Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Problem mit Delta Search.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.04.2013, 18:54   #1
Terrific
 
Problem mit Delta Search. - Standard

Problem mit Delta Search.



Hallo liebes Trojaner-Board-Team, schönen Abend wünsche ich.

Leider habe ich mir auf meinem Laptop den Delta Search Virus gefangen.
Wenn ich Firefox starte, erscheint als Startseite "Delta-Search". Außerdem erscheint des Öfteren ein Werbefenster im Internetexplorer, welches ich natürlich nicht angeklickt habe.
Dies geschieht bei Firefox und dem IE.

Leider kann ich nicht mehr nachvollziehen mit welchem Download ich mir den Plagegeist gefangen habe, da mein Bruder in letzter Zeit mehrere Downloads getätigt hat und ich den Laptop zu dieser Zeit nicht oft benutzt habe.

Ich habe am 21.03.13 einen Scan mit Bullguard gemacht, dieser hat mir folgenden Fund ausgespuckt:
HTML-Code:
E:\setup.exe

Details

Risiko: HOCH
Verhalten: Das Programm setup.exe versuchte, sich selbst an mehrere Stellen zu kopieren.
Zeit: 2013/03/21 11:43:20

Aktionen

Zulassen: Erfolgreich
Eventuell hat der Eintrag in diesem Scan ja was damit zutun!

Jedenfalls habe ich dann am 23.03.2013 noch einen Scan gemacht, der aber nur Cookies zum Vorschein gebracht hat.

Dann am 11.04.13 einen, der lautet : Keine Infektionen gefunden.

Trotzdem hat sich auch optisch nichts verändert, Delta Search ist nach wie vor da.

Ich hoffe ich habe mein Problem so beschrieben, dass ich hier Hilfe bekomme! Außerdem hoffe ich, dass ich dieses Thema hier z.B. an der richtigen Stelle gepostet habe und alle nötigen Informationen aufgelistet habe.


Vielen Dank, David!

Edit: Mein Betriebssystem ist Windows7 64.

Sorry, aber ich habe vergessen die anderen Logs mit in den Thread einzubringen und als der Scan fertig war, war die Stunde Editierzeit schon vorbei, deswegen poste ich die jetzt hier!

