Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.05.2015, 21:46   #1
picus
 
Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung - Standard

Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung



Hallo, kam heute morgen erst nach Neuverbindung des Routers wieder ins Internet (vom Stromnetz wegnehmen allein funzte nicht). Danach hatte ich die o.a. Probleme - ob nun Zufall oder nicht.
Wenn ich zB auf Spiegel-Online, Bild oder Stern einen Link anklicke, dann erscheint neben den gewünschten Fenster auch eine zusätzliche Werbe-Seite.
Bei anderen Seiten, zB bei Google passiert das nicht.
Bin gestern abend noch auf diversen Hotel-Buchungsportalen gewesen - habe aber bewusst
nichts heruntergeladen.
Als Virenscanner habe ich Antivir, finde da aber kein besonderes Protokoll:
Im Thunderbird habe ich in letzter Zeit keine Auffälligkeiten gehabt.

Tip: ist natürlich nicht schön, weiter unten die Anhänge zu machen und dann wieder weiter oben fortzufahren, hoffentlich hat's gefunzt ...

besser so?

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:04 on 26/05/2015 (alpha)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
_______________________________________________________________________________________________________

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-05-2015
Ran by alpha at 2015-05-26 19:12:41
Running from C:\Users\alpha\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2637245917-3735504695-533496390-500 - Administrator - Disabled)
alpha (S-1-5-21-2637245917-3735504695-533496390-1000 - Administrator - Enabled) => C:\Users\alpha
beta (S-1-5-21-2637245917-3735504695-533496390-1008 - Administrator - Enabled)
gamma (S-1-5-21-2637245917-3735504695-533496390-1007 - Administrator - Enabled)
Gast (S-1-5-21-2637245917-3735504695-533496390-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2637245917-3735504695-533496390-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
ALDI TALK Verbindungsassistent (HKLM\...\ALDITALKVerbindungsassistent) (Version:  - ALDI TALK Verbindungsassistent)
Amazon Kindle (HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\Amazon Kindle) (Version:  - Amazon)
Any Video Converter 5.7.6 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
ArcSoft ShowBiz (HKLM\...\{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}) (Version:  - ArcSoft)
Audacity 1.2.0 (HKLM\...\Audacity_is1) (Version:  - )
Audiograbber 1.83 SE  (HKLM\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2218 - AVAST Software)
CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.76.0.2015 - Georgy Berdyshev)
CloneCD (HKLM\...\CloneCD) (Version:  - SlySoft)
CloneDVD2 (HKLM\...\CloneDVD2) (Version:  - Elaborate Bytes)
Crimson Editor (remove only) (HKLM\...\Crimson Editor) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
Dell C1765 Color MFP (HKLM\...\InstallShield_{B03A2793-A8FF-4242-B23D-88D2D5FAE56A}) (Version: 1.039.0 - Dell Inc.)
Dell C1765 Color MFP (Version: 1.039.0 - Dell Inc.) Hidden
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
Express Rip (HKLM\...\ExpressRip) (Version: 1.94 - NCH Software)
FARO LS 1.1.501.0 (HKLM\...\{8F196892-666A-4A40-8587-6AE38F78A5C2}) (Version: 5.1.0.30630 - FARO Scanner Production)
FARO LS 5.1.0.30630 (HKLM\...\FARO LS_is1) (Version:  - FARO Technologies)
Filzip 3.0 (HKLM\...\Filzip 3.0.0.0_is1) (Version: 3.0.0 - Philipp Engel)
Final Surface Demo 4.0.8 (HKLM\...\{861EEB19-15EE-4715-96F9-3D217BB03FA8}_is1) (Version:  - GFaI Berlin, Germany)
FotoQuelle Fotosoftware 4.14.2. (HKLM\...\FotoQuelle Fotosoftware) (Version: 4.14.2. - ORWO Net)
Free DWG Viewer 7.2 (HKLM\...\{90751489-B709-4D2F-8634-FEE00BFEC41A}) (Version: 7.2.0.51 - IGC)
Free Video Dub version 2.0.21.822 (HKLM\...\Free Video Dub_is1) (Version: 2.0.21.822 - DVDVideoSoft Ltd.)
FreeOCR v4.2 (HKLM\...\freeocr_is1) (Version:  - )
Glary Undelete 5.0.1.19 (HKLM\...\Glary Undelete) (Version: 5.0.1.19 - Glarysoft Ltd)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
GSview 4.6 (HKLM\...\GSview 4.6) (Version:  - )
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
Hauppauge WinTV 7 (HKLM\...\Hauppauge WinTV 7) (Version: v7.2.30237 (CD 2.6) - Hauppauge Computer Works)
ImageJ 1.46r (HKLM\...\ImageJ_is1) (Version:  - NIH)
InterVideo WinDVR (HKLM\...\{CC9D60B8-B270-4AE0-8208-CCB01C42CD6A}) (Version:  - )
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Kyodai (HKLM\...\Kyodai 16.00 (Full package)_is1) (Version:  - )
map&guide 10 Karte Europa City (HKLM\...\map&guide 10 Karte Europa City) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.30401.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{D9D937B0-E842-4130-9588-B948E876904A}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{9D6D76A6-4328-49E8-97A7-531A74841DA5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Visual C# 2008 Express Edition with SP1 - ENU (HKLM\...\Microsoft Visual C# 2008 Express Edition with SP1 - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (HKLM\...\Microsoft Visual C++ 2008 Express Edition with SP1 - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{044F9133-B8D7-4d11-BF39-803FA20F5C8B}) (Version: 6.1.5295.17011 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla (1.7.13) (HKLM\...\Mozilla (1.7.13)) (Version:  - )
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MPEG Scissors (HKLM\...\MPEG Scissors_is1) (Version:  - )
MuseScore 1.3 (HKLM\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
MyFreeCodec (HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\MyFreeCodec) (Version:  - )
Nuance PaperPort 14 (HKLM\...\{08BCE67B-6305-4D8A-B749-F381E7E3DDA2}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{FC984E39-43D0-4AB2-ACC7-A7B87977B009}) (Version: 7.20.3274 - Nuance Communications, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM\...\NVIDIAStereo) (Version: 7.15.11.9038 - NVIDIA Corporation)
OpenOffice.org 3.1 (HKLM\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PhotoFiltre (HKLM\...\PhotoFiltre) (Version:  - )
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
PriMus Free 1.1 (Build 10284) (HKLM\...\PriMus Free_is1) (Version:  - Columbus Soft)
ProfiSchafkopf (HKLM\...\{AFE2586D-6702-47DA-8237-EB0B40F2A3B3}) (Version: 1.0.4 - CuteSoft)
Rasche`s Kartenspiele 3 (HKLM\...\Rasche`s Kartenspiele 3) (Version:  - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Scansoft PDF Professional (Version:  - ) Hidden
Scribus 1.4.3 (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Sokoban YASC (HKLM\...\Sokoban YASC - Yet Another Sokoban Clone_is1) (Version:  - )
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
TSDoctor (HKLM\...\{F31D0373-A505-4ADC-8CB1-DE04246A6725}) (Version: 1.2.166 - Cypheros)
Ulead VideoStudio SE DVD (HKLM\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
USB2.0 Grabber (HKLM\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.002 - Youyan)
Vereinsscout (HKLM\...\Vereinsscout) (Version: 14.2.1 - Scoutsystems Software)
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
webssearches uninstall (HKLM\...\webssearches uninstall) (Version:  - webssearches) <==== ATTENTION
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinSCP 5.1.2 (HKLM\...\winscp3_is1) (Version: 5.1.2 - Martin Prikryl)
XMedia Recode Version 3.1.5.3 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.5.3 - XMedia Recode)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

