| |
| |||||||
Log-Analyse und Auswertung: wüste PopUps auf zwei Rechnern und drei BetriebssystemenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
11.12.2014, 16:08
| #1 |
| |  wüste PopUps auf zwei Rechnern und drei Betriebssystemen Hallo liebe Helfer in der Not, zuerst war es nur der elterliche VISTA-PC: Skype-artigeMeldungen, Popups v.a. rechts unten, beim Schließen öffnen sich russische Seiten, gerne und zunehmend pornografische Darstellungen. Außerhalb des Browsers scheint alles normal. Avira hatte vor ca 2 Wochen Alarm geschlagen bei falscher Telekom-Rechnung, scheinbar keine negativen Folgen. Gemeldet wurde: In der Datei 'C:\Users\wir\AppData\Local\Temp\Temp1_rechnungonline_telekom_000002920019.zip\rechnungonline_telekom_000002920019_2014_11_43726700032_de_003938289_02 7.exe' wurde ein Virus oder unerwünschtes Programm 'HEUR/APC (Cloud)' [HEUR/APC] gefunden. Ausgeführte Aktion: Zugriff verweigern Ich habe laufen gelassen: ADW cleaner, Malwarebytes (abgesicherter Modus), Emisoft, Kasperskys rescue disc. Es wird nichts gefährliches gefunden. VirusTotal findet alle Prozesse im Process Explorer ok. GRC hält den Router für sehr sicher, aber die Ports 21, 23 und 80 sind offen. Einen Tag später hat unser Sohn (Win8.1) die gleichen Sachen. Die Rechner sind im gleichen WLAN, aber sonst nicht miteinander verbunden. Ich boote von einer Linux-Puppy CD-ROM. Keine Popups im Puppy-Browser. Puppy speichert Einstellungen auf frisch formatiertem Stick -> Popups und pornografischste Seiten im Puppy-Browser. Würde in dieser Situation eine Neuinstallation überhaupt etwas bringen? Kann das daraufhinweisen, daß WLAN oder Router gehackt sind? Ich werde, soweit noch möglich, immer ratloser. Danke schonmal und viele Grüße Bernd PS1: jemand mir kompetent erscheinendes tippte bei einem wirklich nicht-beschreibbaren System auf eine DNS-Umleitung im Router. Der Router ist ein betagtes Modell von HAMA. Dazu fällt mir ein: vor ca 2 Monaten landeten wir auf einer gefakten Amazon-Seite und hatten uns da eingeloggt. Daraufhin waren wir bei Amazon ausgesperrt und zahlreiche teure Artikel waren in unserem Namen zum Verkauf eingestellt. Alles längst behoben, Password und Mail geändert, aber das war wohl ein großes Scheunentor… PS2: Der Versuch, GMER runterzuladen, scheiterte mit dem IE. IE läßt sich jetzt nicht mehr öffnen. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:32 on 11/12/2014 (Ulrike&Bernd)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2014 Ran by wir (ATTENTION: The logged in user is not administrator) on WIR-PC on 11-12-2014 14:42:55 Running from C:\Users\wir\Downloads Loaded Profiles: wir & Ulrike&Bernd (Available profiles: wir & Elias & Ulrike&Bernd & Sarah) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe () C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Messaging) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Irfan Skiljan) C:\Program Files\IrfanView\i_view32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [149280 2010-01-06] (Sun Microsystems, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.) HKLM\...\Run: [NDSTray.exe] => NDSTray.exe HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation) HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation) HKLM\...\Run: [] => [X] HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation) HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-2897898762-2063798205-3883325531-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [430080 2008-01-29] () HKU\S-1-5-21-2897898762-2063798205-3883325531-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2897898762-2063798205-3883325531-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [145408 2008-02-22] (Google) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk ShortcutTarget: OpenOffice.org 2.4.lnk -> C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (No File) Startup: C:\Users\wir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe - Verknüpfung.lnk ShortcutTarget: thunderbird.exe - Verknüpfung.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2897898762-2063798205-3883325531-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.onewithlife.se/om HKU\S-1-5-21-2897898762-2063798205-3883325531-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/ HKU\S-1-5-21-2897898762-2063798205-3883325531-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.live.com/ URLSearchHook: HKU\S-1-5-21-2897898762-2063798205-3883325531-1000 - (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKLM -> {5F3AAD9A-4379-4DAF-A973-A23D9AC10A18} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; SearchScopes: HKU\S-1-5-21-2897898762-2063798205-3883325531-1000 -> DefaultScope {AC66E9FB-FCB5-445A-BD56-610567CDB8C1} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-2897898762-2063798205-3883325531-1000 -> {5F3AAD9A-4379-4DAF-A973-A23D9AC10A18} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; SearchScopes: HKU\S-1-5-21-2897898762-2063798205-3883325531-1000 -> {AC66E9FB-FCB5-445A-BD56-610567CDB8C1} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock) Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) Toolbar: HKU\S-1-5-21-2897898762-2063798205-3883325531-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-2897898762-2063798205-3883325531-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKU\S-1-5-21-2897898762-2063798205-3883325531-1000 -> No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No File Toolbar: HKU\S-1-5-21-2897898762-2063798205-3883325531-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-2897898762-2063798205-3883325531-1002 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - No File Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - No File Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - No File Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - No File Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - No File Winsock: Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation) Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation) Winsock: Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation) Winsock: Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation) Winsock: Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation) Winsock: Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Winsock: Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 94.249.192.104 8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\wir\AppData\Roaming\Mozilla\Firefox\Profiles\p5855q9x.default FF Homepage: hxxp://www.spiegel.