Extras.txtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.04.2013 20:12:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Floo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 66,91% Memory free
7,82 Gb Paging File | 6,40 Gb Available in Paging File | 81,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657,54 Gb Total Space | 607,29 Gb Free Space | 92,36% Space Free | Partition Type: NTFS
Drive D: | 38,00 Gb Total Space | 16,16 Gb Free Space | 42,52% Space Free | Partition Type: NTFS
Drive E: | 7,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FLOO-PC | User Name: Floo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015CF9CF-6BF4-4DE3-8E03-3D44BBFE2CA8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{26D57726-07F9-45C0-AFCC-099D98A3D30D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{359E9060-FA7D-4A76-9A9E-C5171B78954A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{477597A4-3B2E-4B38-844E-99C6FE748CC5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6A65DF23-D9D6-4988-A0DC-84251EE4BCC3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6EF315D5-62D3-4A51-8A8D-F45A0DE8CE3B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{75589B8D-A108-4B19-8A16-8B3DC9F0376C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{77342834-9760-44AE-9839-40EC3DFB45B7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{80EF2BA8-2FED-4115-80CE-67F152F0FA8B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{832B6E93-BA16-43EC-8C66-4392464AAD24}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A3DEE283-3DAD-4D7E-B29C-1F5AB6B247C9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A7981EB1-26A0-4505-A742-C78FB4D4F8EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AC54BA2D-9DE7-4D29-8673-C32C50C6F26F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{AE095E80-1C25-4D11-B149-A77F72946E2A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B19FD714-1CAB-4057-9834-922306172952}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B265EC17-CD9C-46FF-96DA-E142CE75327E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B97CEA30-5291-48E4-920B-7AF4A95CE2B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CE05F585-3490-4600-96BF-A05CE4146E54}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D4999BFA-5E71-453B-8E25-1CF9DBFC2ADD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D59A91A5-09E9-4808-9057-640576EA3B2A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DDD9EBED-4784-4004-B693-BF35A2B3ECF7}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{E2890DEB-92E0-4FEC-B584-449A03C14CDE}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E5843954-95E4-4427-BFAA-631502006492}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E6E9CA23-F1A1-4974-BACC-6FA3F142286A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{ED059996-1C4F-451E-BE7B-15805036445A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{EE9659E1-0617-46E8-BF70-9A7888F7F136}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F4A4CDEB-4F7C-487B-A67F-F5CF215E2809}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F605A393-CFF0-471D-9958-4BDA880230AD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F9FD85EB-9A24-41F3-9DD2-B7C7291B9F3E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D90BDF-4592-4F9B-AEDB-8987A9FF2AFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0DDBCF6D-B067-4403-8CD9-AF04A41C9369}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{12856B99-4030-4841-B8BC-B24B5846F87F}" = protocol=17 | dir=in | app=c:\program files (x86)\webcam 7\wlite.exe | 
"{19123CD5-5253-48C2-B13B-EB10C6548230}" = protocol=6 | dir=in | app=c:\program files (x86)\webcam 7\wservice.exe | 
"{4A678D7F-27E3-4F15-A08D-18FC489DCE1F}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | 
"{4ABE867E-8F56-4681-AEB2-B67B259F0609}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4BD8D57B-C139-4645-A317-538E88B53464}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4DCED4EA-7951-4306-ACF2-E11226F269F6}" = protocol=17 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe | 
"{50514AE0-6F1A-40CE-B796-402C095F5DCE}" = protocol=6 | dir=in | app=c:\program files (x86)\webcam 7\wlite.exe | 
"{50AB686D-796B-4406-89EE-0A421A8F9A06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{50CEABB1-9C3B-4C78-ABEE-8B3FA22F55AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5AB409ED-0E08-40EC-B503-4260FDB63168}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5C6CC0A4-A09D-439D-893B-536989B8770D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{632114FA-7368-4DEE-8D96-8A63052B905E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6628D21A-848C-443B-912F-ECCE0F348C16}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{6C3C1932-FB58-491A-B0C3-D8B01BBF84EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{73DF9180-E2C4-4034-9557-AFA073670B22}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{79F25BB6-AD3D-4D91-BAD3-04512396AAA8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7A8C3046-9BCB-4419-8FFE-EBA6EB115719}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{8CB06A0B-36FF-4D9E-9957-C696AABD2533}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9C3E6D29-E96B-4038-9C27-0A671E894EBB}" = protocol=17 | dir=in | app=c:\program files (x86)\webcam 7\wservice.exe | 
"{9F0E7110-87E6-4A05-8DC4-73E80009F4A5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9FB781A0-F0AA-43E2-AA16-26F1027D7128}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | 
"{A7FDCA14-B385-4932-A497-3BD595EFD338}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | 
"{A8D17331-3575-4F77-99FA-131FB55503A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B646C4CA-310B-4BB3-8A7B-FC9058AFD47C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C0A8C8AA-3431-4B05-A818-977D12A2374F}" = protocol=6 | dir=out | app=system | 
"{CC056E48-7D41-4133-89B6-32F159F958EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D6F74012-A8AE-4106-87F5-DF0B66C9E58F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D8A0AC91-4A64-4F43-8FE3-16F1E56896E1}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | 
"{EB9E50EC-3711-401C-8946-73BE95A578FB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F228930F-CF5F-453F-8CB1-177552D79B20}" = protocol=6 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe | 
"{F4B5EC10-C8EB-4CC2-AB5D-A845733AF500}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{188CB541-05C3-4932-8F22-4AA0DEEE5FC8}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{3EE642C2-C258-44D4-82ED-9A3FCA362E6F}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"TCP Query User{743C31B7-08DA-4035-984A-9C9C60E4179B}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"TCP Query User{F1AE29AD-2B6A-4BBF-B00C-2BF00C04691F}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"TCP Query User{F4915D10-671F-426F-86C7-0D079B69A100}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"UDP Query User{23644F63-B8E3-46BD-A7AE-C9BA3C2E3A81}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{5C740A99-5596-4033-B49B-FA4DDD2C5D40}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"UDP Query User{7611E83F-C284-45A5-9A72-61C9AF3E5529}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"UDP Query User{8AE14652-A2D3-4D00-A5BE-CCE5DEC49C90}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"UDP Query User{DB9944DD-CD46-4349-A67C-5D1106698C89}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{794E5C90-96E5-4413-B3F5-C803205AE30C}" = Intel(R) PROSet/Wireless WiFi-Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BullGuard" = BullGuard
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1" = Minecraft PC Gamer Demo version 1.5
"{5E7A8F05-013C-44FD-B450-5434CA581098}_is1" = MicroVolts
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"1ClickDownload" = HDVidCodec
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Project Blackout" = Project Blackout
"SoftwareUpdater" = SoftwareUpdater
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.04.2013 09:07:50 | Computer Name = Floo-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 04.04.2013 04:14:26 | Computer Name = Floo-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 08.04.2013 12:21:17 | Computer Name = Floo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.0.4833,
 Zeitstempel: 0x5152542c  Name des fehlerhaften Moduls: xul.dll, Version: 20.0.0.4833,
 Zeitstempel: 0x51525346  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000973d8  ID des fehlerhaften
 Prozesses: 0x1258  Startzeit der fehlerhaften Anwendung: 0x01ce3472590f39a0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 566e4d50-a068-11e2-9eea-f93a0a620abd
 