25-12-2014 18:59:23 Konfiguriert Dell C1765 Color MFP
25-12-2014 19:19:01 Microsoft Visual C++ 2005 Redistributable wird installiert
25-12-2014 19:19:59 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
25-12-2014 19:22:24 Windows Update
25-12-2014 19:27:44 Installed Nuance PaperPort 14.
25-12-2014 19:31:49 Installed Nuance PDF Viewer Plus.
25-12-2014 19:33:54 Installed PaperPort Image Printer.
26-12-2014 14:59:32 Install CloneCD
05-01-2015 21:50:57 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 22:04:22 TSDoctor wird installiert
11-02-2015 21:26:44 TSDoctor wird installiert
03-03-2015 17:36:15 ProfiSchafkopf wird installiert
07-04-2015 19:53:46 TSDoctor wird installiert
07-04-2015 19:58:25 TSDoctor wird installiert
17-04-2015 12:03:00 TSDoctor wird installiert
22-04-2015 18:59:23 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {003A64EC-61A2-4D07-B5B2-B201478CB58E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-22] (Avast Software s.r.o.)
Task: {0B3BF15B-1DCD-4255-8934-C632BD3F4702} - System32\Tasks\{191CE641-D476-4A51-81D5-66811D5D743E} => C:\Program Files\PCTV Systems\TVCenter\TVCenter.exe
Task: {18D05FCF-156F-42BB-AC9A-E3F4C22BA022} - System32\Tasks\{33BDC46F-2173-4D16-9320-7D35E38D6ECC} => pcalua.exe -a C:\Users\alpha\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs1 <==== ATTENTION
Task: {582611E8-28D9-4809-8E15-8BAFDAA96D5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-23] (Google Inc.)
Task: {AF44318E-0B3D-4B65-AED3-44E5254120D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-23] (Google Inc.)
Task: {B8BE6139-CE95-41DC-872D-D410538112C4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {CDE2C523-D398-40C2-8F8E-9803552C2C1E} - System32\Tasks\{1A00003E-DD42-4A62-B66F-63FF30166DFF} => C:\Program Files\PCTV Systems\TVCenter\TVCenter.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-22 19:00 - 2015-04-22 19:00 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-22 19:00 - 2015-04-22 19:00 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-26 10:10 - 2015-05-26 10:10 - 02948096 _____ () C:\Program Files\AVAST Software\Avast\defs\15052600\algo.dll
2014-12-25 18:14 - 2012-06-07 17:48 - 00019968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dltfm1zPP.dll
2014-12-25 18:14 - 2013-02-01 15:55 - 12875264 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dlthm1zRC.DLL
2013-07-04 10:44 - 2013-07-04 10:44 - 00358968 _____ () C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2013-02-06 17:37 - 2013-02-06 17:37 - 00191464 _____ () C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
2013-01-16 18:08 - 2011-08-23 10:04 - 00057344 _____ () C:\Program Files\WinTV\TVServer\libhdhomerun.dll
2013-01-16 18:08 - 2012-01-16 17:12 - 00018944 _____ () C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
2014-12-25 18:13 - 2012-08-16 19:33 - 00041984 _____ () C:\Windows\system32\dltsm1zwia.dll
2010-07-04 22:32 - 2010-07-04 22:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-12-23 23:35 - 2009-05-07 09:50 - 00073728 ____R () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2012-12-23 23:35 - 2009-05-07 09:53 - 00106496 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2012-12-23 23:35 - 2008-02-14 06:57 - 00094208 ____R () C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll
2012-12-23 23:35 - 2009-09-02 02:28 - 47628288 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2010-07-04 20:51 - 2010-07-04 20:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2015-04-22 19:00 - 2015-04-22 19:00 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-05-23 15:11 - 2013-07-18 06:52 - 00036352 _____ () C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
2013-05-23 15:12 - 2013-07-23 02:00 - 17223680 _____ () C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
2013-05-23 15:11 - 2013-07-23 01:58 - 00564736 _____ () C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
2013-05-23 10:15 - 2013-07-18 06:51 - 00023040 _____ () C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
2013-05-22 20:34 - 2013-05-22 20:34 - 00057856 _____ () C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
2013-02-12 17:37 - 2002-07-30 01:03 - 00098304 _____ () C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
2013-07-04 10:44 - 2013-07-04 10:44 - 00510520 _____ () C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2012-12-26 23:19 - 2012-12-26 23:16 - 00046080 _____ () C:\Program Files\HPiotr\MSWinSl\MSWinSl.exe
