes JMP 00000001000b0ab0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 000000007520940d 5 bytes JMP 00000001000b0cb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 000000007520c621 5 bytes JMP 00000001000b0bb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 000000007520d2b2 5 bytes JMP 00000001000b0bf0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 000000007520d919 5 bytes JMP 00000001000b0c30 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000075213adc 5 bytes JMP 00000001000b0030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000075213f29 5 bytes JMP 00000001000b01f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!StartPage 000000007521401a 5 bytes JMP 00000001000b0730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000075214c51 5 bytes JMP 00000001000b07f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000752153fd 5 bytes JMP 00000001000b0830 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000075215454 5 bytes JMP 00000001000b0af0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000752154af 5 bytes JMP 00000001000b0070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!EndPath 0000000075215506 5 bytes JMP 00000001000b0a70 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!StrokePath 000000007521573f 5 bytes JMP 00000001000b07b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!FillPath 00000000752157d2 5 bytes JMP 00000001000b0870 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000075215c44 5 bytes JMP 00000001000b04f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000075215cd5 5 bytes JMP 00000001000b04b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000075215d87 5 bytes JMP 00000001000b08b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!MapWindowPoints 0000000074e68c40 5 bytes JMP 0000000100100570 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000074e69ebd 5 bytes JMP 00000001001002b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000074e70afa 5 bytes JMP 00000001001002f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetClientRect 0000000074e70c62 7 bytes JMP 00000001001005b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetParent 0000000074e70f68 7 bytes JMP 00000001001006f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000074e7112d 7 bytes JMP 00000001001006b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074e712a5 5 bytes JMP 00000001001005f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!ScreenToClient 0000000074e7227d 7 bytes JMP 0000000100100670 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 0000000074e73150 7 bytes JMP 0000000100100630 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!SetCursor 0000000074e741f6 5 bytes JMP 0000000100100530 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 0000000074e768ef 5 bytes JMP 0000000100100270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 0000000074e777fa 5 bytes JMP 0000000100100230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000074e77887 7 bytes JMP 0000000100100730 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 0000000074e78676 5 bytes JMP 00000001001000f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 0000000074e78696 5 bytes JMP 0000000100100330 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!CloseClipboard 0000000074e78e8d 5 bytes JMP 00000001001000b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000074e78ecb 5 bytes JMP 0000000100100070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 0000000074e7c17b 5 bytes JMP 0000000100100430 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 0000000074e7c449 5 bytes JMP 00000001001001b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 0000000074e7c468 5 bytes JMP 00000001001003f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 0000000074e7c486 5 bytes JMP 00000001001001f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074e7c4b6 5 bytes JMP 00000001001004b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 0000000074e7d6c0 5 bytes JMP 00000001001004f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 0000000074e7e360 5 bytes JMP 0000000100100370 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000074ea8e57 5 bytes JMP 0000000100100170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000074ea9cfd 5 bytes JMP 0000000100100770 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074ea9f1d 5 bytes JMP 0000000100100030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000074ec7cb9 5 bytes JMP 0000000100100130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000074ec8111 5 bytes JMP 0000000100100470 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 0000000074ec832f 5 bytes JMP 00000001001003b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 0000000074ca9606 5 bytes JMP 00000001001100f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 0000000074cb0581 5 bytes JMP 0000000100110130 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000074cb0bb9 5 bytes JMP 0000000100110270 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000074cb0c2e 5 bytes JMP 00000001001101b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000074cb0f2e 5 bytes JMP 0000000100110070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000074cb1096 5 bytes JMP 00000001001100b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 0000000074cb124e 5 bytes JMP 00000001001101f0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 0000000074cb129d 5 bytes JMP 0000000100110230 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000074cb1527 5 bytes JMP 0000000100110030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 0000000074cb1590 5 bytes JMP 0000000100110170 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\ole32.dll!OleSetClipboard 00000000764a0045 5 bytes JMP 00000001001a0030 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000764a36b2 5 bytes JMP 00000001001a0070 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\ole32.dll!OleGetClipboard 00000000764cfdcd 5 bytes JMP 00000001001a00b0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075031465 2 bytes [03, 75] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750314bb 2 bytes [03, 75] .text ... * 2 ---- EOF - GMER 2.1 ---- ] [ Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.24.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Manase :: MANASE-PC [Administrator] Schutz: Aktiviert 24.03.2013 13:21:17 MBAM-log-2013-03-24 (13-59-18).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205703 Laufzeit: 25 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Manase\AppData\Local\Temp\pricepeep_130001_1001.exe (Adware.Shopper) -> Keine Aktion durchgeführt. (Ende) ] |
|
25.03.2013, 15:43
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Nach Installiernen von Leedhax(Cheat für Facebookspiele) lahmt der Pc und Firefox stürzt öfters ab Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
27.03.2013, 01:19
| #3 |
| | Nach Installiernen von Leedhax(Cheat für Facebookspiele) lahmt der Pc und Firefox stürzt öfters ab Hallo ja ich kenne mich leider damit nicht aus habe es aber versucht.Also zum Thema ist dieser Test noch hinzuzufügen,da ich diesen auch vorher gemacht habe zusammen mit den anderen.