Error - 08.04.2013 15:34:35 | Computer Name = Floo-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 10.04.2013 09:22:29 | Computer Name = Floo-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 3a4    Startzeit: 01ce35ee6df4b9a2    Endzeit: 0    Anwendungspfad: C:\Riot
 Games\League of Legends\RADS\system\rads_user_kernel.exe    Berichts-ID: afc488de-a1e1-11e2-b351-9a3f83ad0d86

 
Error - 10.04.2013 09:45:22 | Computer Name = Floo-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 10.04.2013 10:31:00 | Computer Name = Floo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.6.0.5920,
 Zeitstempel: 0x510610d1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0006de2d  ID des fehlerhaften
 Prozesses: 0x928  Startzeit der fehlerhaften Anwendung: 0x01ce35f1ef9964b6  Pfad der
 fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.0\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.0\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: 43652f0a-a1eb-11e2-b351-9a3f83ad0d86
 
Error - 10.04.2013 17:10:34 | Computer Name = Floo-PC | Source = Application Hang | ID = 1002
Description = Programm north.exe, Version 3.0.0.0 kann nicht mehr unter Windows 
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1710    Startzeit:
 01ce362f2bbafc5a    Endzeit: 60000    Anwendungspfad: C:\Users\Floo\AppData\Local\Temp\nse6808.tmp\north.exe

Berichts-ID:
 e5e313b5-a222-11e2-baad-bd6340a7d188  
 
Error - 11.04.2013 01:12:54 | Computer Name = Floo-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 11.04.2013 02:35:06 | Computer Name = Floo-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
[ System Events ]
Error - 11.04.2013 08:29:10 | Computer Name = Floo-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 11.04.2013 08:29:14 | Computer Name = Floo-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 11.04.2013 08:54:12 | Computer Name = Floo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?04.?2013 um 14:52:00 unerwartet heruntergefahren.
 
Error - 11.04.2013 08:54:26 | Computer Name = Floo-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 11.04.2013 12:46:47 | Computer Name = Floo-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 11.04.2013 12:46:47 | Computer Name = Floo-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 11.04.2013 13:14:26 | Computer Name = Floo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?04.?2013 um 19:11:51 unerwartet heruntergefahren.
 
Error - 11.04.2013 13:14:37 | Computer Name = Floo-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 11.04.2013 13:41:29 | Computer Name = Floo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?04.?2013 um 19:35:09 unerwartet heruntergefahren.
 
Error - 11.04.2013 13:41:39 | Computer Name = Floo-PC | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >
         
--- --- ---

OTL.txt OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.04.2013 20:12:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Floo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 66,91% Memory free
7,82 Gb Paging File | 6,40 Gb Available in Paging File | 81,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657,54 Gb Total Space | 607,29 Gb Free Space | 92,36% Space Free | Partition Type: NTFS
Drive D: | 38,00 Gb Total Space | 16,16 Gb Free Space | 42,52% Space Free | Partition Type: NTFS
Drive E: | 7,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FLOO-PC | User Name: Floo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.11 20:10:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Floo\Desktop\OTL.exe
PRC - [2013.01.28 19:16:20 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.09 15:21:12 | 000,156,512 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe
PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
PRC - [2010.12.15 16:23:02 | 000,207,400 | ---- | M] (Wistron) -- C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
PRC - [2010.06.21 14:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WButton.exe
PRC - [2009.12.11 16:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\OSD.exe
PRC - [2009.10.22 18:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.24 17:11:59 | 000,482,656 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\Files32\SQLite.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.03 18:23:19 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.24 11:46:46 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.25 15:39:58 | 000,575,840 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)
SRV - [2013.02.25 15:39:57 | 000,289,632 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2013.02.25 15:39:56 | 000,515,424 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2013.02.25 15:36:37 | 000,382,304 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2013.02.18 09:52:54 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe -- (SrvUpdater)
SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.08.24 17:12:01 | 000,368,480 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV - [2012.08.24 17:12:00 | 000,274,784 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2012.08.24 17:11:55 | 000,201,056 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV - [2012.06.14 14:33:08 | 000,071,520 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.02.04 16:34:20 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011.02.04 16:24:24 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011.02.04 16:19:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.22 18:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.20 20:13:58 | 000,038,528 | R--- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Afw.sys -- (AFW)
DRV:64bit: - [2012.06.20 20:13:49 | 000,445,568 | R--- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AfwCore.sys -- (afwcore)
DRV:64bit: - [2012.06.10 15:28:09 | 000,025,160 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV:64bit: - [2012.06.10 15:28:03 | 000,256,072 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV:64bit: - [2012.06.10 15:28:02 | 000,290,376 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2012.04.28 14:17:13 | 000,066,272 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdSpy.sys -- (BdSpy)
DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.24 11:40:20 | 008,591,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=bee808c2-5450-430f-a6da-dd8dfd5bc212&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=bee808c2-5450-430f-a6da-dd8dfd5bc212&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=bee808c2-5450-430f-a6da-dd8dfd5bc212&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119887&babsrc=HP_ss&mntrId=82e91b28000000000000bc77370e37a7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 CC 44 4A DB 2A CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=bee808c2-5450-430f-a6da-dd8dfd5bc212&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=bee808c2-5450-430f-a6da-dd8dfd5bc212&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=bee808c2-5450-430f-a6da-dd8dfd5bc212&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119887&babsrc=SP_ss&mntrId=82e91b28000000000000bc77370e37a7
IE - HKCU\..\SearchScopes\{AC6F0F2B-BD4B-403A-AE0C-3C8C06087D29}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=85B04CA0-BA85-4CEA-92CE-D50CDC4D347F&apn_sauid=FB9CF9AE-23C8-4222-A68C-F39668862AC0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119887&babsrc=HP_ss&mntrId=82e91b28000000000000bc77370e37a7"
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.03 18:23:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin [2012.06.11 13:31:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter [2012.06.11 13:31:14 | 000,000,000 | ---D | M]
 