2009-08-18 15:54 - 2009-08-18 15:54 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2012-12-23 21:03 - 2012-12-26 16:36 - 00058368 _____ () C:\Program Files\HPiotr\MSOffix2010\MSOffix2010.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2637245917-3735504695-533496390-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\alpha\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{FC0EF7C5-DFD4-4585-913A-00480A815950}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{3586705B-55A5-44CA-BDAE-00E7400D6DEE}C:\program files\winscp\winscp.exe] => (Allow) C:\program files\winscp\winscp.exe
FirewallRules: [UDP Query User{9D015B41-56FE-41E2-BE62-3858C6F9839A}C:\program files\winscp\winscp.exe] => (Allow) C:\program files\winscp\winscp.exe
FirewallRules: [{C58E0582-B221-49C1-8B0B-60E1D9EE46CA}] => (Allow) LPort=1900
FirewallRules: [{6EEBE553-6E1F-4367-98C2-BD939C31E7C8}] => (Allow) LPort=2869
FirewallRules: [{75D22465-1D3F-4629-8B41-7B02B75AA2E4}] => (Allow) LPort=1900
FirewallRules: [{92CCC059-5CEC-44BC-909B-B9B62164B3BA}] => (Allow) LPort=2869
FirewallRules: [{9B0314EA-7B3D-4DAD-B92E-9B8D346EA8F9}] => (Allow) C:\Program Files\PCTV Systems\TVCenter\TVCenter.exe
FirewallRules: [{7D20D4C3-E911-4386-9F3A-190DB5ED7AFE}] => (Allow) C:\Program Files\Common Files\PCTV Systems\PVR\VideoControl.exe
FirewallRules: [{6612222F-96E7-479B-AE39-179E0EEF8832}] => (Allow) C:\Program Files\Common Files\PCTV Systems\StreamingServer\StrmServer.exe
FirewallRules: [{C375E347-556A-4D4D-AA85-DB1713D51D48}] => (Allow) LPort=1900
FirewallRules: [{C79621B7-A2A8-40EC-8306-77225752AAA4}] => (Allow) LPort=2869
FirewallRules: [{14DD4465-271E-4D9C-89B6-ADD78C3FE68E}] => (Allow) C:\Windows\ehome\ehrecvr.exe
FirewallRules: [TCP Query User{6C487D24-DC31-4834-98A8-FDF89BB419C9}C:\program files\imagej\jre\bin\javaw.exe] => (Allow) C:\program files\imagej\jre\bin\javaw.exe
FirewallRules: [UDP Query User{F2F1B931-382D-49C2-9A40-F97B46DBB8E2}C:\program files\imagej\jre\bin\javaw.exe] => (Allow) C:\program files\imagej\jre\bin\javaw.exe
FirewallRules: [TCP Query User{3B54D67A-7EFA-4EB2-80BC-5D9CAD379204}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{C0ADDA59-A119-4F49-AE47-70C645A6184A}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [{AFC477CA-7555-4B9D-B3B0-49684E7F6959}] => (Allow) C:\Program Files\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{7D4644DD-A9AA-4725-A6AF-F88A664949D8}] => (Allow) C:\Program Files\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{0EEEE83D-EE60-49BA-B902-F59CB6495BE7}] => (Allow) C:\Program Files\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{D4612235-04C1-4F4E-A60A-4AD76EB1658D}] => (Allow) C:\Program Files\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{102FDC0C-F00C-4CF5-AE29-AB617C039A9E}] => (Allow) C:\Program Files\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{9AB85B32-7E45-4F1C-B70B-44935B760177}] => (Allow) C:\Program Files\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{6BAF254C-B453-41B7-AF03-99AFED89CB78}] => (Allow) C:\Program Files\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{CD627BB3-6743-4DAA-9B0F-9044308D1709}] => (Allow) C:\Program Files\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{8AF3EF8F-63D8-4DEA-BC24-29F5942374AF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{23BFA937-4B71-4929-9082-F316A0AA14D9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A95D0535-BF1B-4BA8-B145-35AA06F1E9B1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{498476BB-0D98-4B58-BF22-0191955080AE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B7E5C42D-D0C9-4AEB-B2F2-6AEDDF85CC3D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/26/2015 11:19:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.1.5611, Zeitstempel: 0x55541a90
Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.1.5611, Zeitstempel: 0x55540a1e
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x220
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (05/26/2015 08:06:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: googleearth.exe, Version: 7.1.2.2041, Zeitstempel: 0x525310f1
Name des fehlerhaften Moduls: googleearth_free.dll, Version: 0.0.0.0, Zeitstempel: 0x525310cb
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00b5e892
ID des fehlerhaften Prozesses: 0x1da4
Startzeit der fehlerhaften Anwendung: 0xgoogleearth.exe0
Pfad der fehlerhaften Anwendung: googleearth.exe1
Pfad des fehlerhaften Moduls: googleearth.exe2
Berichtskennung: googleearth.exe3