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.24.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Manase :: MANASE-PC [Administrator] Schutz: Aktiviert 24.03.2013 13:21:17 MBAM-log-2013-03-24 (13-59-18).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205703 Laufzeit: 25 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Manase\AppData\Local\Temp\pricepeep_130001_1001.exe (Adware.Shopper) -> Keine Aktion durchgeführt. (Ende) [CODE] GMER Logfile: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-24 14:27:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1200BEVS-26UST0 rev.01.01A01 111,79GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Manase\AppData\Local\Temp\kwdiypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075031465 2 bytes [03, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750314bb 2 bytes [03, 75]
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007714f9a1 8 bytes {MOV EDX, 0x903e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 000000007714f9ab 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007714fa1d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 000000007714fa27 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007714fb35 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 000000007714fb3f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007714fbe5 8 bytes {MOV EDX, 0x90428; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 000000007714fbef 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007714fc15 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 000000007714fc1f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007714fc2d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 000000007714fc37 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007714fc45 8 bytes {MOV EDX, 0x904e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 000000007714fc4f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007714fc75 8 bytes {MOV EDX, 0x90528; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 000000007714fc7f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007714fcf5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 000000007714fcff 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007714fd0d 8 bytes {MOV EDX, 0x90468; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 000000007714fd17 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007714fd59 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 000000007714fd63 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 000000007714fdbd 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 000000007714fdc7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007714fe51 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 000000007714fe5b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 000000007714ff99 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 000000007714ffa3 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000771500a9 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 00000000771500b3 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077150791 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 000000007715079b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 000000007715100d 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077151017 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 000000007715106d 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077151077 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000771510b5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 00000000771510bf 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007715112d 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077151137 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077151331 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 000000007715133b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007508103d 5 bytes JMP 0000000100010030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075081072 5 bytes JMP 0000000100010070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 0000000075190518 5 bytes JMP 0000000100020030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 0000000075190548 5 bytes JMP 0000000100020070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 00000000751e4de0 5 bytes JMP 00000001000b03b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SelectObject 00000000751e4f70 5 bytes JMP 00000001000b05f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000751e51a2 5 bytes JMP 00000001000b08f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SetTextColor 00000000751e522d 5 bytes JMP 00000001000b0a30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!DeleteObject 00000000751e5689 5 bytes JMP 00000001000b01b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000751e58b3 5 bytes JMP 00000001000b0170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 00000000751e6bad 5 bytes JMP 00000001000b0370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SaveDC 00000000751e6e05 5 bytes JMP 00000001000b0570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!RestoreDC 00000000751e6ead 5 bytes JMP 00000001000b0530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 00000000751e7180 5 bytes JMP 00000001000b06b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!StretchDIBits 00000000751e7435 5 bytes JMP 00000001000b0770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000751e7bcc 5 bytes JMP 00000001000b00b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 00000000751e7dc4 5 bytes JMP 00000001000b03f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetTextAlign 00000000751e7fd5 5 bytes JMP 00000001000b0d70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000751e82b2 5 bytes JMP 00000001000b0e30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SetTextAlign 00000000751e8401 5 bytes JMP 00000001000b09f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 00000000751e879f 5 bytes JMP 00000001000b02f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 00000000751e8916 5 bytes JMP 00000001000b05b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 00000000751e8b7a 5 bytes JMP 00000001000b0970