[2012.10.07 12:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Floo\AppData\Roaming\mozilla\Extensions
[2013.03.10 11:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Floo\AppData\Roaming\mozilla\Firefox\Profiles\4dibghn4.default\extensions
[2013.02.05 17:05:25 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Floo\AppData\Roaming\mozilla\Firefox\Profiles\4dibghn4.default\extensions\toolbar@ask.com
[2013.03.10 11:43:19 | 000,021,485 | ---- | M] () (No name found) -- C:\Users\Floo\AppData\Roaming\mozilla\firefox\profiles\4dibghn4.default\extensions\plugin@yontoo.com.xpi
[2013.01.28 19:14:20 | 000,002,333 | ---- | M] () -- C:\Users\Floo\AppData\Roaming\mozilla\firefox\profiles\4dibghn4.default\searchplugins\askcom.xml
[2013.04.03 18:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.03 18:23:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.03 18:23:19 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.09 22:34:23 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: 
CHR - Extension: No name found = C:\Users\Floo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Floo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Floo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Floo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [BullGuard] c:\program files\bullguard ltd\bullguard\BullGuard.exe (BullGuard Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programme\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programme\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3FE50A5-B2E0-41BC-9A86-50531C1C4246}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (BgGamingMonitor.dll) - C:\Windows\SysNative\BgGamingMonitor.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (BgGamingMonitor.dll) - C:\Windows\SysWow64\BgGamingMonitor.dll (BullGuard Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{58024119-6ae2-11e2-a49d-f40287e6f282}\Shell - "" = AutoRun
O33 - MountPoints2\{58024119-6ae2-11e2-a49d-f40287e6f282}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{aaeeff14-3713-11e2-b9a6-ec06f891f988}\Shell - "" = AutoRun
O33 - MountPoints2\{aaeeff14-3713-11e2-b9a6-ec06f891f988}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.11 20:10:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Floo\Desktop\OTL.exe
[2013.04.10 15:10:50 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 15:10:50 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.10 15:10:49 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.10 15:10:49 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.10 15:10:49 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.10 15:10:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.10 15:10:16 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 15:10:12 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 15:10:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 15:10:12 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.10 15:10:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.10 15:10:12 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.10 15:10:11 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.10 15:10:04 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 15:10:03 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 15:10:03 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 15:10:02 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 15:10:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 15:10:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.09 20:48:16 | 000,000,000 | ---D | C] -- C:\Users\Floo\Desktop\musik
[2013.04.03 18:23:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.30 22:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\webcam 7
[2013.03.24 11:46:46 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.24 11:46:46 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.24 11:45:33 | 000,000,000 | ---D | C] -- C:\Users\Floo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
[2013.03.24 11:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hdvidcodec.com
[2013.03.23 20:41:33 | 000,000,000 | ---D | C] -- C:\Users\Floo\Documents\GTA San Andreas User Files
[2013.03.21 14:31:19 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.21 14:04:55 | 000,000,000 | ---D | C] -- C:\Users\Floo\Desktop\Neuer Ordner
[2013.03.21 12:52:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2013.03.21 12:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2013.03.21 12:42:43 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2013.03.21 12:42:43 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2013.03.21 12:39:52 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013.03.21 12:39:52 | 000,000,000 | RH-D | C] -- C:\Users\Floo\AppData\Roaming\SecuROM
[2013.03.21 12:39:47 | 000,000,000 | ---D | C] -- C:\Users\Floo\AppData\Local\Oblivion
[2013.03.21 12:39:47 | 000,000,000 | ---D | C] -- C:\Users\Floo\Documents\My Games
[1 C:\Users\Floo\Desktop\*.tmp files -> C:\Users\Floo\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.11 20:10:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Floo\Desktop\OTL.exe
[2013.04.11 20:07:39 | 000,000,000 | ---- | M] () -- C:\Users\Floo\defogger_reenable
[2013.04.11 20:06:25 | 000,050,477 | ---- | M] () -- C:\Users\Floo\Desktop\Defogger.exe
[2013.04.11 19:48:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 19:48:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 19:41:35 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013.04.11 19:41:30 | 000,000,480 | ---- | M] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013.04.11 19:41:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.11 19:41:26 | 3148,140,544 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.11 19:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.11 08:02:14 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.02 10:51:12 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.02 10:51:12 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.02 10:51:12 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.02 10:51:12 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.02 10:51:12 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.01 20:21:16 | 000,067,920 | ---- | M] () -- C:\Users\Floo\Desktop\ö.jpg
[2013.03.30 19:51:21 | 000,732,389 | ---- | M] () -- C:\Users\Floo\Desktop\IMG_2262.JPG
[2013.03.30 19:39:02 | 000,091,171 | ---- | M] () -- C:\Users\Floo\Desktop\IMG_2107.JPG
[2013.03.24 11:46:46 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.24 11:46:46 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.21 12:39:52 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013.03.19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[1 C:\Users\Floo\Desktop\*.tmp files -> C:\Users\Floo\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.11 20:07:39 | 000,000,000 | ---- | C] () -- C:\Users\Floo\defogger_reenable
[2013.04.11 20:06:25 | 000,050,477 | ---- | C] () -- C:\Users\Floo\Desktop\Defogger.exe
[2013.04.11 19:41:30 | 000,000,480 | ---- | C] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013.04.01 20:21:16 | 000,067,920 | ---- | C] () -- C:\Users\Floo\Desktop\ö.jpg
[2013.03.30 19:55:52 | 000,732,389 | ---- | C] () -- C:\Users\Floo\Desktop\IMG_2262.JPG
[2013.03.30 19:42:05 | 000,091,171 | ---- | C] () -- C:\Users\Floo\Desktop\IMG_2107.JPG
[2013.03.24 11:46:50 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.10 21:20:39 | 000,877,747 | ---- | C] () -- C:\Users\Floo\AppData\Local\Tempmusic.ogg
[2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.19 23:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---