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @microsoft.com/wpi,version=1.4 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp) FF Plugin: @sun.com/npsopluginmi;version=1.0 -> C:\Program Files\OpenOffice.org 2.4\program No File FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Microsoft .NET Framework Assistant - C:\Users\wir\AppData\Roaming\Mozilla\Firefox\Profiles\p5855q9x.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-02-03] FF Extension: No Name - C:\Users\wir\AppData\Roaming\Mozilla\Firefox\Profiles\p5855q9x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-06] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-06] FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [File not signed] S3 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 SE\Dfsdks.exe [406016 2009-08-24] (mst software GmbH, Germany) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed] S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1836544 2008-02-22] (Google) [File not signed] R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2008-06-15] () R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed] S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1a\RpcAgentSrv.exe [93848 2009-08-10] (SiSoftware) [File not signed] R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed] R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed] R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed] S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-20] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [290304 2007-12-26] (Realtek Semiconductor Corporation ) S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [858216 2011-05-09] (Realtek Semiconductor Corporation ) R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider) S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1a\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-26] (Avira GmbH) R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.) S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_6.3.38103.0.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 SymIMMP; system32\DRIVERS\SymIM.sys [X] S3 USBCamera; System32\Drivers\Bulk533.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-11 14:42 - 2014-12-11 14:43 - 00019926 _____ () C:\Users\wir\Downloads\FRST.txt 2014-12-11 14:42 - 2014-12-11 14:42 - 00000000 ____D () C:\FRST 2014-12-11 14:40 - 2014-12-11 14:40 - 01111040 _____ (Farbar) C:\Users\wir\Downloads\FRST.exe 2014-12-11 14:32 - 2014-12-11 14:32 - 00000486 _____ () C:\Users\wir\Downloads\defogger_disable.log 2014-12-11 14:32 - 2014-12-11 14:32 - 00000000 _____ () C:\Users\Ulrike&Bernd\defogger_reenable 2014-12-11 14:31 - 2014-12-11 14:31 - 00050477 _____ () C:\Users\wir\Downloads\Defogger.exe 2014-12-08 10:11 - 2014-12-08 10:11 - 03267360 _____ (Sphinx Software ) C:\Users\wir\Downloads\Windows8FirewallControl-Setup-i386.exe 2014-12-07 14:36 - 2014-12-07 14:36 - 00000000 ____D () C:\Users\Ulrike&Bernd\AppData\Local\Secunia PSI 2014-12-07 14:36 - 2014-12-07 14:36 - 00000000 ____D () C:\Program Files\Secunia 2014-12-07 11:48 - 2014-12-07 11:48 - 00000000 ____D () C:\Program Files\ESET 2014-12-07 00:45 - 2014-12-07 00:45 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-12-06 23:02 - 2014-12-06 23:02 - 00000000 ____D () C:\Users\wir\Favorites\Documents\ProcessExplorer 2014-12-06 21:57 - 2014-12-06 22:10 - 304617883 _____ () C:\Users\wir\Downloads\kav_rescue_10.iso 2014-12-06 21:08 - 2014-12-07 11:06 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-12-06 20:26 - 2014-12-06 20:26 - 00000000 ____D () C:\ProgramData\Preventon 2014-12-06 18:16 - 2014-12-06 18:46 - 00000000 ____D () C:\ProgramData\clp 2014-12-06 18:11 - 2014-12-06 18:11 - 02380920 _____ (SPAMfighter ApS) C:\Users\wir\Downloads\spywarefighter.exe 2014-12-06 16:44 - 2014-12-06 16:44 - 00001074 _____ () C:\malware12_14.txt 2014-12-06 16:05 - 2014-12-06 16:05 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-06 16:05 - 2014-12-06 16:05 - 00000920 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-06 16:05 - 2014-12-06 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-06 16:05 - 2014-12-06 16:05 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-12-06 16:05 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-06 16:05 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-06 16:05 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-06 16:02 - 2014-12-06 16:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\wir\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-06 14:53 - 2014-12-06 15:02 - 00000000 ____D () C:\AdwCleaner 2014-12-06 14:53 - 2014-12-06 14:53 - 00000055 _____ () C:\AdwCleanerDebug.txt 2014-12-03 17:52 - 2014-12-03 17:52 - 00000000 ____D () C:\Users\Ulrike&Bernd\AppData\Local\NokiaAccount 2014-11-20 03:01 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-17 03:22 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-17 03:22 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-17 03:22 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-17 03:22 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-17 03:21 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-17 03:21 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-17 03:21 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-17 03:20 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-17 03:20 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-17 03:19 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-17 03:19 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-17 03:19 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-17 03:19 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-17 03:18 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-17 03:01 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-16 17:20 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-16 17:20 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-16 17:20 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-16 17:20 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-16 17:20 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-16 17:20 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-16 17:20 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-16 17:20 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-16 17:20 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-16 17:20 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-16 17:20 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-16 17:20 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-16 17:20 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-16 17:20 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-16 17:20 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-16 17:20 