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!MoveToEx 00000000751e8ee6 5 bytes JMP 00000001000b0470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetFontData 00000000751e9875 5 bytes JMP 00000001000b0c70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 00000000751e9936 5 bytes JMP 00000001000b0d30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!Rectangle 00000000751ea53a 5 bytes JMP 00000001000b09b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetClipBox 00000000751eaf9f 5 bytes JMP 00000001000b0330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!LineTo 00000000751eb9e5 5 bytes JMP 00000001000b0430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SetICMMode 00000000751ebd55 5 bytes JMP 00000001000b0db0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!CreateICW 00000000751ec040 5 bytes JMP 00000001000b0130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 00000000751ec107 5 bytes JMP 00000001000b0670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 00000000751ec269 5 bytes JMP 00000001000b06f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 00000000751ed1f1 5 bytes JMP 00000001000b0df0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 00000000751ed349 5 bytes JMP 00000001000b0630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 00000000751edce4 5 bytes JMP 00000001000b0930
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000751ee743 5 bytes JMP 00000001000b00f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000751f03b7 5 bytes JMP 00000001000b02b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!Escape 00000000751f1bda 5 bytes JMP 00000001000b0270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 00000000751f1e89 5 bytes JMP 00000001000b0cf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 00000000751f4843 5 bytes JMP 00000001000b0b30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000751f5690 5 bytes JMP 00000001000b0b70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!EndPage 00000000751f6bde 5 bytes JMP 00000001000b0230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000751fe2db 5 bytes JMP 00000001000b0ab0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 000000007520940d 5 bytes JMP 00000001000b0cb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 000000007520c621 5 bytes JMP 00000001000b0bb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 000000007520d2b2 5 bytes JMP 00000001000b0bf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 000000007520d919 5 bytes JMP 00000001000b0c30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000075213adc 5 bytes JMP 00000001000b0030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000075213f29 5 bytes JMP 00000001000b01f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!StartPage 000000007521401a 5 bytes JMP 00000001000b0730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000075214c51 5 bytes JMP 00000001000b07f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000752153fd 5 bytes JMP 00000001000b0830
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000075215454 5 bytes JMP 00000001000b0af0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000752154af 5 bytes JMP 00000001000b0070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!EndPath 0000000075215506 5 bytes JMP 00000001000b0a70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!StrokePath 000000007521573f 5 bytes JMP 00000001000b07b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!FillPath 00000000752157d2 5 bytes JMP 00000001000b0870
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000075215c44 5 bytes JMP 00000001000b04f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000075215cd5 5 bytes JMP 00000001000b04b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000075215d87 5 bytes JMP 00000001000b08b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!MapWindowPoints 0000000074e68c40 5 bytes JMP 0000000100100570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000074e69ebd 5 bytes JMP 00000001001002b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000074e70afa 5 bytes JMP 00000001001002f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetClientRect 0000000074e70c62 7 bytes JMP 00000001001005b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetParent 0000000074e70f68 7 bytes JMP 00000001001006f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000074e7112d 7 bytes JMP 00000001001006b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074e712a5 5 bytes JMP 00000001001005f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!ScreenToClient 0000000074e7227d 7 bytes JMP 0000000100100670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 0000000074e73150 7 bytes JMP 0000000100100630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!SetCursor 0000000074e741f6 5 bytes JMP 0000000100100530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 0000000074e768ef 5 bytes JMP 0000000100100270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 0000000074e777fa 5 bytes JMP 0000000100100230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000074e77887 7 bytes JMP 0000000100100730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 0000000074e78676 5 bytes JMP 00000001001000f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 0000000074e78696 5 bytes JMP 0000000100100330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!CloseClipboard 0000000074e78e8d 5 bytes JMP 00000001001000b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000074e78ecb 5 bytes JMP 0000000100100070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 0000000074e7c17b 5 bytes JMP 0000000100100430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 0000000074e7c449 5 bytes JMP 00000001001001b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 0000000074e7c468 5 bytes JMP 00000001001003f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 0000000074e7c486 5 bytes JMP 00000001001001f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074e7c4b6 5 bytes JMP 00000001001004b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 0000000074e7d6c0 5 bytes JMP 00000001001004f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 