Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: wüste PopUps auf zwei Rechnern und drei Betriebssystemen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.12.2014, 15:08   #1
bernd60
 
wüste PopUps auf zwei Rechnern und drei Betriebssystemen - Standard

wüste PopUps auf zwei Rechnern und drei Betriebssystemen



Hallo liebe Helfer in der Not,

zuerst war es nur der elterliche VISTA-PC: Skype-artigeMeldungen, Popups v.a. rechts unten, beim Schließen öffnen sich russische Seiten, gerne und zunehmend pornografische Darstellungen. Außerhalb des Browsers scheint alles normal.

Avira hatte vor ca 2 Wochen Alarm geschlagen bei falscher Telekom-Rechnung, scheinbar keine negativen Folgen. Gemeldet wurde:
In der Datei 'C:\Users\wir\AppData\Local\Temp\Temp1_rechnungonline_telekom_000002920019.zip\rechnungonline_telekom_000002920019_2014_11_43726700032_de_003938289_02 7.exe'
wurde ein Virus oder unerwünschtes Programm 'HEUR/APC (Cloud)' [HEUR/APC] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Ich habe laufen gelassen: ADW cleaner, Malwarebytes (abgesicherter Modus), Emisoft, Kasperskys rescue disc. Es wird nichts gefährliches gefunden. VirusTotal findet alle Prozesse im Process Explorer ok. GRC hält den Router für sehr sicher, aber die Ports 21, 23 und 80 sind offen.
Einen Tag später hat unser Sohn (Win8.1) die gleichen Sachen. Die Rechner sind im gleichen WLAN, aber sonst nicht miteinander verbunden.

Ich boote von einer Linux-Puppy CD-ROM. Keine Popups im Puppy-Browser.
Puppy speichert Einstellungen auf frisch formatiertem Stick -> Popups und pornografischste Seiten im Puppy-Browser.

Würde in dieser Situation eine Neuinstallation überhaupt etwas bringen? Kann das daraufhinweisen, daß WLAN oder Router gehackt sind?

Ich werde, soweit noch möglich, immer ratloser.

Danke schonmal und viele Grüße
Bernd


PS1: jemand mir kompetent erscheinendes tippte bei einem wirklich nicht-beschreibbaren System auf eine DNS-Umleitung im Router. Der Router ist ein betagtes Modell von HAMA.
Dazu fällt mir ein:
vor ca 2 Monaten landeten wir auf einer gefakten Amazon-Seite und hatten uns da eingeloggt. Daraufhin waren wir bei Amazon ausgesperrt und zahlreiche teure Artikel waren in unserem Namen zum Verkauf eingestellt. Alles längst behoben, Password und Mail geändert, aber das war wohl ein großes Scheunentor…

PS2: Der Versuch, GMER runterzuladen, scheiterte mit dem IE. IE läßt sich jetzt nicht mehr öffnen.