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-16 17:20 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-16 17:20 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-16 17:20 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-16 17:20 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-16 17:20 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-11 14:39 - 2008-06-12 13:17 - 01410708 _____ () C:\Windows\WindowsUpdate.log 2014-12-11 14:36 - 2012-05-14 07:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-11 14:35 - 2010-07-17 10:02 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-11 14:32 - 2009-11-03 21:12 - 00000000 ____D () C:\Users\Ulrike&Bernd 2014-12-11 14:10 - 2010-07-17 10:02 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-10 20:46 - 2008-01-21 08:16 - 01567416 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-10 20:38 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-10 20:38 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-10 20:38 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-09 21:28 - 2006-11-02 14:01 - 00032684 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-08 00:09 - 2014-03-07 16:50 - 00000000 ____D () C:\Users\Ulrike&Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The GodFather 2014-12-08 00:09 - 2009-11-23 15:32 - 00000000 ____D () C:\Users\Sarah 2014-12-08 00:09 - 2009-09-19 15:04 - 00000000 ____D () C:\Users\Elias 2014-12-08 00:09 - 2008-06-12 13:30 - 00000000 ____D () C:\Users\wir 2014-12-08 00:09 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool 2014-12-08 00:09 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-12-08 00:08 - 2014-03-07 16:50 - 00000000 ____D () C:\Program Files\The GodFather 2014-12-08 00:08 - 2011-02-27 12:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-12-08 00:08 - 2011-02-27 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2014-12-08 00:08 - 2011-02-27 12:34 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2014-12-08 00:08 - 2010-09-26 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-12-08 00:08 - 2009-03-28 18:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-12-08 00:08 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration 2014-12-07 12:56 - 2008-07-26 12:15 - 00001356 _____ () C:\Users\wir\AppData\Local\d3d9caps.dat 2014-12-06 20:27 - 2012-10-06 22:21 - 00181558 _____ () C:\Windows\PFRO.log 2014-12-06 17:09 - 2006-11-02 12:18 - 00000000 __RSD () C:\Windows\Media 2014-12-06 16:05 - 2012-03-15 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-06 15:31 - 2014-08-29 11:06 - 00000000 ____D () C:\Users\Ulrike&Bernd\AppData\Local\Adobe 2014-12-06 15:31 - 2012-05-14 07:44 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-12-06 15:31 - 2011-07-08 10:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-12-06 14:35 - 2008-02-22 11:27 - 00000000 ____D () C:\ProgramData\Adobe 2014-12-03 17:59 - 2011-01-31 08:45 - 00000000 ____D () C:\Program Files\Nokia 2014-11-20 21:29 - 2014-09-13 13:52 - 00000920 _____ () C:\Users\wir\Desktop\Amazon Music.lnk 2014-11-18 17:09 - 2011-04-15 07:44 - 00000000 ____D () C:\Users\wir\_HausundHof 2014-11-17 03:58 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2014-11-17 03:49 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-17 03:42 - 2006-11-02 13:47 - 00334168 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-17 03:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-11-17 03:17 - 2013-07-13 02:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-17 03:02 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-11-16 17:04 - 2010-01-23 15:13 - 00000000 ____D () C:\Program Files\No23 Recorder 2014-11-11 17:11 - 2009-11-18 10:14 - 00001079 _____ () C:\Users\wir\Desktop\PersDaten.txt Some content of TEMP: ==================== C:\Users\Elias\AppData\Local\Temp\avgnt.exe C:\Users\Elias\AppData\Local\Temp\SWFXXLRT.DLL C:\Users\Sarah\AppData\Local\Temp\avgnt.exe C:\Users\Ulrike&Bernd\AppData\Local\Temp\10-2_legacy_vista32-64_dd_ccc.exe C:\Users\Ulrike&Bernd\AppData\Local\Temp\AdobeUpdater12345.exe C:\Users\Ulrike&Bernd\AppData\Local\Temp\AskSLib.dll C:\Users\Ulrike&Bernd\AppData\Local\Temp\FreemakeAudioConverter_1.1.0.53.exe C:\Users\Ulrike&Bernd\AppData\Local\Temp\NEventMessages.dll C:\Users\Ulrike&Bernd\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Ulrike&Bernd\AppData\Local\Temp\Quarantine.exe C:\Users\Ulrike&Bernd\AppData\Local\Temp\sqlite3.dll C:\Users\Ulrike&Bernd\AppData\Local\Temp\tbsoft.dll C:\Users\wir\AppData\Local\Temp\AskSLib.dll C:\Users\wir\AppData\Local\Temp\avgnt.exe C:\Users\wir\AppData\Local\Temp\NOSEventMessages.dll C:\Users\wir\AppData\Local\Temp\SkypeSetup.exe C:\Users\wir\AppData\Local\Temp\vlc-2.0.5-win32.exe C:\Users\wir\AppData\Local\Temp\WEBPLUS1031_11.0.8.033_Patch-Setup.exe C:\Users\wir\AppData\Local\Temp\_is85C2.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-12-2014
Ran by wir at 2014-12-11 14:43:55
Running from C:\Users\wir\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2897898762-2063798205-3883325531-1000\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2897898762-2063798205-3883325531-1000\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Any Video Converter 3.4.0 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Ashampoo WinOptimizer 2010 SE (HKLM\...\Ashampoo WinOptimizer 2010 SE_is1) (Version: 6.5.0 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}) (Version: 3.0.715.0 - ATI Technologies, Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Avidemux 2.5 (HKLM\...\Avidemux 2.5) (Version: 2.5.0.4944 - )
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.175.0123 - Chicony Electronics Co.,Ltd.)
ccc-core-static (Version: 2010.0210.2339.42455 - Ihr Firmenname) Hidden
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.01 - TOSHIBA)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.1.2.694 - CDBurnerXP)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-2897898762-2063798205-3883325531-1000\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
Desktop SMS (HKLM\...\{5980B928-1C95-4B3E-957B-B02D8147FF9E}) (Version: 1.2.0 - IDM)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
ElsterFormular (HKLM\...\ElsterFormular 13.2.0.8623k) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
Feedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Firebird SQL Server - MAGIX Edition (HKLM\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Free M4a to MP3 Converter 7.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Free YouTube to MP3 Converter version 3.12.2.430 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.2.430 - DVDVideoSoft Ltd.)