Error: (05/25/2015 05:32:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 14dc

Startzeit: 01d09638b38be4f5

Endzeit: 16

Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe

Berichts-ID: 9ffb1fb1-02fb-11e5-9af6-002522a3b3ce

Error: (05/24/2015 04:41:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 12d4

Startzeit: 01d09579936b66c3

Endzeit: 14

Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe

Berichts-ID: 5371808d-022b-11e5-9af6-002522a3b3ce

Error: (05/23/2015 05:41:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1750

Startzeit: 01d0952c152acd8f

Endzeit: 24

Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe

Berichts-ID: 88bdd972-016a-11e5-9af6-002522a3b3ce

Error: (05/22/2015 06:08:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15a0

Startzeit: 01d0901f4bb90c5c

Endzeit: 237

Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe

Berichts-ID: 21518198-00a5-11e5-860b-002522a3b3ce

Error: (05/16/2015 08:34:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm PhotoFiltre.exe, Version 6.3.1.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 70

Startzeit: 01d0900f09ab350e

Endzeit: 32

Anwendungspfad: C:\Program Files\PhotoFiltre\PhotoFiltre.exe

Berichts-ID:

Error: (05/12/2015 09:03:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1898

Startzeit: 01d08ca335a7640b

Endzeit: 831

Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe

Berichts-ID: e6f4f83b-f8e1-11e4-9008-002522a3b3ce

Error: (05/11/2015 11:00:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f64

Startzeit: 01d08c3053343ebd

Endzeit: 17

Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe

Berichts-ID: 259794bf-f829-11e4-9008-002522a3b3ce

Error: (05/11/2015 08:14:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e68

Startzeit: 01d08a8d0e924226

Endzeit: 1147

Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe

Berichts-ID: edbb3b24-f811-11e4-9008-002522a3b3ce


System errors:
=============
Error: (05/26/2015 07:09:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/26/2015 07:08:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/26/2015 07:07:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (05/26/2015 07:07:06 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/26/2015 07:05:12 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (05/26/2015 09:27:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/26/2015 09:26:06 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (05/26/2015 09:26:00 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/26/2015 09:23:25 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (05/26/2015 09:23:10 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}


Microsoft Office:
=========================
Error: (05/26/2015 11:19:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.1.561155541a90mozalloc.dll38.0.1.561155540a1e8000000300001aa122001d0979489fcad08C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllb1d253cf-0390-11e5-b356-002522a3b3ce

Error: (05/26/2015 08:06:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: googleearth.exe7.1.2.2041525310f1googleearth_free.dll0.0.0.0525310cbc000040900b5e8921da401d0972517a9f125C:\Program Files\Google\Google Earth\client\googleearth.exeC:\Program Files\Google\Google Earth\client\googleearth_free.dllac6b2396-0375-11e5-9af6-002522a3b3ce

Error: (05/25/2015 05:32:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.014dc01d09638b38be4f516C:\Program Files\RaschesSpiele3\RasCard3_0.exe9ffb1fb1-02fb-11e5-9af6-002522a3b3ce

Error: (05/24/2015 04:41:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.012d401d09579936b66c314C:\Program Files\RaschesSpiele3\RasCard3_0.exe5371808d-022b-11e5-9af6-002522a3b3ce

Error: (05/23/2015 05:41:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.0175001d0952c152acd8f24C:\Program Files\RaschesSpiele3\RasCard3_0.exe88bdd972-016a-11e5-9af6-002522a3b3ce

Error: (05/22/2015 06:08:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.015a001d0901f4bb90c5c237C:\Program Files\RaschesSpiele3\RasCard3_0.exe21518198-00a5-11e5-860b-002522a3b3ce

Error: (05/16/2015 08:34:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: PhotoFiltre.exe6.3.1.07001d0900f09ab350e32C:\Program Files\PhotoFiltre\PhotoFiltre.exe

Error: (05/12/2015 09:03:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.0189801d08ca335a7640b831C:\Program Files\RaschesSpiele3\RasCard3_0.exee6f4f83b-f8e1-11e4-9008-002522a3b3ce

Error: (05/11/2015 11:00:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.0f6401d08c3053343ebd17C:\Program Files\RaschesSpiele3\RasCard3_0.exe259794bf-f829-11e4-9008-002522a3b3ce

Error: (05/11/2015 08:14:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.0e6801d08a8d0e9242261147C:\Program Files\RaschesSpiele3\RasCard3_0.exeedbb3b24-f811-11e4-9008-002522a3b3ce


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X2 220 Processor
Percentage of memory in use: 40%
Total physical RAM: 3327.3 MB
Available physical RAM: 1984.59 MB
Total Pagefile: 6652.89 MB
Available Pagefile: 5204.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:156.25 GB) (Free:23.74 GB) NTFS
Drive u: (U_ser) (Fixed) (Total:244.14 GB) (Free:116.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive v: (V_ip) (Fixed) (Total:65.37 GB) (Free:4.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 96854552)
Partition 1: (Not Active) - (Size=156.2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=65.4 GB) - (Type=07 NTFS)