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:32 on 11/12/2014 (Ulrike&Bernd)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2014
Ran by wir (ATTENTION: The logged in user is not administrator) on WIR-PC on 11-12-2014 14:42:55
Running from C:\Users\wir\Downloads
Loaded Profiles: wir & Ulrike&Bernd (Available profiles: wir & Elias & Ulrike&Bernd & Sarah)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Messaging) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Irfan Skiljan) C:\Program Files\IrfanView\i_view32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [149280 2010-01-06] (Sun Microsystems, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2897898762-2063798205-3883325531-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [430080 2008-01-29] ()
HKU\S-1-5-21-2897898762-2063798205-3883325531-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2897898762-2063798205-3883325531-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [145408 2008-02-22] (Google)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Elias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
ShortcutTarget: OpenOffice.org 2.4.lnk -> C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (No File)
Startup: C:\Users\wir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe - Verknüpfung.lnk
ShortcutTarget: thunderbird.exe - Verknüpfung.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2897898762-2063798205-3883325531-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.onewithlife.se/om
HKU\S-1-5-21-2897898762-2063798205-3883325531-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/
HKU\S-1-5-21-2897898762-2063798205-3883325531-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.live.com/
URLSearchHook: HKU\S-1-5-21-2897898762-2063798205-3883325531-1000 - (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} -  No File
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
SearchScopes: HKLM -> {5F3AAD9A-4379-4DAF-A973-A23D9AC10A18} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
SearchScopes: HKU\S-1-5-21-2897898762-2063798205-3883325531-1000 -> DefaultScope {AC66E9FB-FCB5-445A-BD56-610567CDB8C1} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2897898762-2063798205-3883325531-1000 -> {5F3AAD9A-4379-4DAF-A973-A23D9AC10A18} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
SearchScopes: HKU\S-1-5-21-2897898762-2063798205-3883325531-1000 -> {AC66E9FB-FCB5-445A-BD56-610567CDB8C1} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-2897898762-2063798205-3883325531-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2897898762-2063798205-3883325531-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-2897898762-2063798205-3883325531-1000 -> No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} -  No File
Toolbar: HKU\S-1-5-21-2897898762-2063798205-3883325531-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2897898762-2063798205-3883325531-1002 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -  No File
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File
Winsock: Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Winsock: Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Winsock: Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 94.249.192.104 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\wir\AppData\Roaming\Mozilla\Firefox\Profiles\p5855q9x.default
FF Homepage: hxxp://www.spiegel.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.4 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin: @sun.com/npsopluginmi;version=1.0 -> C:\Program Files\OpenOffice.org 2.4\program No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\wir\AppData\Roaming\Mozilla\Firefox\Profiles\p5855q9x.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-02-03]
FF Extension: No Name - C:\Users\wir\AppData\Roaming\Mozilla\Firefox\Profiles\p5855q9x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-06]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [File not signed]
S3 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 SE\Dfsdks.exe [406016 2009-08-24] (mst software GmbH, Germany) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1836544 2008-02-22] (Google) [File not signed]
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2008-06-15] ()
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1a\RpcAgentSrv.exe [93848 2009-08-10] (SiSoftware) [File not signed]
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-20] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [290304 2007-12-26] (Realtek Semiconductor Corporation                           )
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [858216 2011-05-09] (Realtek Semiconductor Corporation                           )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP1a\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-26] (Avira GmbH)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_6.3.38103.0.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 USBCamera; System32\Drivers\Bulk533.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-11 14:42 - 2014-12-11 14:43 - 00019926 _____ () C:\Users\wir\Downloads\FRST.txt
2014-12-11 14:42 - 2014-12-11 14:42 - 00000000 ____D () C:\FRST
2014-12-11 14:40 - 2014-12-11 14:40 - 01111040 _____ (Farbar) C:\Users\wir\Downloads\FRST.exe
2014-12-11 14:32 - 2014-12-11 14:32 - 00000486 _____ () C:\Users\wir\Downloads\defogger_disable.log
2014-12-11 14:32 - 2014-12-11 14:32 - 00000000 _____ () C:\Users\Ulrike&Bernd\defogger_reenable
2014-12-11 14:31 - 2014-12-11 14:31 - 00050477 _____ () C:\Users\wir\Downloads\Defogger.exe
2014-12-08 10:11 - 2014-12-08 10:11 - 03267360 _____ (Sphinx Software ) C:\Users\wir\Downloads\Windows8FirewallControl-Setup-i386.exe
2014-12-07 14:36 - 2014-12-07 14:36 - 00000000 ____D () C:\Users\Ulrike&Bernd\AppData\Local\Secunia PSI
2014-12-07 14:36 - 2014-12-07 14:36 - 00000000 ____D () C:\Program Files\Secunia
2014-12-07 11:48 - 2014-12-07 11:48 - 00000000 ____D () C:\Program Files\ESET
2014-12-07 00:45 - 2014-12-07 00:45 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-12-06 23:02 - 2014-12-06 23:02 - 00000000 ____D () C:\Users\wir\Favorites\Documents\ProcessExplorer
2014-12-06 21:57 - 2014-12-06 22:10 - 304617883 _____ () C:\Users\wir\Downloads\kav_rescue_10.iso
2014-12-06 21:08 - 2014-12-07 11:06 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-12-06 20:26 - 2014-12-06 20:26 - 00000000 ____D () C:\ProgramData\Preventon
2014-12-06 18:16 - 2014-12-06 18:46 - 00000000 ____D () C:\ProgramData\clp
2014-12-06 18:11 - 2014-12-06 18:11 - 02380920 _____ (SPAMfighter ApS) C:\Users\wir\Downloads\spywarefighter.exe
2014-12-06 16:44 - 2014-12-06 16:44 - 00001074 _____ () C:\malware12_14.txt
2014-12-06 16:05 - 2014-12-06 16:05 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-06 16:05 - 2014-12-06 16:05 - 00000920 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-06 16:05 - 2014-12-06 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-06 16:05 - 2014-12-06 16:05 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-12-06 16:05 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-06 16:05 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-06 16:05 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-06 16:02 - 2014-12-06 16:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\wir\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-06 14:53 - 2014-12-06 15:02 - 00000000 ____D () C:\AdwCleaner
2014-12-06 14:53 - 2014-12-06 14:53 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-03 17:52 - 2014-12-03 17:52 - 00000000 ____D () C:\Users\Ulrike&Bernd\AppData\Local\NokiaAccount
2014-11-20 03:01 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-17 03:22 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-17 03:22 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-17 03:22 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-17 03:22 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-17 03:21 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-17 03:21 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-17 03:21 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-17 03:20 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-17 03:20 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-17 03:19 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-17 03:19 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-17 03:19 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-17 03:19 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-17 03:18 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-17 03:01 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-16 17:20 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-16 17:20 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-16 17:20 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-16 17:20 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-16 17:20 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-16 17:20 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-16 17:20 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-16 17:20 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-16 17:20 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-16 17:20 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-16 17:20 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-16 17:20 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-16 17:20 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-16 17:20 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-16 17:20 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-16 17:20 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-16 17:20 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-16 17:20 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-16 17:20 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-16 17:20 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-16 17:20 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-11 14:39 - 2008-06-12 13:17 - 01410708 _____ () C:\Windows\WindowsUpdate.log
2014-12-11 14:36 - 2012-05-14 07:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-11 14:35 - 2010-07-17 10:02 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-11 14:32 - 2009-11-03 21:12 - 00000000 ____D () C:\Users\Ulrike&Bernd
2014-12-11 14:10 - 2010-07-17 10:02 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-10 20:46 - 2008-01-21 08:16 - 01567416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-10 20:38 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-10 20:38 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-10 20:38 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 21:28 - 2006-11-02 14:01 - 00032684 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-08 00:09 - 2014-03-07 16:50 - 00000000 ____D () C:\Users\Ulrike&Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The GodFather
2014-12-08 00:09 - 2009-11-23 15:32 - 00000000 ____D () C:\Users\Sarah
2014-12-08 00:09 - 2009-09-19 15:04 - 00000000 ____D () C:\Users\Elias
2014-12-08 00:09 - 2008-06-12 13:30 - 00000000 ____D () C:\Users\wir
2014-12-08 00:09 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-12-08 00:09 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-12-08 00:08 - 2014-03-07 16:50 - 00000000 ____D () C:\Program Files\The GodFather
2014-12-08 00:08 - 2011-02-27 12:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-08 00:08 - 2011-02-27 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-12-08 00:08 - 2011-02-27 12:34 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-12-08 00:08 - 2010-09-26 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-08 00:08 - 2009-03-28 18:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-08 00:08 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-12-07 12:56 - 2008-07-26 12:15 - 00001356 _____ () C:\Users\wir\AppData\Local\d3d9caps.dat
2014-12-06 20:27 - 2012-10-06 22:21 - 00181558 _____ () C:\Windows\PFRO.log
2014-12-06 17:09 - 2006-11-02 12:18 - 00000000 __RSD () C:\Windows\Media
2014-12-06 16:05 - 2012-03-15 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-06 15:31 - 2014-08-29 11:06 - 00000000 ____D () C:\Users\Ulrike&Bernd\AppData\Local\Adobe
2014-12-06 15:31 - 2012-05-14 07:44 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-06 15:31 - 2011-07-08 10:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-06 14:35 - 2008-02-22 11:27 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-03 17:59 - 2011-01-31 08:45 - 00000000 ____D () C:\Program Files\Nokia
2014-11-20 21:29 - 2014-09-13 13:52 - 00000920 _____ () C:\Users\wir\Desktop\Amazon Music.lnk
2014-11-18 17:09 - 2011-04-15 07:44 - 00000000 ____D () C:\Users\wir\_HausundHof
2014-11-17 03:58 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-11-17 03:49 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-17 03:42 - 2006-11-02 13:47 - 00334168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-17 03:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-17 03:17 - 2013-07-13 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-17 03:02 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-16 17:04 - 2010-01-23 15:13 - 00000000 ____D () C:\Program Files\No23 Recorder
2014-11-11 17:11 - 2009-11-18 10:14 - 00001079 _____ () C:\Users\wir\Desktop\PersDaten.txt