Freemake Audio Converter Version 1.1.0 (HKLM\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HyperCam 2 (HKLM\...\HyperCam 2) (Version: - )
IIS 7.5 Express (HKLM\...\{433E2032-D3E0-46FF-BAA4-0976F333C1E4}) (Version: 7.5.1070 - Microsoft Corporation)
Ipswitch WS_FTP Pro (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 9.01 - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
Java(TM) 6 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java(TM) 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Lernkartei Deutsch Grundschule (HKLM\...\Lernkartei Deutsch Grundschule) (Version: - )
Lernkartei Mathe Grundschule II (HKLM\...\Lernkartei Mathe Grundschule II) (Version: - )
Lern-Karteikasten Englisch Grundschule (HKLM\...\Lern-Karteikasten Englisch Grundschule) (Version: - )
MAGIX Foto Suite 1.12.0.89 (D) (HKLM\...\MAGIX Foto Suite D) (Version: 1.12.0.89 - MAGIX AG)
MAGIX Online Druck Service 2.3.2.0 (D) (HKLM\...\MAGIX Online Druck Service D) (Version: 2.3.2.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mathe Klasse 1 - 4 (HKLM\...\Mathe Klasse 1 - 4) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - DEU (HKLM\...\{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{185292F7-7C0A-4F72-B2CC-CBEBD40B050E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 DEU (HKLM\...\{EA61F81B-5754-4B5A-9BC5-FFEDC29D1DBC}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Deploy 2.0 (HKLM\...\{5134B35A-B559-4762-94A4-FD4918977953}) (Version: 2.0.1070 - Microsoft Corporation)
Microsoft Web Platform Installer 3.0 (HKLM\...\{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}) (Version: 3.0.5 - Microsoft Corporation)
Microsoft WebMatrix (HKLM\...\{3B2BEBFF-32B8-471D-9422-039A8F19C87E}) (Version: 1.0.1073 - Microsoft Corporation)
Moorhuhn Total (HKLM\...\{26BD3ED8-4879-400F-8DB0-28E0D0AD98BC}) (Version: - )
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird (3.0.1) (HKLM\...\Mozilla Thunderbird (3.0.1)) (Version: 3.0.1 (de) - Mozilla)
MSN Toolbar (HKLM\...\{0A88ADDA-E297-4AB8-9540-016230895F62}) (Version: 3.0.1203.0 - Microsoft Corporation)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mufin MusicFinder Base 1.5.3.250 (D) (HKLM\...\Mufin MusicFinder Base D) (Version: 1.5.3.250 - MAGIX AG)
myphotobook 3.5 (HKLM\...\myphotobook) (Version: 3.5 - myphotobook)
No23 Recorder (HKLM\...\{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}) (Version: 2.1.0.3 - No23)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OLYMPUS ib (HKLM\...\InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}) (Version: 1.0.1101 - OLYMPUS IMAGING CORP.)
OLYMPUS ib (Version: 1.0.1101 - OLYMPUS IMAGING CORP.) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PC Connectivity Solution (HKLM\...\{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}) (Version: 10.50.2.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.1 - Frank Heindörfer, Philip Chinery)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Pixum Fotobuch (HKLM\...\Pixum Fotobuch) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5559 - Realtek Semiconductor Corp.)
REALTEK RTL8187B Wireless LAN Driver (HKLM\...\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}) (Version: Package:1.00.0026 Driver:6.1116.1226.2007 - )
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Realtek WiFi Protected Setup Library (HKLM\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: Package:1.00.0026 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0180 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
Rowisoft® red™ (HKLM\...\{393C8A7A-8EFC-4550-9C3F-714860583984}_is1) (Version: - Rowisoft GmbH)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.3.11082_152 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.0.3.11082_152 - Samsung Electronics Co., Ltd.) Hidden
Samsung Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.1.14 - Samsung)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.4.0 - SAMSUNG Electronics Co., Ltd.)