==================== End of log ============================

________________________________________________________________________________________________________

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-05-2015
Ran by alpha (administrator) on GRIZZLY on 26-05-2015 19:11:59
Running from C:\Users\alpha\Downloads
Loaded Profiles: alpha (Available Profiles: alpha)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
() C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
(Hauppauge Computer Works, Inc) C:\Program Files\WinTV\Extend\WinTVExtender.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(XTab system) C:\Program Files\XTab\ProtectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dell Inc.) C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1pl.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDFViewer\PdfPro7Hook.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
(PCTV Systems S.à r.l.) C:\Program Files\Common Files\PCTV Systems\RemoTerm\remoterm.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files\Samsung\Kies\KiesAirMessage.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
(InterVideo Inc.) C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
() C:\Program Files\HPiotr\MSWinSl\MSWinSl.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
() C:\Program Files\HPiotr\MSOffix2010\MSOffix2010.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [UVS10 Preload] => C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-10] (Ulead Systems, Inc.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1681408 2009-09-21] (VIA)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [LauncherC1765nf] => C:\Program Files\Dell Printers\Printer SSW\Launcher\dlm1launcher.exe [2471928 2013-08-13] (Dell Inc.)
HKLM\...\Run: [StatusAutoRunC1765nf] => C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1pl.exe [3024360 2013-02-06] (Dell Inc.)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [36168 2013-05-29] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [18248 2013-05-29] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort14reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [330056 2013-03-14] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFProHook] => C:\Program Files\Nuance\PDFViewer\pdfpro7hook.exe [641864 2013-03-20] (Nuance Communications, Inc.)
HKLM\...\Run: [CloneCDTray] => C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [57344 2004-12-09] (SlySoft, Inc.)
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\Run: [RemoTerm.exe] => C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe [227200 2012-06-06] (PCTV Systems S.à r.l.)
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics)
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\MountPoints2: {2ad831f8-e489-11e2-b698-002522a3b3ce} - F:\AutoRun.exe
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\MountPoints2: {2ad831fd-e489-11e2-b698-002522a3b3ce} - F:\AutoRun.exe
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\MountPoints2: {e89fa41a-77b8-11e2-9f9d-002522a3b3ce} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2013-01-16]
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk [2012-12-23]
ShortcutTarget: InterVideo WinCinema Manager.lnk -> C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinScheduler.lnk [2012-12-23]
ShortcutTarget: InterVideo WinScheduler.lnk -> C:\Program Files\InterVideo\WinDVR\WinScheduler.exe (InterVideo Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk [2013-07-04]
ShortcutTarget: Launcher.lnk -> C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk [2013-01-16]
ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\alpha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSOffix2010_Reminder.lnk [2012-12-26]
ShortcutTarget: MSOffix2010_Reminder.lnk -> C:\Program Files\HPiotr\MSOffix2010_Reminder\MSOffix2010_Reminder.exe ()
Startup: C:\Users\alpha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSWinSl.lnk [2012-12-26]
ShortcutTarget: MSWinSl.lnk -> C:\Program Files\HPiotr\MSWinSl\MSWinSl.exe ()
Startup: C:\Users\alpha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2012-12-23]
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-22] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91&q={searchTerms}
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ef0745b4-bdad-bf5e-5d29-9aa18ace4082&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=04/03/2014&type=hp1000
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91&q={searchTerms}
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ef0745b4-bdad-bf5e-5d29-9aa18ace4082&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=04/03/2014&type=hp1000
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03203&utm_campaign=install_ie&utm_content=ds&from=wpm03203&uid=395049983_1052515_F4F8DD91&ts=1426844859&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP3A02F2EF-6CB4-47FB-9AEE-985BF84EC088&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03203&utm_campaign=install_ie&utm_content=ds&from=wpm03203&uid=395049983_1052515_F4F8DD91&ts=1426844859&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03203&utm_campaign=install_ie&utm_content=ds&from=wpm03203&uid=395049983_1052515_F4F8DD91&ts=1426844859&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03203&utm_campaign=install_ie&utm_content=ds&from=wpm03203&uid=395049983_1052515_F4F8DD91&ts=1426844859&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03203&utm_campaign=install_ie&utm_content=ds&from=wpm03203&uid=395049983_1052515_F4F8DD91&ts=1426844859&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03203&utm_campaign=install_ie&utm_content=ds&from=wpm03203&uid=395049983_1052515_F4F8DD91&ts=1426844859&type=default&q={searchTerms}
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\XTab\SupTab.dll [2015-03-20] (Thinknice Co. Limited)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDFViewer\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-22] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{7C3417E8-24A8-43E5-A023-C40B1609E793}: [NameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91

FireFox:
========
FF ProfilePath: C:\Users\alpha\AppData\Roaming\Mozilla\Firefox\Profiles\mfyfgikt.default-1427573157077
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll [2008-03-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDFViewer\bin\nppdf.dll [2011-07-15] (Zeon Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\webssearches.xml [2015-01-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-23]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\alpha\AppData\Roaming\Mozilla\Firefox\Profiles\yjkweciu.default\extensions\faststartff@gmail.com
FF HKLM\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\alpha\AppData\Roaming\Mozilla\Firefox\Profiles\yjkweciu.default\extensions\searchengine@gmail.com
FF HKLM\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\alpha\AppData\Roaming\Mozilla\Firefox\Profiles\yjkweciu.default\extensions\istart_ffnt@gmail.com

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ALDITALKVerbindungsassistent_Service; C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2013-07-04] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-22] (Avast Software)
R2 DLNBDB; C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe [191464 2013-02-06] ()
R2 Hauppauge WinTV Extender; C:\Program Files\WinTV\Extend\WinTVExtender.exe [71680 2012-05-31] (Hauppauge Computer Works, Inc) []
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [577536 2012-08-24] (Hauppauge Computer Works) []
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158816 2015-03-20] (XTab system)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-05-29] (Nuance Communications, Inc.)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-29] (Ulead Systems, Inc.) []
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [499200 2015-03-28] () [] <==== ATTENTION
S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 sppsvc; %SystemRoot%\system32\sppsvc.exe [X]
S4 sppuinotify; %SystemRoot%\system32\sppuinotify.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) []
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-22] ()
S3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [44544 2009-08-24] (AzureWave Technologies, Inc.)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [26240 2004-08-31] (SlySoft, Inc.) []
R2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [9856 2004-07-21] (Elaborate Bytes AG) []
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [3968 2004-06-08] (Elaborate Bytes AG) []
R3 hcwD1capture; C:\Windows\System32\DRIVERS\hcwD1cap.sys [197488 2012-06-04] (Hauppauge Computer Works, Inc.)
S3 hcwD1encoder; C:\Windows\System32\DRIVERS\hcwD1xcd.sys [8582512 2012-06-04] (ViXS Systems Inc.)
S3 PCTVStargate; C:\Windows\System32\DRIVERS\Stargate.sys [122240 2009-10-20] (Hauppauge Computer Works! )
R3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-13] (NXP Semiconductors)
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2012-12-23] (Duplex Secure Ltd.)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1521544 2010-04-16] (Syntek)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-22] (Avast Software)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-23] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-23] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-23] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\System32\DRIVERS\vpcuxd.sys [12800 2009-09-23] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [294912 2009-09-23] (Microsoft Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [151552 2011-10-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [192000 2011-10-20] (VIA Technologies, Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () []

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 19:11 - 2015-05-26 19:12 - 00022483 _____ () C:\Users\alpha\Downloads\FRST.txt
2015-05-26 19:11 - 2015-05-26 19:12 - 00000000 ____D () C:\FRST
2015-05-26 19:10 - 2015-05-26 19:10 - 01147392 _____ (Farbar) C:\Users\alpha\Downloads\FRST.exe
2015-05-26 19:01 - 2015-05-26 19:04 - 00000582 _____ () C:\Users\alpha\Downloads\defogger_disable.log
2015-05-26 19:01 - 2015-05-26 19:04 - 00000176 _____ () C:\Users\alpha\defogger_reenable
2015-05-26 19:00 - 2015-05-26 19:00 - 00050477 _____ () C:\Users\alpha\Downloads\Defogger.exe
2015-05-26 18:59 - 2015-05-26 18:59 - 00668711 _____ () C:\Users\alpha\Downloads\MacKeeper.pkg
2015-05-20 18:06 - 2015-05-23 08:43 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-05-18 19:29 - 2015-05-18 19:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-12 21:30 - 2015-05-12 21:30 - 00000000 ____D () C:\Users\alpha\Tracing
2015-05-01 11:43 - 2015-05-01 11:43 - 00001763 _____ () C:\Users\alpha\Downloads\ESt_1_A_2014.xml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 19:10 - 2012-12-23 17:10 - 01594194 _____ () C:\Windows\WindowsUpdate.log
2015-05-26 19:06 - 2012-12-23 23:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-26 19:06 - 2012-12-23 20:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-26 19:05 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-26 19:05 - 2009-07-14 05:39 - 02467604 _____ () C:\Windows\setupact.log
2015-05-26 19:02 - 2012-12-23 20:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-26 19:01 - 2012-12-23 17:10 - 00000000 ____D () C:\Users\alpha
2015-05-26 18:37 - 2013-07-30 13:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-26 09:24 - 2013-01-16 21:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-24 12:25 - 2012-12-23 17:13 - 01794430 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-22 23:13 - 2013-07-30 13:23 - 00000000 ____D () C:\Users\alpha\AppData\Roaming\vlc
2015-05-20 23:06 - 2012-12-23 21:36 - 00000000 ____D () C:\Users\alpha\AppData\Roaming\Skype
2015-05-17 11:45 - 2014-12-25 19:29 - 00000000 ____D () C:\Users\alpha\AppData\Roaming\.oit
2015-05-17 08:42 - 2014-12-25 22:11 - 00000000 _____ () C:\sparkraw.log
2015-05-16 18:56 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-16 18:46 - 2015-01-03 15:39 - 00000000 ____D () C:\Users\alpha\AppData\Roaming\Swiftdata
2015-05-12 21:30 - 2014-10-13 21:30 - 00000000 ___RD () C:\Program Files\Skype
2015-05-12 21:30 - 2012-12-23 21:36 - 00000000 ____D () C:\ProgramData\Skype
2015-05-01 12:22 - 2012-12-23 20:50 - 00000000 ____D () C:\Users\alpha\Documents\Visual Studio 2008
2015-04-27 20:43 - 2012-12-23 18:50 - 00000600 _____ () C:\Users\alpha\AppData\Roaming\winscp.rnd

==================== Files in the root of some directories =======

2012-12-23 18:50 - 2015-04-27 20:43 - 0000600 _____ () C:\Users\alpha\AppData\Roaming\winscp.rnd
2013-07-26 17:02 - 2013-08-18 19:32 - 0007680 _____ () C:\Users\alpha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-26 22:02 - 2012-12-26 22:44 - 0007598 _____ () C:\Users\alpha\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\alpha\DeepBurner19.exe


Some files in TEMP:
====================
C:\Users\alpha\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-20 15:29

==================== End of log ============================

______________________________________________________________________________________________
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-26 20:32:45
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000064 ST350041 rev.JC4B 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\alpha\AppData\Local\Temp\pwtdqpow.sys