Some content of TEMP:
====================
C:\Users\Elias\AppData\Local\Temp\avgnt.exe
C:\Users\Elias\AppData\Local\Temp\SWFXXLRT.DLL
C:\Users\Sarah\AppData\Local\Temp\avgnt.exe
C:\Users\Ulrike&Bernd\AppData\Local\Temp\10-2_legacy_vista32-64_dd_ccc.exe
C:\Users\Ulrike&Bernd\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\Ulrike&Bernd\AppData\Local\Temp\AskSLib.dll
C:\Users\Ulrike&Bernd\AppData\Local\Temp\FreemakeAudioConverter_1.1.0.53.exe
C:\Users\Ulrike&Bernd\AppData\Local\Temp\NEventMessages.dll
C:\Users\Ulrike&Bernd\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Ulrike&Bernd\AppData\Local\Temp\Quarantine.exe
C:\Users\Ulrike&Bernd\AppData\Local\Temp\sqlite3.dll
C:\Users\Ulrike&Bernd\AppData\Local\Temp\tbsoft.dll
C:\Users\wir\AppData\Local\Temp\AskSLib.dll
C:\Users\wir\AppData\Local\Temp\avgnt.exe
C:\Users\wir\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\wir\AppData\Local\Temp\SkypeSetup.exe
C:\Users\wir\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\wir\AppData\Local\Temp\WEBPLUS1031_11.0.8.033_Patch-Setup.exe
C:\Users\wir\AppData\Local\Temp\_is85C2.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-12-2014
Ran by wir at 2014-12-11 14:43:55
Running from C:\Users\wir\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2897898762-2063798205-3883325531-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2897898762-2063798205-3883325531-1000\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Any Video Converter 3.4.0 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Ashampoo WinOptimizer 2010 SE (HKLM\...\Ashampoo WinOptimizer 2010 SE_is1) (Version: 6.5.0 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}) (Version: 3.0.715.0 - ATI Technologies, Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Avidemux 2.5 (HKLM\...\Avidemux 2.5) (Version: 2.5.0.4944 - )
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.175.0123 - Chicony Electronics Co.,Ltd.)
ccc-core-static (Version: 2010.0210.2339.42455 - Ihr Firmenname) Hidden
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.01 - TOSHIBA)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.1.2.694 - CDBurnerXP)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-2897898762-2063798205-3883325531-1000\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
Desktop SMS (HKLM\...\{5980B928-1C95-4B3E-957B-B02D8147FF9E}) (Version: 1.2.0 - IDM)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
ElsterFormular (HKLM\...\ElsterFormular 13.2.0.8623k) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
Feedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Firebird SQL Server - MAGIX Edition (HKLM\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Free M4a to MP3 Converter 7.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter version 3.12.2.430 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.2.430 - DVDVideoSoft Ltd.)
Freemake Audio Converter Version 1.1.0 (HKLM\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HyperCam 2 (HKLM\...\HyperCam 2) (Version:  - )
IIS 7.5 Express (HKLM\...\{433E2032-D3E0-46FF-BAA4-0976F333C1E4}) (Version: 7.5.1070 - Microsoft Corporation)
Ipswitch WS_FTP Pro (HKLM\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 9.01 - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
Java(TM) 6 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java(TM) 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Lernkartei Deutsch Grundschule (HKLM\...\Lernkartei Deutsch Grundschule) (Version:  - )
Lernkartei Mathe Grundschule II (HKLM\...\Lernkartei Mathe Grundschule II) (Version:  - )
Lern-Karteikasten Englisch Grundschule (HKLM\...\Lern-Karteikasten Englisch Grundschule) (Version:  - )
MAGIX Foto Suite 1.12.0.89 (D) (HKLM\...\MAGIX Foto Suite D) (Version: 1.12.0.89 - MAGIX AG)
MAGIX Online Druck Service 2.3.2.0 (D) (HKLM\...\MAGIX Online Druck Service D) (Version: 2.3.2.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mathe Klasse 1 - 4 (HKLM\...\Mathe Klasse 1 - 4) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - DEU (HKLM\...\{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{185292F7-7C0A-4F72-B2CC-CBEBD40B050E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 DEU (HKLM\...\{EA61F81B-5754-4B5A-9BC5-FFEDC29D1DBC}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Deploy 2.0 (HKLM\...\{5134B35A-B559-4762-94A4-FD4918977953}) (Version: 2.0.1070 - Microsoft Corporation)
Microsoft Web Platform Installer 3.0 (HKLM\...\{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}) (Version: 3.0.5 - Microsoft Corporation)
Microsoft WebMatrix (HKLM\...\{3B2BEBFF-32B8-471D-9422-039A8F19C87E}) (Version: 1.0.1073 - Microsoft Corporation)
Moorhuhn Total (HKLM\...\{26BD3ED8-4879-400F-8DB0-28E0D0AD98BC}) (Version:  - )
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird (3.0.1) (HKLM\...\Mozilla Thunderbird (3.0.1)) (Version: 3.0.1 (de) - Mozilla)
MSN Toolbar (HKLM\...\{0A88ADDA-E297-4AB8-9540-016230895F62}) (Version: 3.0.1203.0 - Microsoft Corporation)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mufin MusicFinder Base 1.5.3.250 (D) (HKLM\...\Mufin MusicFinder Base D) (Version: 1.5.3.250 - MAGIX AG)
myphotobook 3.5 (HKLM\...\myphotobook) (Version: 3.5 - myphotobook)
No23 Recorder (HKLM\...\{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}) (Version: 2.1.0.3 - No23)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OLYMPUS ib (HKLM\...\InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}) (Version: 1.0.1101 - OLYMPUS IMAGING CORP.)
OLYMPUS ib (Version: 1.0.1101 - OLYMPUS IMAGING CORP.) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PC Connectivity Solution (HKLM\...\{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}) (Version: 10.50.2.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.1 - Frank Heindörfer, Philip Chinery)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Pixum Fotobuch (HKLM\...\Pixum Fotobuch) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5559 - Realtek Semiconductor Corp.)
REALTEK RTL8187B Wireless LAN Driver (HKLM\...\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}) (Version: Package:1.00.0026 Driver:6.1116.1226.2007 - )
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Realtek WiFi Protected Setup Library (HKLM\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: Package:1.00.0026 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0180 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
Rowisoft® red™ (HKLM\...\{393C8A7A-8EFC-4550-9C3F-714860583984}_is1) (Version:  - Rowisoft GmbH)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.3.11082_152 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.0.3.11082_152 - Samsung Electronics Co., Ltd.) Hidden
Samsung Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.1.14 - Samsung)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.4.0 - SAMSUNG Electronics Co., Ltd.)
Serif WebPlus X2 - Ressourcen (HKLM\...\{05BC428A-F2A5-4E11-8130-10C3237FD67B}) (Version: 11.0.1.013 - Serif (Europe) Ltd)
Serif WebPlus X2 (HKLM\...\{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}) (Version: 11.0.5.029 - Serif (Europe) Ltd)
Serif WebPlus X2 Vorlagenpalette: Business & E-Commerce (HKLM\...\{E17EF5E4-5B2E-4E1D-AF84-707D9A91A383}) (Version: 11.0.0.010 - Serif (Europe) Ltd)
Serif WebPlus X2 Vorlagenpalette: Home & Hobby (HKLM\...\{B2929372-A37F-4C06-AC55-7CD8FEF5727C}) (Version: 11.0.0.010 - Serif (Europe) Ltd)
Simple Adblock (HKLM\...\{54B19DCE-232F-45A3-80D9-2141DEDF6D8F}) (Version: 1.1.0 - Simple Adblock)
SiSoftware Sandra Lite 2011.SP1a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1) (Version: 17.43.2011.4 - SiSoftware)
Skins (Version: 2010.0210.2339.42455 - ATI) Hidden
Skype™ 6.7 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
Teachmaster 4.3 (nur Entfernen) (HKLM\...\Teachmaster 4.3) (Version:  - )
The GodFather (HKLM\...\The GodFather) (Version:  - )
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version:  - )
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.04 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{56995235-B76E-44A6-BA17-8FF13D3F907A}) (Version: 7.36 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.1.27 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.1.a - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.20.10 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 1.0.2.32 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.06 - )
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.03 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.14 - TOSHIBA Corporation)
TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0014 - TOSHIBA)
TRDCReminder (Version: 1.00.0014 - TOSHIBA) Hidden
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Vistumbler (HKLM\...\Vistumbler) (Version: v10 - Vistumbler.net)
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Webtools von Microsoft SQL Server Compact 4.0 DEU (HKLM\...\{76FAE3C6-F0F2-43D3-9D94-C2AD772C2326}) (Version: 4.0.8482.1 - Microsoft Corporation)
Windows Media Encoder 9-Reihe (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WLAN Monitor (Version: 4.00.0000 - Vodafone D2 GmbH) Hidden
WLAN Quick Starter (Version: 4.60.0000 - Vodafone D2 GmbH) Hidden
Youtube Downloader HD v. 2.1 (HKLM\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2010-02-22 11:07 - 2004-05-25 08:50 - 00839680 _____ () C:\Program Files\Ipswitch\WS_FTP Pro\LIBEAY32.dll
2010-02-22 11:07 - 2004-05-25 08:50 - 00159744 _____ () C:\Program Files\Ipswitch\WS_FTP Pro\SSLEAY32.dll
2010-02-22 11:07 - 2004-08-18 14:25 - 00147502 _____ () C:\Program Files\Ipswitch\WS_FTP Pro\wsftplib.dll
2010-02-22 11:07 - 2004-08-18 14:25 - 00069678 _____ () C:\Program Files\Ipswitch\WS_FTP Pro\wsfirscr.dll
2010-02-22 11:07 - 2004-08-18 14:24 - 00049197 _____ () C:\Program Files\Ipswitch\WS_FTP Pro\wshosts.dll
2010-02-22 11:07 - 2004-08-18 14:27 - 00311340 _____ () C:\Program Files\Ipswitch\WS_FTP Pro\ipspgp.dll
2010-01-05 10:02 - 2009-11-30 09:20 - 00638824 _____ () C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 SE\ContextHandler.dll
2008-02-22 11:13 - 2008-01-29 16:00 - 00430080 _____ () C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
2008-02-22 10:26 - 2010-02-11 06:30 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2012-10-16 16:53 - 2012-10-16 16:53 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-11-24 12:36 - 2009-11-24 12:36 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-02-22 22:25 - 2010-02-23 21:56 - 00160432 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2010-02-22 22:25 - 2010-02-23 21:56 - 00020144 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2009-03-10 09:22 - 2009-03-10 09:22 - 00049664 _____ () C:\Program Files\IrfanView\Languages\DEUTSCH.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Rowisoft Virtual Printer virtual printer agent => "C:\Program Files\Rowisoft red\printer\rvpagent.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2897898762-2063798205-3883325531-500 - Administrator - Disabled)
Elias (S-1-5-21-2897898762-2063798205-3883325531-1001 - Limited - Enabled) => C:\Users\Elias
Gast (S-1-5-21-2897898762-2063798205-3883325531-501 - Limited - Enabled)
Sarah (S-1-5-21-2897898762-2063798205-3883325531-1003 - Limited - Enabled) => C:\Users\Sarah
Ulrike&Bernd (S-1-5-21-2897898762-2063798205-3883325531-1002 - Administrator - Enabled) => C:\Users\Ulrike&Bernd
wir (S-1-5-21-2897898762-2063798205-3883325531-1000 - Limited - Enabled) => C:\Users\wir