Serif WebPlus X2 - Ressourcen (HKLM\...\{05BC428A-F2A5-4E11-8130-10C3237FD67B}) (Version: 11.0.1.013 - Serif (Europe) Ltd)
Serif WebPlus X2 (HKLM\...\{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}) (Version: 11.0.5.029 - Serif (Europe) Ltd)
Serif WebPlus X2 Vorlagenpalette: Business & E-Commerce (HKLM\...\{E17EF5E4-5B2E-4E1D-AF84-707D9A91A383}) (Version: 11.0.0.010 - Serif (Europe) Ltd)
Serif WebPlus X2 Vorlagenpalette: Home & Hobby (HKLM\...\{B2929372-A37F-4C06-AC55-7CD8FEF5727C}) (Version: 11.0.0.010 - Serif (Europe) Ltd)
Simple Adblock (HKLM\...\{54B19DCE-232F-45A3-80D9-2141DEDF6D8F}) (Version: 1.1.0 - Simple Adblock)
SiSoftware Sandra Lite 2011.SP1a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1) (Version: 17.43.2011.4 - SiSoftware)
Skins (Version: 2010.0210.2339.42455 - ATI) Hidden
Skype™ 6.7 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
Teachmaster 4.3 (nur Entfernen) (HKLM\...\Teachmaster 4.3) (Version: - )
The GodFather (HKLM\...\The GodFather) (Version: - )
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - )
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.04 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{56995235-B76E-44A6-BA17-8FF13D3F907A}) (Version: 7.36 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.1.27 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.1.a - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.20.10 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 1.0.2.32 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.06 - )
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.03 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.14 - TOSHIBA Corporation)
TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0014 - TOSHIBA)
TRDCReminder (Version: 1.00.0014 - TOSHIBA) Hidden
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
Vistumbler (HKLM\...\Vistumbler) (Version: v10 - Vistumbler.net)
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Webtools von Microsoft SQL Server Compact 4.0 DEU (HKLM\...\{76FAE3C6-F0F2-43D3-9D94-C2AD772C2326}) (Version: 4.0.8482.1 - Microsoft Corporation)
Windows Media Encoder 9-Reihe (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WLAN Monitor (Version: 4.00.0000 - Vodafone D2 GmbH) Hidden
WLAN Quick Starter (Version: 4.60.0000 - Vodafone D2 GmbH) Hidden
Youtube Downloader HD v. 2.1 (HKLM\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
==================== Loaded Modules (whitelisted) =============
2010-02-22 11:07 - 2004-05-25 08:50 - 00839680 _____ () C:\Program Files\Ipswitch\WS_FTP Pro\LIBEAY32.dll
2010-02-22 11:07 - 2004-05-25 08:50 - 00159744 _____ () C:\Program Files\Ipswitch\WS_FTP Pro\SSLEAY32.dll
2010-02-22 11:07 - 2004-08-18 14:25 - 00147502 _____ () C:\Program Files\Ipswitch\WS_FTP Pro\wsftplib.dll
2010-02-22 11:07 - 2004-08-18 14:25 - 00069678 _____ () C:\Program Files\Ipswitch\WS_FTP Pro\wsfirscr.dll
2010-02-22 11:07 - 2004-08-18 14:24 - 00049197 _____ () C:\Program Files\Ipswitch\WS_FTP Pro\wshosts.dll
2010-02-22 11:07 - 2004-08-18 14:27 - 00311340 _____ () C:\Program Files\Ipswitch\WS_FTP Pro\ipspgp.dll
2010-01-05 10:02 - 2009-11-30 09:20 - 00638824 _____ () C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 SE\ContextHandler.dll
2008-02-22 11:13 - 2008-01-29 16:00 - 00430080 _____ () C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
2008-02-22 10:26 - 2010-02-11 06:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2012-10-16 16:53 - 2012-10-16 16:53 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-11-24 12:36 - 2009-11-24 12:36 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-02-22 22:25 - 2010-02-23 21:56 - 00160432 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2010-02-22 22:25 - 2010-02-23 21:56 - 00020144 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2009-03-10 09:22 - 2009-03-10 09:22 - 00049664 _____ () C:\Program Files\IrfanView\Languages\DEUTSCH.DLL
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Rowisoft Virtual Printer virtual printer agent => "C:\Program Files\Rowisoft red\printer\rvpagent.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-2897898762-2063798205-3883325531-500 - Administrator - Disabled)
Elias (S-1-5-21-2897898762-2063798205-3883325531-1001 - Limited - Enabled) => C:\Users\Elias
Gast (S-1-5-21-2897898762-2063798205-3883325531-501 - Limited - Enabled)
Sarah (S-1-5-21-2897898762-2063798205-3883325531-1003 - Limited - Enabled) => C:\Users\Sarah
Ulrike&Bernd (S-1-5-21-2897898762-2063798205-3883325531-1002 - Administrator - Enabled) => C:\Users\Ulrike&Bernd
wir (S-1-5-21-2897898762-2063798205-3883325531-1000 - Limited - Enabled) => C:\Users\wir
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/10/2014 08:39:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/09/2014 09:27:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/09/2014 08:49:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/08/2014 10:25:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/08/2014 08:49:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2014 03:22:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2014 03:12:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2014 02:47:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.
System Error:
Der Computer wird heruntergefahren.
Error: (12/07/2014 11:11:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2014 11:11:15 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
System errors:
=============
Error: (12/11/2014 02:11:05 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.2.100 für die Netzwerkkarte mit der Netzwerkadresse 001B9EE70245 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (12/10/2014 08:42:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
Error: (12/10/2014 08:42:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows-Dienst für Schriftartencache%%1053
Error: (12/10/2014 08:42:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows-Dienst für Schriftartencache
Error: (12/10/2014 08:39:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Realtek11nSU
Error: (12/10/2014 08:38:45 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.2.100 für die Netzwerkkarte mit der Netzwerkadresse 001B9EE70245 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (12/09/2014 09:27:24 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.2.101 für die Netzwerkkarte mit der Netzwerkadresse 001B9EE70245 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (12/09/2014 08:48:41 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.2.100 für die Netzwerkkarte mit der Netzwerkadresse 001B9EE70245 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (12/09/2014 05:28:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Google Update Service (gupdate)1
Error: (12/09/2014 05:28:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMScheduler
Microsoft Office Sessions:
=========================
Error: (12/10/2014 08:39:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/09/2014 09:27:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/09/2014 08:49:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/08/2014 10:25:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/08/2014 08:49:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2014 03:22:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2014 03:12:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2014 02:47:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.
System Error:
Der Computer wird heruntergefahren.