Gmer.txt

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-11 21:54:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS547575A9E384 rev.JE4OA60A 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Floo\AppData\Local\Temp\kxldypog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             0000000075281465 2 bytes [28, 75]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            00000000752814bb 2 bytes [28, 75]
.text  ...                                                                                                                                          * 2
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000075281465 2 bytes [28, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         00000000752814bb 2 bytes [28, 75]
.text  ...                                                                                                                                          * 2
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5         0000000076f9f991 8 bytes {MOV EDX, 0xd03e8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15        0000000076f9f99b 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5                      0000000076f9fa0d 8 bytes {MOV EDX, 0xd01a8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15                     0000000076f9fa17 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5                    0000000076f9fb25 8 bytes {MOV EDX, 0xd0168; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15                   0000000076f9fb2f 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5              0000000076f9fbd5 8 bytes {MOV EDX, 0xd0428; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15             0000000076f9fbdf 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                  0000000076f9fc05 8 bytes {MOV EDX, 0xd0368; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15                 0000000076f9fc0f 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5           0000000076f9fc1d 8 bytes {MOV EDX, 0xd0128; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15          0000000076f9fc27 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5             0000000076f9fc35 8 bytes {MOV EDX, 0xd04e8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15            0000000076f9fc3f 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5           0000000076f9fc65 8 bytes {MOV EDX, 0xd0528; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15          0000000076f9fc6f 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5            0000000076f9fce5 8 bytes {MOV EDX, 0xd04a8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15           0000000076f9fcef 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5           0000000076f9fcfd 8 bytes {MOV EDX, 0xd0468; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15          0000000076f9fd07 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                     0000000076f9fd49 8 bytes {MOV EDX, 0xd0068; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15                    0000000076f9fd53 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5                  0000000076f9fdad 8 bytes {MOV EDX, 0xd02e8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15                 0000000076f9fdb7 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5          0000000076f9fe41 8 bytes {MOV EDX, 0xd00a8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15         0000000076f9fe4b 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5                0000000076f9ff89 8 bytes {MOV EDX, 0xd02a8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15               0000000076f9ff93 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                   0000000076fa0099 8 bytes {MOV EDX, 0xd0028; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15                  0000000076fa00a3 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5                 0000000076fa0781 8 bytes {MOV EDX, 0xd0268; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15                0000000076fa078b 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5                    0000000076fa0ffd 8 bytes {MOV EDX, 0xd01e8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15                   0000000076fa1007 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5                   0000000076fa105d 8 bytes {MOV EDX, 0xd0228; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15                  0000000076fa1067 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5             0000000076fa10a5 8 bytes {MOV EDX, 0xd03a8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15            0000000076fa10af 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                   0000000076fa111d 8 bytes {MOV EDX, 0xd0328; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15                  0000000076fa1127 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5      0000000076fa1321 8 bytes {MOV EDX, 0xd00e8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15     0000000076fa132b 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\kernel32.dll!CreateProcessW                  0000000074df103d 5 bytes JMP 0000000100010030
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\kernel32.dll!CreateProcessA                  0000000074df1072 5 bytes JMP 0000000100010070
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW                  000000007693119f 5 bytes JMP 0000000100020030
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW                    00000000769311cf 5 bytes JMP 0000000100020070
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps                      00000000766d4de0 5 bytes JMP 00000001002603b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SelectObject                       00000000766d4f70 5 bytes JMP 00000001002605f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SetBkMode                          00000000766d51a2 5 bytes JMP 00000001002608f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SetTextColor                       00000000766d522d 5 bytes JMP 0000000100260a30
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!DeleteObject                       00000000766d5689 5 bytes JMP 00000001002601b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!DeleteDC                           00000000766d58b3 5 bytes JMP 0000000100260170
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetCurrentObject                   00000000766d6bad 5 bytes JMP 0000000100260370
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SaveDC                             00000000766d6e05 5 bytes JMP 0000000100260570