0000000074e7e360 5 bytes JMP 0000000100100370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000074ea8e57 5 bytes JMP 0000000100100170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000074ea9cfd 5 bytes JMP 0000000100100770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074ea9f1d 5 bytes JMP 0000000100100030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000074ec7cb9 5 bytes JMP 0000000100100130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000074ec8111 5 bytes JMP 0000000100100470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 0000000074ec832f 5 bytes JMP 00000001001003b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 0000000074ca9606 5 bytes JMP 00000001001100f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 0000000074cb0581 5 bytes JMP 0000000100110130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000074cb0bb9 5 bytes JMP 0000000100110270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000074cb0c2e 5 bytes JMP 00000001001101b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000074cb0f2e 5 bytes JMP 0000000100110070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000074cb1096 5 bytes JMP 00000001001100b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 0000000074cb124e 5 bytes JMP 00000001001101f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 0000000074cb129d 5 bytes JMP 0000000100110230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000074cb1527 5 bytes JMP 0000000100110030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 0000000074cb1590 5 bytes JMP 0000000100110170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\ole32.dll!OleSetClipboard 00000000764a0045 5 bytes JMP 00000001001a0030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000764a36b2 5 bytes JMP 00000001001a0070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\ole32.dll!OleGetClipboard 00000000764cfdcd 5 bytes JMP 00000001001a00b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075031465 2 bytes [03, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000750314bb 2 bytes [03, 75]
.text ... * 2
---- EOF - GMER 2.1 ----
Code:
ATTFilter [OTL Logfile: Code:
ATTFilter [OTL Logfile: |
|
27.03.2013, 01:39
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Installiernen von Leedhax(Cheat für Facebookspiele) lahmt der Pc und Firefox stürzt öfters ab Also die selben Logs nochmal solltest du nich posten, ist aber nicht schlimm, poste bitte nur alle neuen Logs ab sofort in CODE-Tags  Meine eigentlich Frage: hatten noch andere Virenscanner etwas gefunden? Zuvor, in der Vergangenheit? Oder ist der Fund von Malwarebytes der einzige?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2013, 16:48
| #5 |
| | Nach Installiernen von Leedhax(Cheat für Facebookspiele) lahmt der Pc und Firefox stürzt öfters ab Ja das war der einzige Fund.Da ich vorher kein Virenprogramm Installiert habe. |
|
28.03.2013, 11:24
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Installiernen von Leedhax(Cheat für Facebookspiele) lahmt der Pc und Firefox stürzt öfters ab Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Nach Installiernen von Leedhax(Cheat für Facebookspiele) lahmt der Pc und Firefox stürzt öfters ab |
|
31.03.2013, 11:30
| #7 |
| | Nach Installiernen von Leedhax(Cheat für Facebookspiele) lahmt der Pc und Firefox stürzt öfters abCode:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 8.0.7601.17514
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4156563456, free: 2800922624
------------ Kernel report ------------
03/31/2013 11:40:38
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\avgfwd6a.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\VSTAZL6.SYS
\SystemRoot\system32\DRIVERS\VSTDPV6.SYS
\SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\RTL8187B.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\avgidsfiltera.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800487e680
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800467b560
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.03.31.01
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800487e680, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800487f040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800487e680, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800467b560, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a002a9f100, 0xfffffa800487e680, 0xfffffa8004216790
Lower DeviceData: 0xfffff8a003bb2da0, 0xfffffa800467b560, 0xfffffa800429a5c0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F864A667
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 234231808
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 120034123776 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-234421648-234441648)...
Done!
Performing system, memory and registry scan...
Read File: File "c:\ProgramData\AVG2012\Chjw\42f657f0f657e2a9.dat" is sparse (flags = 32768)
Read File: File "c:\ProgramData\AVG2012\log\avgual.2013-03-22.log" is compressed (flags = 1)
Read File: File "c:\ProgramData\AVG2012\log\avgual.2013-03-27.log" is compressed (flags = 1)
Read File: File "c:\ProgramData\AVG2012\log\avgual.2013-03-28.log" is compressed (flags = 1)
Done!
Scan finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 8.0.7601.17514
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4156563456, free: 3176833024
=======================================
|
|
01.04.2013, 13:56
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Installiernen von Leedhax(Cheat für Facebookspiele) lahmt der Pc und Firefox stürzt öfters ab Das ist das falsche Log von MBAR Außerdem fehlen die Logs der anderen Tools
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Nach Installiernen von Leedhax(Cheat für Facebookspiele) lahmt der Pc und Firefox stürzt öfters ab |
| adobe, autorun, avg, bho, bonjour, cursor, error, explorer, firefox, flash player, format, helper, home, install.exe, logfile, mipony, monitor, monitor.exe, mozilla, ntdll.dll, ntopenkeyex, object, plug-in, pricepeep, realtek, registry, rundll, scan, security, software, svchost.exe, u.s.w., visual studio, wajam, windows |
Linear-Darstellung