Error: (12/07/2014 11:11:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2014 11:11:15 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
CodeIntegrity Errors:
===================================
Date: 2014-12-11 14:43:46.017
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-11 14:43:44.910
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-11 14:43:43.802
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-11 14:43:42.694
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-11 14:43:41.368
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-11 14:43:40.245
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-11 14:43:39.105
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-11 14:43:37.998
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-11 14:43:09.509
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-11 14:43:08.402
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57
Percentage of memory in use: 41%
Total physical RAM: 3452.7 MB
Available physical RAM: 2028.17 MB
Total Pagefile: 7121.17 MB
Available Pagefile: 5539.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.46 MB
==================== Drives ================================
Drive c: (Vista) (Fixed) (Total:116.37 GB) (Free:20.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Data) (Fixed) (Total:115.05 GB) (Free:86.21 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-11 15:34:57
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2546GSX rev.LB013M 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\ULRIKE~1\AppData\Local\Temp\kfddqpow.sys
---- System - GMER 2.1 ----
SSDT 8D618B16 ZwCreateSection
SSDT 8D618B20 ZwRequestWaitReplyPort
SSDT 8D618B1B ZwSetContextThread
SSDT 8D618B25 ZwSetSecurityObject
SSDT 8D618B2A ZwSystemDebugControl
SSDT 8D618AB7 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 822C5860 4 Bytes [16, 8B, 61, 8D] {PUSH SS; MOV ESP, [ECX-0x73]}
.text ntkrnlpa.exe!KeSetEvent + 539 822C5B84 4 Bytes [20, 8B, 61, 8D]
.text ntkrnlpa.exe!KeSetEvent + 56D 822C5BB8 4 Bytes [1B, 8B, 61, 8D]
.text ntkrnlpa.exe!KeSetEvent + 5D1 822C5C1C 4 Bytes [25, 8B, 61, 8D]
.text ntkrnlpa.exe!KeSetEvent + 619 822C5C64 4 Bytes [2A, 8B, 61, 8D]
.text ...
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8B34F000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8B398000, 0x510, 0x40000040]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F602000, 0x267978, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!LdrLoadDll 77689378 5 Bytes JMP 63371F4C C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!NtCreateFile 776C4264 5 Bytes JMP 586E3D20 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!NtFlushBuffersFile 776C4764 3 Bytes JMP 586CC661 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!NtFlushBuffersFile + 4 776C4768 1 Byte [E1]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!NtQueryFullAttributesFile 776C4C94 5 Bytes JMP 586E3820 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!NtReadFile 776C4EC4 3 Bytes JMP 586CC750 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!NtReadFile + 4 776C4EC8 1 Byte [E1]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!NtReadFileScatter 776C4ED4 5 Bytes JMP 58F6E1FF C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!NtWriteFile 776C54D4 5 Bytes JMP 586E43D0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!NtWriteFileGather 776C54E4 5 Bytes JMP 58F6E1AE C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2284] kernel32.dll!HeapSetInformation + 26 7643A9B8 7 Bytes JMP 586E06F3 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2284] kernel32.dll!LockResource + C 76456BD3 7 Bytes JMP 58F0F55F C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2284] kernel32.dll!VirtualAllocEx + 54 7645B030 7 Bytes JMP 58F0F582 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2284] USER32.dll!GetWindowInfo 75EE428E 5 Bytes JMP 58E1E5A9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2284] GDI32.dll!SetStretchBltMode + 256 7787745C 7 Bytes JMP 58F0F4E0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2488] USER32.dll!InSendMessageEx + 4C9 75EDE7C8 7 Bytes JMP 589344B6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2488] USER32.dll!CreateWindowExW + AA 75EE13AF 7 Bytes JMP 58934527 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2488] USER32.dll!GetWindowInfo 75EE428E 5 Bytes JMP 5893825D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2488] USER32.dll!SetMenuItemBitmaps + 71 75EF14EE 7 Bytes JMP 58931BFA C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateFile + 6 776C426A 4 Bytes [28, 88, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateFile + B 776C426F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateKey + 6 776C42AA 4 Bytes [68, 89, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateKey + B 776C42AF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateMutant + 6 776C42DA 4 Bytes [28, 8A, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateMutant + B 776C42DF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateSection + 6 776C435A 4 Bytes [68, 8A, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateSection + B 776C435F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtMapViewOfSection + 6 776C49BA 4 Bytes [A8, 8C, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtMapViewOfSection + B 776C49BF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenFile + 6 776C4A4A 4 Bytes [68, 88, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenFile + B 776C4A4F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenKey + 6 776C4A7A 4 Bytes [A8, 89, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenKey + B 776C4A7F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenMutant + B 776C4A9F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenProcess + 6 776C4ACA 4 Bytes [28, 8B, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenProcess + B 776C4ACF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenProcessToken + 6 776C4ADA 4 Bytes [68, 8B, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenProcessToken + B 776C4ADF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenProcessTokenEx + 6 776C4AEA 4 Bytes [28, 8C, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenProcessTokenEx + B 776C4AEF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenSection + 6 776C4AFA 4 Bytes [A8, 8A, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenSection + B 776C4AFF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenThread + B 776C4B3F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenThreadToken + B 776C4B4F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenThreadTokenEx + 6 776C4B5A 4 Bytes [68, 8C, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenThreadTokenEx + B 776C4B5F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtQueryAttributesFile + 6 776C4BEA 4 Bytes [A8, 88, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtQueryAttributesFile + B 776C4BEF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtQueryFullAttributesFile + B 776C4C9F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtSetInformationFile + 6 776C517A 4 Bytes [28, 89, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtSetInformationFile + B 776C517F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtSetInformationThread + 6 776C51CA 4 Bytes [A8, 8B, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtSetInformationThread + B 776C51CF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtUnmapViewOfSection + B 776C546F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] kernel32.dll!CreateProcessW 76411BF3 5 Bytes JMP 000800B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] kernel32.dll!CreateProcessA 76411C28 5 Bytes JMP 000800F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] kernel32.dll!OpenEventW 7642C033 5 Bytes JMP 00080070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] kernel32.dll!CreateEventW 7645B93E 5 Bytes JMP 00080030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!DeleteObject 77875A37 5 Bytes JMP 001B01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetDeviceCaps 7787617F 5 Bytes JMP 001B03B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SelectObject 778762A0 5 Bytes JMP 001B05F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetTextColor 7787666B 5 Bytes JMP 001B0A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetBkMode 77876716 5 Bytes JMP 001B08F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!DeleteDC 778768CD 5 Bytes JMP 001B0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetCurrentObject 77876B58 5 Bytes JMP 001B0370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetStretchBltMode 77877206 5 Bytes JMP 001B06B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SaveDC 778775BA 5 Bytes JMP 001B0570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!RestoreDC 77877675 5 Bytes JMP 001B0530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!StretchDIBits 778778CF 5 Bytes JMP 001B0770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!ExtSelectClipRgn 778779F8 5 Bytes JMP 001B02F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SelectClipRgn 77877AF9 5 Bytes JMP 001B05B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!MoveToEx 77877C33 5 Bytes JMP 001B0470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!Rectangle 77877EA9 5 Bytes JMP 001B09B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextAlign 778782E0 5 Bytes JMP 001B0D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetTextAlign 778785CB 5 Bytes JMP 001B09F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!ExtTextOutW 7787872B 5 Bytes JMP 001B0970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextMetricsW 77878A81 5 Bytes JMP 001B0E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!IntersectClipRect 77878B64 5 Bytes JMP 001B03F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetClipBox 77879071 5 Bytes JMP 001B0330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetICMMode 778794E7 5 Bytes JMP 001B0DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!CreateDCW 7787A91D 5 Bytes JMP 001B00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!CreateDCA 7787AA49 5 Bytes JMP 001B00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!CreateICW 7787B2E9 5 Bytes JMP 001B0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextFaceW 7787B637 5 Bytes JMP 001B0D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetFontData 7787BA6C 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetFontData 7787BA6C 5 Bytes JMP 001B0C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextExtentPoint32W 7787C01A 5 Bytes JMP 001B0670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetWorldTransform 7787C46A 5 Bytes JMP 001B06F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!LineTo 7787C65E 5 Bytes JMP 001B0430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextMetricsA 7787CCEB 5 Bytes JMP 001B0DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!ExtTextOutA 7788008D 5 Bytes JMP 001B0930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextExtentPoint32A 77880E40 5 Bytes JMP 001B0630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!ExtEscape 7788228F 5 Bytes JMP 001B02B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!Escape 778827D9 5 Bytes JMP 001B0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!ResetDCW 7788311A 5 Bytes JMP 001B0AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!EndPage 77883746 5 Bytes JMP 001B0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetPolyFillMode 778861BB 5 Bytes JMP 001B0B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetMiterLimit 778862CA 5 Bytes JMP 001B0B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextFaceA 7788F479 5 Bytes JMP 001B0CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetGlyphOutlineW 7789A587 5 Bytes JMP 001B0CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!CreateScalableFontResourceW 7789C9E3 5 Bytes JMP 001B0BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!AddFontResourceW 7789CDEB 5 Bytes JMP 001B0BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!RemoveFontResourceW 7789D281 5 Bytes JMP 001B0C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!AbortDoc 778A2ED2 5 Bytes JMP 001B0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!EndDoc 778A32E6 5 Bytes JMP 001B01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!StartPage 778A33D1 5 Bytes JMP 001B0730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!StartDocW 778A3EB5 5 Bytes JMP 001B07F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!BeginPath 778A466D 5 Bytes JMP 001B0830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SelectClipPath 778A46C4 5 Bytes JMP 001B0AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!CloseFigure 778A471F 5 Bytes JMP 001B0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!EndPath 778A4776 5 Bytes JMP 001B0A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!StrokePath 778A49A8 5 Bytes JMP 001B07B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!FillPath 778A4A34 5 Bytes JMP 001B0870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!PolylineTo 778A4E9D 5 Bytes JMP 001B04F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!PolyBezierTo 778A4F2D 5 Bytes JMP 001B04B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!PolyDraw 778A4FDE 5 Bytes JMP 001B08B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!SetCursor 75EDD37D 5 Bytes JMP 002C0530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!RegisterClipboardFormatW 75EDD6AC 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!RegisterClipboardFormatW 75EDD6AC 5 Bytes JMP 002C02B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!ActivateKeyboardLayout 75EE478C 5 Bytes JMP 002C04F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!IsWindowVisible 75EE878A 7 Bytes JMP 002C06B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!MonitorFromWindow 75EE88D4 7 Bytes JMP 