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!RestoreDC                          00000000766d6ead 5 bytes JMP 0000000100260530
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode                  00000000766d7180 5 bytes JMP 00000001002606b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!StretchDIBits                      00000000766d7435 5 bytes JMP 0000000100260770
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!CreateDCA                          00000000766d7bcc 5 bytes JMP 00000001002600b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!IntersectClipRect                  00000000766d7dc4 5 bytes JMP 00000001002603f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetTextAlign                       00000000766d7fd5 5 bytes JMP 0000000100260d70
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW                    00000000766d82b2 5 bytes JMP 0000000100260e30
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SetTextAlign                       00000000766d8401 5 bytes JMP 00000001002609f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn                   00000000766d879f 5 bytes JMP 00000001002602f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SelectClipRgn                      00000000766d8916 5 bytes JMP 00000001002605b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!ExtTextOutW                        00000000766d8b7a 5 bytes JMP 0000000100260970
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!MoveToEx                           00000000766d8ee6 5 bytes JMP 0000000100260470
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetFontData                        00000000766d9875 5 bytes JMP 0000000100260c70
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetTextFaceW                       00000000766d9936 5 bytes JMP 0000000100260d30
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!Rectangle                          00000000766da53a 5 bytes JMP 00000001002609b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetClipBox                         00000000766daf9f 5 bytes JMP 0000000100260330
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!LineTo                             00000000766db9e5 5 bytes JMP 0000000100260430
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SetICMMode                         00000000766dbd55 5 bytes JMP 0000000100260db0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!CreateICW                          00000000766dc040 5 bytes JMP 0000000100260130
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W              00000000766dc107 5 bytes JMP 0000000100260670
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SetWorldTransform                  00000000766dc269 5 bytes JMP 00000001002606f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA                    00000000766dd1f1 5 bytes JMP 0000000100260df0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A              00000000766dd349 5 bytes JMP 0000000100260630
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!ExtTextOutA                        00000000766ddce4 5 bytes JMP 0000000100260930
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!CreateDCW                          00000000766de743 5 bytes JMP 00000001002600f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!ExtEscape                          00000000766e03b7 5 bytes JMP 00000001002602b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!Escape                             00000000766e1bda 5 bytes JMP 0000000100260270
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetTextFaceA                       00000000766e1e89 5 bytes JMP 0000000100260cf0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode                    00000000766e4843 5 bytes JMP 0000000100260b30
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SetMiterLimit                      00000000766e5690 5 bytes JMP 0000000100260b70
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!EndPage                            00000000766e6bde 5 bytes JMP 0000000100260230
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!ResetDCW                           00000000766ee2db 5 bytes JMP 0000000100260ab0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW                   00000000766f940d 5 bytes JMP 0000000100260cb0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW        00000000766fc621 5 bytes JMP 0000000100260bb0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!AddFontResourceW                   00000000766fd2b2 5 bytes JMP 0000000100260bf0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW                00000000766fd919 5 bytes JMP 0000000100260c30
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!AbortDoc                           0000000076703adc 5 bytes JMP 0000000100260030
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!EndDoc                             0000000076703f29 5 bytes JMP 00000001002601f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!StartPage                          000000007670401a 5 bytes JMP 0000000100260730
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!StartDocW                          0000000076704c51 5 bytes JMP 00000001002607f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!BeginPath                          00000000767053fd 5 bytes JMP 0000000100260830
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SelectClipPath                     0000000076705454 5 bytes JMP 0000000100260af0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!CloseFigure                        00000000767054af 5 bytes JMP 0000000100260070
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!EndPath                            0000000076705506 5 bytes JMP 0000000100260a70
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!StrokePath                         000000007670573f 5 bytes JMP 00000001002607b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!FillPath                           00000000767057d2 5 bytes JMP 0000000100260870
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!PolylineTo                         0000000076705c44 5 bytes JMP 00000001002604f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!PolyBezierTo                       0000000076705cd5 5 bytes JMP 00000001002604b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!PolyDraw                           0000000076705d87 5 bytes JMP 00000001002608b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!MapWindowPoints                   00000000763e8c40 5 bytes JMP 0000000100270570