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2014 08:39:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2014 09:27:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2014 08:49:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2014 10:25:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2014 08:49:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2014 03:22:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2014 03:12:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2014 02:47:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.

Error: (12/07/2014 11:11:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2014 11:11:15 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


System errors:
=============
Error: (12/11/2014 02:11:05 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.2.100 für die Netzwerkkarte mit der Netzwerkadresse 001B9EE70245 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (12/10/2014 08:42:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (12/10/2014 08:42:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows-Dienst für Schriftartencache%%1053

Error: (12/10/2014 08:42:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows-Dienst für Schriftartencache

Error: (12/10/2014 08:39:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Realtek11nSU

Error: (12/10/2014 08:38:45 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.2.100 für die Netzwerkkarte mit der Netzwerkadresse 001B9EE70245 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (12/09/2014 09:27:24 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.2.101 für die Netzwerkkarte mit der Netzwerkadresse 001B9EE70245 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (12/09/2014 08:48:41 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.2.100 für die Netzwerkkarte mit der Netzwerkadresse 001B9EE70245 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (12/09/2014 05:28:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Google Update Service (gupdate)1

Error: (12/09/2014 05:28:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMScheduler


Microsoft Office Sessions:
=========================
Error: (12/10/2014 08:39:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2014 09:27:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2014 08:49:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2014 10:25:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2014 08:49:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2014 03:22:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2014 03:12:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2014 02:47:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.

Error: (12/07/2014 11:11:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2014 11:11:15 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


CodeIntegrity Errors:
===================================
  Date: 2014-12-11 14:43:46.017
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-11 14:43:44.910
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-11 14:43:43.802
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-11 14:43:42.694
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-11 14:43:41.368
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-11 14:43:40.245
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-11 14:43:39.105
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-11 14:43:37.998
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-11 14:43:09.509
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-11 14:43:08.402
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57
Percentage of memory in use: 41%
Total physical RAM: 3452.7 MB
Available physical RAM: 2028.17 MB
Total Pagefile: 7121.17 MB
Available Pagefile: 5539.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.46 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:116.37 GB) (Free:20.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Data) (Fixed) (Total:115.05 GB) (Free:86.21 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-11 15:34:57
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2546GSX rev.LB013M 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\ULRIKE~1\AppData\Local\Temp\kfddqpow.sys