002C0630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!ScreenToClient 75EE8C56 7 Bytes JMP 002C0670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetClientRect 75EE8F0D 7 Bytes JMP 002C05B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetParent 75EE90AA 7 Bytes JMP 002C06F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!RegisterClipboardFormatA 75EEA111 5 Bytes JMP 002C02F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!PostMessageW 75EEA175 5 Bytes JMP 002C05F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!MapWindowPoints 75EEA30D 5 Bytes JMP 002C0570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetClipboardFormatNameA 75EEA552 5 Bytes JMP 002C0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetOpenClipboardWindow 75EF26A6 5 Bytes JMP 002C03F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!SetClipboardViewer 75EFBA2D 5 Bytes JMP 002C04B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!IsClipboardFormatAvailable 75EFC2E3 5 Bytes JMP 002C00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!CloseClipboard 75EFC2F7 5 Bytes JMP 002C00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!OpenClipboard 75EFC31D 5 Bytes JMP 002C0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetTopWindow 75EFCE0A 7 Bytes JMP 002C0730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetClipboardSequenceNumber 75EFD8B7 5 Bytes JMP 002C0330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!ChangeClipboardChain 75EFDF83 5 Bytes JMP 002C0430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!CountClipboardFormats 75F00048 5 Bytes JMP 002C01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetClipboardOwner 75F026EF 5 Bytes JMP 002C0370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!SetClipboardData 75F16410 5 Bytes JMP 002C0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!EnumClipboardFormats 75F16D16 5 Bytes JMP 002C01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!SetCursorPos 75F16FB2 5 Bytes JMP 002C0770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetClipboardData 75F1715A 5 Bytes JMP 002C0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetClipboardFormatNameW 75F1A99F 5 Bytes JMP 002C0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!EmptyClipboard 75F3398B 5 Bytes JMP 002C0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetClipboardViewer 75F339ED 5 Bytes JMP 002C0470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetPriorityClipboardFormat 75F33AEF 5 Bytes JMP 002C03B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ole32.dll!OleGetClipboard 75D974C9 5 Bytes JMP 002D00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ole32.dll!OleSetClipboard 75DC11E3 5 Bytes JMP 002D0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ole32.dll!OleIsCurrentClipboard 75DCA8F9 5 Bytes JMP 002D0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!FreeContextBuffer 75BB2D83 5 Bytes JMP 002F00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!DeleteSecurityContext 75BB2F18 5 Bytes JMP 002F0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!FreeCredentialsHandle 75BB3598 5 Bytes JMP 002F0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!EncryptMessage 75BB3745 5 Bytes JMP 002F01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!DecryptMessage 75BB3813 5 Bytes JMP 002F0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!InitializeSecurityContextA 75BB87DF 5 Bytes JMP 002F0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!AcquireCredentialsHandleA 75BB8A43 5 Bytes JMP 002F0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!QueryContextAttributesA 75BB8E77 5 Bytes JMP 002F0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!ApplyControlToken 75BBDE4F 5 Bytes JMP 002F01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!QueryCredentialsAttributesA 75BBE052 5 Bytes JMP 002F00B0
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- EOF - GMER 2.1 ----
Geändert von bernd60 (11.12.2014 um 16:25 Uhr) |
|
11.12.2014, 18:41
| #2 |
| /// the machine /// TB-Ausbilder    | wüste PopUps auf zwei Rechnern und drei Betriebssystemen Hi,
__________________Router auf Werkseinstellungen zurücksetzen. Dann auf allen Rechnern: Alle Browser zurücksetzen ipconfig /flushdns durchführen.
__________________ |
|
14.12.2014, 18:19
| #3 |
| | wüste PopUps auf zwei Rechnern und drei Betriebssystemen Dankeschön - alles so gemacht!
__________________Aber: seit ich die drei von Euch gewünschten Programme habe laufen lassen ( - vor frst hatte Windows heftig gewarnt, würde Schäden verursachen - ) geht einiges nicht mehr: IE, win media player und manche nicht-MS-Programme gehen nur als Administrator, VLC Player hat keinen Ton. Aktuell habe ich keine PopUps (ich hatte allerdings erstmals seit Tagen heute auch keine VOR dem Router-reset) .Wie wahrscheinlich ist es, daß es damit rum ist? Und was war überhaupt passiert? VG Bernd |
|
15.12.2014, 19:09
| #4 |
| /// the machine /// TB-Ausbilder | wüste PopUps auf zwei Rechnern und drei Betriebssystemen Das hat nix mit FRST zu tun. der Smart ScreenFilter von Windows warnt weil FRST nicht mega oft verwendet wird, normal. Alle Tools die hier benutzt werden sind 100% sauber und safe. Dein Problem kommt von einem der letzten Windows Updates, haben viele.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.12.2014, 18:21
| #5 |
| | wüste PopUps auf zwei Rechnern und drei Betriebssystemen na ja, das letzte Update war im November. Ein vernünftiges Arbeiten ist +- eine Stunde seit dem Laufenlassen dieser drei Programme nicht mehr möglich. Gibt´s da eine Reparaturmöglichkeit? Soll ich Defogger wieder enablen? VG Bernd |
|
18.12.2014, 20:23
| #6 | |
| /// the machine /// TB-Ausbilder | wüste PopUps auf zwei Rechnern und drei BetriebssystemenZitat:
Vor allem sind FRST und GMER reine Scanner. Defogger disabled Emulationssoftware für virtuelle Laufwerke, bei Dir wurde aber nichts disabled. Poste mal bitte ein frisches FRST log. Was ist mit dem Grundproblem aus dem Thema`?
__________________ --> wüste PopUps auf zwei Rechnern und drei Betriebssystemen |
|
20.12.2014, 17:33
| #7 |
| | wüste PopUps auf zwei Rechnern und drei Betriebssystemen ja das Grundproblem: wirkt weiterhin gelöst - keine PopUps. Nachdem Windows gar nicht mehr vernünftig ging, habe ich den Rechner neu aufgesetzt. Aktuell scheint alles prima. Vor FRST & Co habe ich jetzt doch etwas Bammel. Wie wahrscheinlich ist es denn, daß nach format c: noch was übrig ist? VG Bernd |
|
21.12.2014, 16:34
| #8 | |
| /// the machine /// TB-Ausbilder | wüste PopUps auf zwei Rechnern und drei BetriebssystemenZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu wüste PopUps auf zwei Rechnern und drei Betriebssystemen |
| appdata, branding, datei, device driver, dvdvideosoft ltd., einstellungen, explorer, folge, gehackt, gmer, mail, malwarebytes, namen, popups, ports, programm, prozesse, rechner, router, safer networking, schließen, seite, seiten, stick, system, temp, virus, virustotal, win8.1, wlan |
Linear-Darstellung