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW          00000000763e9ebd 5 bytes JMP 00000001002702b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA          00000000763f0afa 5 bytes JMP 00000001002702f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetClientRect                     00000000763f0c62 7 bytes JMP 00000001002705b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetParent                         00000000763f0f68 7 bytes JMP 00000001002706f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!IsWindowVisible                   00000000763f112d 7 bytes JMP 00000001002706b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!PostMessageW                      00000000763f12a5 5 bytes JMP 00000001002705f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!ScreenToClient                    00000000763f227d 7 bytes JMP 0000000100270670
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!MonitorFromWindow                 00000000763f3150 7 bytes JMP 0000000100270630
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!SetCursor                         00000000763f41f6 5 bytes JMP 0000000100270530
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA           00000000763f68ef 5 bytes JMP 0000000100270270
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW           00000000763f77fa 5 bytes JMP 0000000100270230
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetTopWindow                      00000000763f7887 7 bytes JMP 0000000100270730
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable        00000000763f8676 5 bytes JMP 00000001002700f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber        00000000763f8696 5 bytes JMP 0000000100270330
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!CloseClipboard                    00000000763f8e8d 5 bytes JMP 00000001002700b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!OpenClipboard                     00000000763f8ecb 5 bytes JMP 0000000100270070
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain              00000000763fc17b 5 bytes JMP 0000000100270430
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats              00000000763fc449 5 bytes JMP 00000001002701b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow            00000000763fc468 5 bytes JMP 00000001002703f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!CountClipboardFormats             00000000763fc486 5 bytes JMP 00000001002701f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                00000000763fc4b6 5 bytes JMP 00000001002704b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout            00000000763fd6c0 5 bytes JMP 00000001002704f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetClipboardOwner                 00000000763fe360 5 bytes JMP 0000000100270370
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!SetClipboardData                  0000000076428e57 5 bytes JMP 0000000100270170
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!SetCursorPos                      0000000076429cfd 5 bytes JMP 0000000100270770
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetClipboardData                  0000000076429f1d 5 bytes JMP 0000000100270030
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!EmptyClipboard                    0000000076447cb9 5 bytes JMP 0000000100270130
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetClipboardViewer                0000000076448111 5 bytes JMP 0000000100270470
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat        000000007644832f 5 bytes JMP 00000001002703b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer                0000000074af9606 5 bytes JMP 00000001002800f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle            0000000074b00581 5 bytes JMP 0000000100280130
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext            0000000074b00bb9 5 bytes JMP 0000000100280270
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken                0000000074b00c2e 5 bytes JMP 00000001002801b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA          0000000074b00f2e 5 bytes JMP 0000000100280070
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA      0000000074b01096 5 bytes JMP 00000001002800b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!EncryptMessage                   0000000074b0124e 5 bytes JMP 00000001002801f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!DecryptMessage                   0000000074b0129d 5 bytes JMP 0000000100280230
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA        0000000074b01527 5 bytes JMP 0000000100280030
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA       0000000074b01590 5 bytes JMP 0000000100280170
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\ole32.dll!OleSetClipboard                    0000000076530045 5 bytes JMP 0000000100290030
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard              00000000765336b2 5 bytes JMP 0000000100290070
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\ole32.dll!OleGetClipboard                    000000007655fdcd 5 bytes JMP 00000001002900b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000075281465 2 bytes [28, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         00000000752814bb 2 bytes [28, 75]
.text  ...                                                                                                                                          * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{8864C03D-E3A2-428F-9383-42C7DDB666A4}\Connection@Name  isatap.{C267F42B-6BAC-40F4-AEDA-9297F3EDC75D}
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind     \Device\{8864C03D-E3A2-428F-9383-42C7DDB666A4}?\Device\{77B05E89-F1B9-434D-9A9F-67EEEA59DFF5}?\Device\{0863EEDD-CF3F-431F-98C2-8568F02C0656}?
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route    "{8864C03D-E3A2-428F-9383-42C7DDB666A4}"?"{77B05E89-F1B9-434D-9A9F-67EEEA59DFF5}"?"{0863EEDD-CF3F-431F-98C2-8568F02C0656}"?
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export   \Device\TCPIP6TUNNEL_{8864C03D-E3A2-428F-9383-42C7DDB666A4}?\Device\TCPIP6TUNNEL_{77B05E89-F1B9-434D-9A9F-67EEEA59DFF5}?\Device\TCPIP6TUNNEL_{0863EEDD-CF3F-431F-98C2-8568F02C0656}?
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc77370e37aa                                                                  
Reg    HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{8864C03D-E3A2-428F-9383-42C7DDB666A4}@InterfaceName                       isatap.{C267F42B-6BAC-40F4-AEDA-9297F3EDC75D}
Reg    HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{8864C03D-E3A2-428F-9383-42C7DDB666A4}@ReusableType                        0
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc77370e37aa (not active ControlSet)                                              