---- System - GMER 2.1 ----

SSDT            8D618B16                                                                                                           ZwCreateSection
SSDT            8D618B20                                                                                                           ZwRequestWaitReplyPort
SSDT            8D618B1B                                                                                                           ZwSetContextThread
SSDT            8D618B25                                                                                                           ZwSetSecurityObject
SSDT            8D618B2A                                                                                                           ZwSystemDebugControl
SSDT            8D618AB7                                                                                                           ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                                      822C5860 4 Bytes  [16, 8B, 61, 8D] {PUSH SS; MOV ESP, [ECX-0x73]}
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                                      822C5B84 4 Bytes  [20, 8B, 61, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                                      822C5BB8 4 Bytes  [1B, 8B, 61, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                                      822C5C1C 4 Bytes  [25, 8B, 61, 8D]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                                      822C5C64 4 Bytes  [2A, 8B, 61, 8D]
.text           ...                                                                                                                
.text           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                          section is writeable [0x8B34F000, 0x4036D, 0xE8000020]
.dsrt           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                          unknown last section [0x8B398000, 0x510, 0x40000040]
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                           section is writeable [0x8F602000, 0x267978, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!LdrLoadDll                                            77689378 5 Bytes  JMP 63371F4C C:\Program Files\Mozilla Firefox\mozglue.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!NtCreateFile                                          776C4264 5 Bytes  JMP 586E3D20 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!NtFlushBuffersFile                                    776C4764 3 Bytes  JMP 586CC661 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!NtFlushBuffersFile + 4                                776C4768 1 Byte  [E1]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!NtQueryFullAttributesFile                             776C4C94 5 Bytes  JMP 586E3820 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!NtReadFile                                            776C4EC4 3 Bytes  JMP 586CC750 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!NtReadFile + 4                                        776C4EC8 1 Byte  [E1]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!NtReadFileScatter                                     776C4ED4 5 Bytes  JMP 58F6E1FF C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!NtWriteFile                                           776C54D4 5 Bytes  JMP 586E43D0 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2284] ntdll.dll!NtWriteFileGather                                     776C54E4 5 Bytes  JMP 58F6E1AE C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2284] kernel32.dll!HeapSetInformation + 26                            7643A9B8 7 Bytes  JMP 586E06F3 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2284] kernel32.dll!LockResource + C                                   76456BD3 7 Bytes  JMP 58F0F55F C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2284] kernel32.dll!VirtualAllocEx + 54                                7645B030 7 Bytes  JMP 58F0F582 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2284] USER32.dll!GetWindowInfo                                        75EE428E 5 Bytes  JMP 58E1E5A9 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2284] GDI32.dll!SetStretchBltMode + 256                               7787745C 7 Bytes  JMP 58F0F4E0 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2488] USER32.dll!InSendMessageEx + 4C9                       75EDE7C8 7 Bytes  JMP 589344B6 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2488] USER32.dll!CreateWindowExW + AA                        75EE13AF 7 Bytes  JMP 58934527 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2488] USER32.dll!GetWindowInfo                               75EE428E 5 Bytes  JMP 5893825D C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2488] USER32.dll!SetMenuItemBitmaps + 71                     75EF14EE 7 Bytes  JMP 58931BFA C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateFile + 6               776C426A 4 Bytes  [28, 88, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateFile + B               776C426F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateKey + 6                776C42AA 4 Bytes  [68, 89, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateKey + B                776C42AF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateMutant + 6             776C42DA 4 Bytes  [28, 8A, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateMutant + B             776C42DF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateSection + 6            776C435A 4 Bytes  [68, 8A, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtCreateSection + B            776C435F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtMapViewOfSection + 6         776C49BA 4 Bytes  [A8, 8C, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtMapViewOfSection + B         776C49BF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenFile + 6                 776C4A4A 4 Bytes  [68, 88, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenFile + B                 776C4A4F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenKey + 6                  776C4A7A 4 Bytes  [A8, 89, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenKey + B                  776C4A7F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenMutant + B               776C4A9F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenProcess + 6              776C4ACA 4 Bytes  [28, 8B, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenProcess + B              776C4ACF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenProcessToken + 6         776C4ADA 4 Bytes  [68, 8B, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenProcessToken + B         776C4ADF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenProcessTokenEx + 6       776C4AEA 4 Bytes  [28, 8C, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenProcessTokenEx + B       776C4AEF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenSection + 6              776C4AFA 4 Bytes  [A8, 8A, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenSection + B              776C4AFF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenThread + B               776C4B3F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenThreadToken + B          776C4B4F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenThreadTokenEx + 6        776C4B5A 4 Bytes  [68, 8C, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtOpenThreadTokenEx + B        776C4B5F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtQueryAttributesFile + 6      776C4BEA 4 Bytes  [A8, 88, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtQueryAttributesFile + B      776C4BEF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtQueryFullAttributesFile + B  776C4C9F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtSetInformationFile + 6       776C517A 4 Bytes  [28, 89, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtSetInformationFile + B       776C517F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtSetInformationThread + 6     776C51CA 4 Bytes  [A8, 8B, 06, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtSetInformationThread + B     776C51CF 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ntdll.dll!NtUnmapViewOfSection + B       776C546F 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] kernel32.dll!CreateProcessW              76411BF3 5 Bytes  JMP 000800B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] kernel32.dll!CreateProcessA              76411C28 5 Bytes  JMP 000800F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] kernel32.dll!OpenEventW                  7642C033 5 Bytes  JMP 00080070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] kernel32.dll!CreateEventW                7645B93E 5 Bytes  JMP 00080030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!DeleteObject                   77875A37 5 Bytes  JMP 001B01B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetDeviceCaps                  7787617F 5 Bytes  JMP 001B03B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SelectObject                   778762A0 5 Bytes  JMP 001B05F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetTextColor                   7787666B 5 Bytes  JMP 001B0A30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetBkMode                      77876716 5 Bytes  JMP 001B08F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!DeleteDC                       778768CD 5 Bytes  JMP 001B0170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetCurrentObject               77876B58 5 Bytes  JMP 001B0370 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetStretchBltMode              77877206 5 Bytes  JMP 001B06B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SaveDC                         778775BA 5 Bytes  JMP 001B0570 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!RestoreDC                      77877675 5 Bytes  JMP 001B0530 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!StretchDIBits                  778778CF 5 Bytes  JMP 001B0770 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!ExtSelectClipRgn               778779F8 5 Bytes  JMP 001B02F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SelectClipRgn                  