---- System - GMER 2.1 ----

SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwAddBootEntry [0x9126EACC]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwAllocateVirtualMemory [0x9132B2F0]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwAssignProcessToJobObject [0x9126F5AA]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwCreateEvent [0x9127B67A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwCreateEventPair [0x9127B6C6]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwCreateIoCompletion [0x9127B860]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwCreateMutant [0x9127B5E8]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwCreateSection [0x9132B6CA]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwCreateSemaphore [0x9127B630]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwCreateThread [0x9132B95A]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwCreateThreadEx [0x9132BA44]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwCreateTimer [0x9127B81A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwDebugActiveProcess [0x91270398]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwDeleteBootEntry [0x9126EB32]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwDuplicateObject [0x9132BB48]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwFreeVirtualMemory [0x9132B3C8]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwLoadDriver [0x91328762]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwMapViewOfSection [0x9132B7AA]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwModifyBootEntry [0x9126EB98]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwNotifyChangeKey [0x91273FE0]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwNotifyChangeMultipleKeys [0x91270EDC]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwOpenEvent [0x9127B6A4]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwOpenEventPair [0x9127B6E8]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwOpenIoCompletion [0x9127B884]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwOpenMutant [0x9127B60E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwOpenProcess [0x912734E2]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwOpenSection [0x9127B798]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwOpenSemaphore [0x9127B658]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwOpenThread [0x912738CE]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwOpenTimer [0x9127B83E]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwProtectVirtualMemory [0x9132B548]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwQueryObject [0x91270CF4]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwQueueApcThreadEx [0x91270A02]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwSetBootEntryOrder [0x9126EBFE]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwSetBootOptions [0x9126EC64]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwSetContextThread [0x9132B8A6]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwSetSystemInformation [0x9126E7B8]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwSetSystemPowerState [0x9126E98A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwShutdownSystem [0x9126E918]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwSuspendProcess [0x91270562]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwSuspendThread [0x912706C4]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwSystemDebugControl [0x9126EA12]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwTerminateProcess [0x9132B616]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwTerminateThread [0x912701F2]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwUnloadDriver [0x91328792]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                             ZwVdmControl [0x9126ECCA]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                              ZwWriteVirtualMemory [0x9132B47A]

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwSaveKey + 13C1                                                                                       82E58339 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82E91D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                                 82E98DC0 4 Bytes  [CC, EA, 26, 91]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                                 82E98DE8 4 Bytes  [F0, B2, 32, 91] {MOV DL, 0x32; XCHG ECX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                 82E98E48 4 Bytes  [AA, F5, 26, 91] {STOSB ; CMC ; XCHG ECX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                                 82E98E9C 8 Bytes  [7A, B6, 27, 91, C6, B6, 27, ...]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                                 82E98EA8 4 Bytes  [60, B8, 27, 91]
.text  ...                                                                                                                 
PAGE   ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                                         8305426D 4 Bytes  CALL 912715C3 \SystemRoot\system32\drivers\aswSnx.sys
PAGE   ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                                        8306E02C 4 Bytes  CALL 912715D9 \SystemRoot\system32\drivers\aswSnx.sys