---- EOF - GMER 2.1 ----
         
--- --- ---


Mfg, David

Geändert von Terrific (11.04.2013 um 19:00 Uhr)

Alt 12.04.2013, 14:11   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Problem mit Delta Search. - Standard

Problem mit Delta Search.



Hallo und

Zitat:
E:\setup.exe
Risiko: HOCH
Verhalten: Das Programm...
Was ist Laufwerk E bei dir? Ein DVD-Laufwerk? Welche DVD war da drin, bitte näher beschreiben
__________________

__________________

Alt 12.04.2013, 20:14   #3
Terrific
 
Problem mit Delta Search. - Standard

Problem mit Delta Search.



Danke für deine schnelle Antwort
Ich habe extra mal nachgeschaut. E ist tatsächlich DVD. Das Laufwerk beinhaltet momentan und zum Zeitpunkt der Infektion eine King Of Queens (Serie) DVD (Im Laden gekauft). Diese wurde soweit ich weiß auch sofort nach dem Entnehmen aus der verschweißten Packung in den Laptop eingelegt, dort vergessen und auch zweischendurch nicht hinausgenommen oder in einen anderen Rechner eingelegt.

Mfg David
__________________

Alt 13.04.2013, 14:54   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Problem mit Delta Search. - Standard

Problem mit Delta Search.



Das ist mit ziemlicher Sicherheit ein Fehlalarm...Aber du hast ja noch den Delta-Quatsch drauf

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Problem mit Delta Search.
1clickdownload, 4d36e972-e325-11ce-bfc1-08002be10318, bingbar, bruder, bullguard, delta, deltasearch, download, explorer, firefox, folge, folgende, fund, html, install.exe, internetexplorer, laptop, launch, nachvollziehen, nicht mehr, nichts, ntdll.dll, ntopenkeyex, problem, programm, scan, search, seite, softwareupdater, startseite, thema, tunnel, verändert, virus, werbefenster



Ähnliche Themen: Problem mit Delta Search.


  1. babylon search und delta search als startseite im browser
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (9)
  2. Search d.p Engine. Ist das Delta-Search? Wenn nein, egal ich werde es nicht mehr los
    Log-Analyse und Auswertung - 27.01.2014 (11)
  3. Delta Search Problem
    Plagegeister aller Art und deren Bekämpfung - 23.08.2013 (9)
  4. komme nach delta search problem nicht mehr ins netz
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (11)
  5. Delta Search und Babylon search - Malware durch Freeware, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 16.07.2013 (37)
  6. delta search
    Log-Analyse und Auswertung - 05.07.2013 (31)
  7. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (9)
  8. Delta Search
    Log-Analyse und Auswertung - 19.06.2013 (45)
  9. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (7)
  10. Delta Search mit Spybot entfernt; Delta Search taucht jedoch in neuen Tab trotzdem auf
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  11. Delta Search Problem
    Plagegeister aller Art und deren Bekämpfung - 11.04.2013 (10)
  12. Delta Search Problem
    Plagegeister aller Art und deren Bekämpfung - 10.04.2013 (8)
  13. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (51)
  14. Delta Search Problem
    Plagegeister aller Art und deren Bekämpfung - 19.03.2013 (13)
  15. Delta Search und Babylon Search entfernt - Ist nun alles weg?
    Log-Analyse und Auswertung - 16.03.2013 (18)
  16. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 03.03.2013 (15)
  17. Delta-Search Problem ! Bitte um Hilfe !
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (9)

Zum Thema Problem mit Delta Search. - Hallo liebes Trojaner-Board-Team, schönen Abend wünsche ich. Leider habe ich mir auf meinem Laptop den Delta Search Virus gefangen. Wenn ich Firefox starte, erscheint als Startseite " Delta-Search ". Außerdem - Problem mit Delta Search....
Archiv
Du betrachtest: Problem mit Delta Search. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.