77877AF9 5 Bytes  JMP 001B05B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!MoveToEx                       77877C33 5 Bytes  JMP 001B0470 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!Rectangle                      77877EA9 5 Bytes  JMP 001B09B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextAlign                   778782E0 5 Bytes  JMP 001B0D70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetTextAlign                   778785CB 5 Bytes  JMP 001B09F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!ExtTextOutW                    7787872B 5 Bytes  JMP 001B0970 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextMetricsW                77878A81 5 Bytes  JMP 001B0E30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!IntersectClipRect              77878B64 5 Bytes  JMP 001B03F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetClipBox                     77879071 5 Bytes  JMP 001B0330 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetICMMode                     778794E7 5 Bytes  JMP 001B0DB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!CreateDCW                      7787A91D 5 Bytes  JMP 001B00F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!CreateDCA                      7787AA49 5 Bytes  JMP 001B00B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!CreateICW                      7787B2E9 5 Bytes  JMP 001B0130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextFaceW                   7787B637 5 Bytes  JMP 001B0D30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetFontData                    7787BA6C 1 Byte  [E9]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetFontData                    7787BA6C 5 Bytes  JMP 001B0C70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextExtentPoint32W          7787C01A 5 Bytes  JMP 001B0670 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetWorldTransform              7787C46A 5 Bytes  JMP 001B06F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!LineTo                         7787C65E 5 Bytes  JMP 001B0430 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextMetricsA                7787CCEB 5 Bytes  JMP 001B0DF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!ExtTextOutA                    7788008D 5 Bytes  JMP 001B0930 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextExtentPoint32A          77880E40 5 Bytes  JMP 001B0630 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!ExtEscape                      7788228F 5 Bytes  JMP 001B02B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!Escape                         778827D9 5 Bytes  JMP 001B0270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!ResetDCW                       7788311A 5 Bytes  JMP 001B0AB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!EndPage                        77883746 5 Bytes  JMP 001B0230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetPolyFillMode                778861BB 5 Bytes  JMP 001B0B30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SetMiterLimit                  778862CA 5 Bytes  JMP 001B0B70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetTextFaceA                   7788F479 5 Bytes  JMP 001B0CF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!GetGlyphOutlineW               7789A587 5 Bytes  JMP 001B0CB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!CreateScalableFontResourceW    7789C9E3 5 Bytes  JMP 001B0BB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!AddFontResourceW               7789CDEB 5 Bytes  JMP 001B0BF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!RemoveFontResourceW            7789D281 5 Bytes  JMP 001B0C30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!AbortDoc                       778A2ED2 5 Bytes  JMP 001B0030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!EndDoc                         778A32E6 5 Bytes  JMP 001B01F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!StartPage                      778A33D1 5 Bytes  JMP 001B0730 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!StartDocW                      778A3EB5 5 Bytes  JMP 001B07F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!BeginPath                      778A466D 5 Bytes  JMP 001B0830 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!SelectClipPath                 778A46C4 5 Bytes  JMP 001B0AF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!CloseFigure                    778A471F 5 Bytes  JMP 001B0070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!EndPath                        778A4776 5 Bytes  JMP 001B0A70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!StrokePath                     778A49A8 5 Bytes  JMP 001B07B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!FillPath                       778A4A34 5 Bytes  JMP 001B0870 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!PolylineTo                     778A4E9D 5 Bytes  JMP 001B04F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!PolyBezierTo                   778A4F2D 5 Bytes  JMP 001B04B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] GDI32.dll!PolyDraw                       778A4FDE 5 Bytes  JMP 001B08B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!SetCursor                     75EDD37D 5 Bytes  JMP 002C0530 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!RegisterClipboardFormatW      75EDD6AC 1 Byte  [E9]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!RegisterClipboardFormatW      75EDD6AC 5 Bytes  JMP 002C02B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!ActivateKeyboardLayout        75EE478C 5 Bytes  JMP 002C04F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!IsWindowVisible               75EE878A 7 Bytes  JMP 002C06B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!MonitorFromWindow             75EE88D4 7 Bytes  JMP 002C0630 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!ScreenToClient                75EE8C56 7 Bytes  JMP 002C0670 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetClientRect                 75EE8F0D 7 Bytes  JMP 002C05B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetParent                     75EE90AA 7 Bytes  JMP 002C06F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!RegisterClipboardFormatA      75EEA111 5 Bytes  JMP 002C02F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!PostMessageW                  75EEA175 5 Bytes  JMP 002C05F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!MapWindowPoints               75EEA30D 5 Bytes  JMP 002C0570 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetClipboardFormatNameA       75EEA552 5 Bytes  JMP 002C0270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetOpenClipboardWindow        75EF26A6 5 Bytes  JMP 002C03F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!SetClipboardViewer            75EFBA2D 5 Bytes  JMP 002C04B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!IsClipboardFormatAvailable    75EFC2E3 5 Bytes  JMP 002C00F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!CloseClipboard                75EFC2F7 5 Bytes  JMP 002C00B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!OpenClipboard                 75EFC31D 5 Bytes  JMP 002C0070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetTopWindow                  75EFCE0A 7 Bytes  JMP 002C0730 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetClipboardSequenceNumber    75EFD8B7 5 Bytes  JMP 002C0330 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!ChangeClipboardChain          75EFDF83 5 Bytes  JMP 002C0430 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!CountClipboardFormats         75F00048 5 Bytes  JMP 002C01F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetClipboardOwner             75F026EF 5 Bytes  JMP 002C0370 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!SetClipboardData              75F16410 5 Bytes  JMP 002C0170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!EnumClipboardFormats          75F16D16 5 Bytes  JMP 002C01B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!SetCursorPos                  75F16FB2 5 Bytes  JMP 002C0770 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetClipboardData              75F1715A 5 Bytes  JMP 002C0030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetClipboardFormatNameW       75F1A99F 5 Bytes  JMP 002C0230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!EmptyClipboard                75F3398B 5 Bytes  JMP 002C0130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetClipboardViewer            75F339ED 5 Bytes  JMP 002C0470 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] USER32.dll!GetPriorityClipboardFormat    75F33AEF 5 Bytes  JMP 002C03B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ole32.dll!OleGetClipboard                75D974C9 5 Bytes  JMP 002D00B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ole32.dll!OleSetClipboard                75DC11E3 5 Bytes  JMP 002D0030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] ole32.dll!OleIsCurrentClipboard          75DCA8F9 5 Bytes  JMP 002D0070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!FreeContextBuffer            75BB2D83 5 Bytes  JMP 002F00F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!DeleteSecurityContext        75BB2F18 5 Bytes  JMP 002F0270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!FreeCredentialsHandle        75BB3598 5 Bytes  JMP 002F0130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!EncryptMessage               75BB3745 5 Bytes  JMP 002F01F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!DecryptMessage               75BB3813 5 Bytes  JMP 002F0230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!InitializeSecurityContextA   75BB87DF 5 Bytes  JMP 002F0170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!AcquireCredentialsHandleA    75BB8A43 5 Bytes  JMP 002F0030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!QueryContextAttributesA      75BB8E77 5 Bytes  JMP 002F0070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!ApplyControlToken            75BBDE4F 5 Bytes  JMP 002F01B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe[3316] Secur32.dll!QueryCredentialsAttributesA  75BBE052 5 Bytes  JMP 002F00B0 

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                            Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                            Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                                           fltmgr.sys

---- EOF - GMER 2.1 ----
         

Geändert von bernd60 (11.12.2014 um 15:25 Uhr)

Alt 11.12.2014, 17:41   #2
schrauber
/// the machine
/// TB-Ausbilder
 

wüste PopUps auf zwei Rechnern und drei Betriebssystemen - Standard

wüste PopUps auf zwei Rechnern und drei Betriebssystemen



Hi,

Router auf Werkseinstellungen zurücksetzen. Dann auf allen Rechnern:

Alle Browser zurücksetzen
ipconfig /flushdns durchführen.
__________________

__________________

Alt 14.12.2014, 17:19   #3
bernd60
 
wüste PopUps auf zwei Rechnern und drei Betriebssystemen - Standard

wüste PopUps auf zwei Rechnern und drei Betriebssystemen



Dankeschön - alles so gemacht!
Aber: seit ich die drei von Euch gewünschten Programme habe laufen lassen ( - vor frst hatte Windows heftig gewarnt, würde Schäden verursachen - ) geht einiges nicht mehr:
IE, win media player und manche nicht-MS-Programme gehen nur als Administrator, VLC Player hat keinen Ton.
Aktuell habe ich keine PopUps (ich hatte allerdings erstmals seit Tagen heute auch keine VOR dem Router-reset) .Wie wahrscheinlich ist es, daß es damit rum ist? Und was war überhaupt passiert?

VG
Bernd
__________________

Alt 15.12.2014, 18:09   #4
schrauber
/// the machine
/// TB-Ausbilder
 

wüste PopUps auf zwei Rechnern und drei Betriebssystemen - Standard

wüste PopUps auf zwei Rechnern und drei Betriebssystemen



Das hat nix mit FRST zu tun. der Smart ScreenFilter von Windows warnt weil FRST nicht mega oft verwendet wird, normal.

Alle Tools die hier benutzt werden sind 100% sauber und safe.

Dein Problem kommt von einem der letzten Windows Updates, haben viele.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.12.2014, 17:21   #5
bernd60
 
wüste PopUps auf zwei Rechnern und drei Betriebssystemen - Standard

wüste PopUps auf zwei Rechnern und drei Betriebssystemen



na ja, das letzte Update war im November. Ein vernünftiges Arbeiten ist +- eine Stunde seit dem Laufenlassen dieser drei Programme nicht mehr möglich.
Gibt´s da eine Reparaturmöglichkeit?
Soll ich Defogger wieder enablen?
VG
Bernd


Alt 18.12.2014, 19:23   #6
schrauber
/// the machine
/// TB-Ausbilder
 

wüste PopUps auf zwei Rechnern und drei Betriebssystemen - Standard

wüste PopUps auf zwei Rechnern und drei Betriebssystemen



Zitat:
na ja, das letzte Update war im November
Sicher? Nen Tag bevor du das gemeldet hast gab es ein Update welches genau diese Probleme verursacht. UNd viele User hatten dann genau diesen Stress.

Vor allem sind FRST und GMER reine Scanner.

Defogger disabled Emulationssoftware für virtuelle Laufwerke, bei Dir wurde aber nichts disabled.

Poste mal bitte ein frisches FRST log. Was ist mit dem Grundproblem aus dem Thema`?
__________________
--> wüste PopUps auf zwei Rechnern und drei Betriebssystemen

Alt 20.12.2014, 16:33   #7
bernd60
 
wüste PopUps auf zwei Rechnern und drei Betriebssystemen - Standard

wüste PopUps auf zwei Rechnern und drei Betriebssystemen



ja das Grundproblem: wirkt weiterhin gelöst - keine PopUps.
Nachdem Windows gar nicht mehr vernünftig ging, habe ich den Rechner neu aufgesetzt. Aktuell scheint alles prima. Vor FRST & Co habe ich jetzt doch etwas Bammel. Wie wahrscheinlich ist es denn, daß nach format c: noch was übrig ist?
VG
Bernd

Alt 21.12.2014, 15:34   #8
schrauber
/// the machine
/// TB-Ausbilder
 

wüste PopUps auf zwei Rechnern und drei Betriebssystemen - Standard

wüste PopUps auf zwei Rechnern und drei Betriebssystemen



Zitat:
Vor FRST & Co habe ich jetzt doch etwas Bammel
kein Grund zu. Und format c überlebt nix
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu wüste PopUps auf zwei Rechnern und drei Betriebssystemen
appdata, branding, datei, device driver, dvdvideosoft ltd., einstellungen, explorer, folge, gehackt, gmer, mail, malwarebytes, namen, popups, ports, programm, prozesse, rechner, router, safer networking, schließen, seite, seiten, stick, system, temp, virus, virustotal, win8.1, wlan



Ähnliche Themen: wüste PopUps auf zwei Rechnern und drei Betriebssystemen


  1. BKA Trojaner auf allen Rechnern im Netzwerk
    Plagegeister aller Art und deren Bekämpfung - 21.08.2014 (32)
  2. Nach dem ersten Start von Mozilla Firefox laufen zwei bis drei akustische Werbespots - Windows 7, 64bit
    Log-Analyse und Auswertung - 10.02.2014 (9)
  3. Komplettbefall von 2 Rechnern
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (2)
  4. GVU Trojaner auf 2 Rechnern im Netzwerk
    Log-Analyse und Auswertung - 21.08.2012 (2)
  5. Rechnern mit DNS-Changer droht Netzblockade
    Nachrichten - 07.07.2012 (0)
  6. Ab BIOS: gleiche Grafikfehler auf 2 Rechnern -> Virus?
    Log-Analyse und Auswertung - 08.11.2011 (1)
  7. Zwei von drei deutschen Unternehmen hatten Hackerbesuch
    Nachrichten - 17.09.2011 (0)
  8. Vista (Recovery) neuaufsetzen nach BKA Trojaner bei zwei Betriebssystemen auf einem Rechner
    Alles rund um Windows - 27.07.2011 (1)
  9. Fehlalarm von Norman auf Windows-Rechnern
    Nachrichten - 29.10.2009 (0)
  10. Speedport W 503V Problem mit 2 Rechnern
    Netzwerk und Hardware - 25.08.2009 (34)
  11. POPUPS ale zwei Minuten
    Plagegeister aller Art und deren Bekämpfung - 24.12.2008 (1)
  12. werbe fenster gehen alle zwei bis drei minuten auf
    Plagegeister aller Art und deren Bekämpfung - 21.08.2008 (25)
  13. Verbindung zwischen zwei Rechnern übers I-Net
    Netzwerk und Hardware - 11.11.2005 (1)
  14. Windowsstart mit 2 betriebssystemen
    Alles rund um Windows - 21.07.2005 (2)
  15. Würmer in der Wüste
    Log-Analyse und Auswertung - 04.07.2005 (6)
  16. Wie erstellt man ein Netzwerk zwischen 2 Rechnern???
    Netzwerk und Hardware - 04.03.2003 (20)

Zum Thema wüste PopUps auf zwei Rechnern und drei Betriebssystemen - Hallo liebe Helfer in der Not, zuerst war es nur der elterliche VISTA-PC: Skype-artigeMeldungen, Popups v.a. rechts unten, beim Schließen öffnen sich russische Seiten, gerne und zunehmend pornografische Darstellungen. Außerhalb - wüste PopUps auf zwei Rechnern und drei Betriebssystemen...
Archiv
Du betrachtest: wüste PopUps auf zwei Rechnern und drei Betriebssystemen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.