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\AVAST Software\Avast\avastui.exe[1224] kernel32.dll!SetUnhandledExceptionFilter                    77DA3D01 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text  C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1396] kernel32.dll!SetUnhandledExceptionFilter                   77DA3D01 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtCreateFile + 6                77C455CE 4 Bytes  [28, D0, 17, 00]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtCreateFile + B                77C455D3 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtCreateKey + 6                 77C4560E 4 Bytes  [68, D1, 17, 00]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtCreateKey + B                 77C45613 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtCreateMutant + 6              77C4564E 4 Bytes  [68, D2, 17, 00]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtCreateMutant + B              77C45653 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtCreateSection + 6             77C456EE 4 Bytes  [A8, D2, 17, 00]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtCreateSection + B             77C456F3 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtMapViewOfSection + B          77C45C33 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenFile + 6                  77C45CDE 4 Bytes  [68, D0, 17, 00]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenFile + B                  77C45CE3 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenKey + 6                   77C45D0E 4 Bytes  [A8, D1, 17, 00]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenKey + B                   77C45D13 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenKeyEx + B                 77C45D23 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenMutant + 6                77C45D5E 4 Bytes  [28, D2, 17, 00]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenMutant + B                77C45D63 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenProcess + 6               77C45D8E 4 Bytes  [68, D3, 17, 00]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenProcess + B               77C45D93 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenProcessToken + 6          77C45D9E 4 Bytes  [A8, D3, 17, 00]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenProcessToken + B          77C45DA3 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenProcessTokenEx + 6        77C45DAE 4 Bytes  [68, D4, 17, 00]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenProcessTokenEx + B        77C45DB3 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenSection + B               77C45DD3 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenThread + 6                77C45E0E 4 Bytes  [28, D3, 17, 00]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenThread + B                77C45E13 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenThreadToken + 6           77C45E1E 4 Bytes  [28, D4, 17, 00]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenThreadToken + B           77C45E23 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenThreadTokenEx + 6         77C45E2E 4 Bytes  [A8, D4, 17, 00]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenThreadTokenEx + B         77C45E33 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtQueryAttributesFile + 6       77C45F3E 4 Bytes  [A8, D0, 17, 00]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtQueryAttributesFile + B       77C45F43 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtQueryFullAttributesFile + B   77C45FF3 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtSetInformationFile + 6        77C4663E 4 Bytes  [28, D1, 17, 00]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtSetInformationFile + B        77C46643 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtSetInformationThread + B      77C466A3 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtUnmapViewOfSection + 6        77C469BE 4 Bytes  [28, D5, 17, 00]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtUnmapViewOfSection + B        77C469C3 1 Byte  [E2]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] kernel32.dll!CreateProcessW               77D5204D 5 Bytes  JMP 00180030 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] kernel32.dll!CreateProcessA               77D52082 5 Bytes  JMP 00180070 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!DeleteObject                    76245F14 5 Bytes  JMP 003A01B0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SelectObject                    76246640 5 Bytes  JMP 003A05F0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SetTextColor                    76246906 5 Bytes  JMP 003A0A30 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SetBkMode                       762469B1 5 Bytes  JMP 003A08F0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!DeleteDC                        76246EAA 5 Bytes  JMP 003A0170 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetDeviceCaps                   76246F7F 5 Bytes  JMP 003A03B0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!ExtSelectClipRgn                76247114 5 Bytes  JMP 003A02F0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SelectClipRgn                   76247242 5 Bytes  JMP 003A05B0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SetStretchBltMode               76247705 5 Bytes  JMP 003A06B0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetCurrentObject                76247917 5 Bytes  JMP 003A0370 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetTextMetricsW                 76247B8F 5 Bytes  JMP 003A0E30 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetTextAlign                    76247DAF 5 Bytes  JMP 003A0D70 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!IntersectClipRect               76247DFE 5 Bytes  JMP 003A03F0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!ExtTextOutW                     76248192 5 Bytes  JMP 003A0970 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SetTextAlign                    7624828E 5 Bytes  JMP 003A09F0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetClipBox                      76248525 5 Bytes  JMP 003A0330 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!MoveToEx                        76248C21 5 Bytes  JMP 003A0470 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!StretchDIBits                   7624A53E 5 Bytes  JMP 003A0770 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!RestoreDC                       7624A67B 5 Bytes  JMP 003A0530 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SaveDC                          7624A74B 5 Bytes  JMP 003A0570 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetTextExtentPoint32W           7624B4B5 5 Bytes  JMP 003A0670 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetTextFaceW                    7624B73A 2 Bytes  JMP 003A0D30 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetTextFaceW + 3                7624B73D 2 Bytes  [15, 8A]
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetFontData                     7624BCC4 5 Bytes  JMP 003A0C70 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SetWorldTransform               7624C90A 5 Bytes  JMP 003A06F0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!CreateDCA                       7624CCA9 5 Bytes  JMP 003A00B0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!CreateDCW                       7624CF79 5 Bytes  JMP 003A00F0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!CreateICW                       7624CFD0 5 Bytes  JMP 003A0130 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetTextMetricsA                 7624D0F2 5 Bytes  JMP 003A0DF0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!Rectangle                       7624F1FF 5 Bytes  JMP 003A09B0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!LineTo                          7624F59B 5 Bytes  JMP 003A0430 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SetICMMode                      7624FAA4 5 Bytes  JMP 003A0DB0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!ExtTextOutA                     762503F9 5 Bytes  JMP 003A0930 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetTextExtentPoint32A           762507B0 5 Bytes  JMP 003A0630 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!ExtEscape                       76252949 5 Bytes  JMP 003A02B0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!Escape                          76253939 5 Bytes  JMP 003A0270 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetTextFaceA                    76253E6A 5 Bytes  JMP 003A0CF0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SetPolyFillMode                 7625D851 5 Bytes  JMP 003A0B30 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SetMiterLimit                   7625DA0D 5 Bytes  JMP 003A0B70 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!EndPage                         762600D7 5 Bytes  JMP 003A0230 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!ResetDCW                        7626050D 5 Bytes  JMP 003A0AB0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetGlyphOutlineW                7626C1BA 5 Bytes  JMP 003A0CB0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!CreateScalableFontResourceW     7626E817 5 Bytes  JMP 003A0BB0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!AddFontResourceW                7626EC13 5 Bytes  JMP 003A0BF0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!RemoveFontResourceW             7626F109 5 Bytes  JMP 003A0C30 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!AbortDoc                        76274C63 5 Bytes  JMP 003A0030 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!EndDoc                          762750AA 5 Bytes  JMP 003A01F0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!StartPage                       76275195 5 Bytes  JMP 003A0730 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!StartDocW                       76275BB0 5 Bytes  JMP 003A07F0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!BeginPath                       7627635D 5 Bytes  JMP 003A0830 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SelectClipPath                  762763B4 5 Bytes  JMP 003A0AF0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!CloseFigure                     7627640F 5 Bytes  JMP 003A0070 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!EndPath                         76276466 5 Bytes  JMP 003A0A70 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!StrokePath                      76276699 5 Bytes  JMP 003A07B0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!FillPath                        76276726 5 Bytes  JMP 003A0870 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!PolylineTo                      76276B94 5 Bytes  JMP 003A04F0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!PolyBezierTo                    76276C25 5 Bytes  JMP 003A04B0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!PolyDraw                        76276CD7 5 Bytes  JMP 003A08B0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!ActivateKeyboardLayout         77138203 5 Bytes  JMP 003B04F0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!ScreenToClient                 7713A506 7 Bytes  JMP 003B0670 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!RegisterClipboardFormatA       7713C091 5 Bytes  JMP 003B02F0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!RegisterClipboardFormatW       7713DF8D 5 Bytes  JMP 003B02B0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!SetCursor                      77143075 5 Bytes  JMP 003B0530 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!MonitorFromWindow              77143622 7 Bytes  JMP 003B0630 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!PostMessageW                   7714447B 5 Bytes  JMP 003B05F0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!IsWindowVisible                77144D69 7 Bytes  JMP 003B06B0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetClientRect                  771454DD 7 Bytes  JMP 003B05B0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!MapWindowPoints                77145CAA 5 Bytes  JMP 003B0570 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetParent                      77146029 7 Bytes  JMP 003B06F0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!EmptyClipboard                 7715290C 5 Bytes  JMP 003B0130 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!SetClipboardData               77152962 5 Bytes  JMP 003B0170 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetClipboardData               77152BA7 5 Bytes  JMP 003B0030 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetClipboardFormatNameW        77155FD2 5 Bytes  JMP 003B0230 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!SetClipboardViewer             77156FF6 5 Bytes  JMP 003B04B0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetClipboardFormatNameA        7715700A 5 Bytes  JMP 003B0270 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!ChangeClipboardChain           7716147C 5 Bytes  JMP 003B0430 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetTopWindow                   771624D9 7 Bytes  JMP 003B0730 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!CloseClipboard                 7716446C 5 Bytes  JMP 003B00B0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!OpenClipboard                  7716447E 5 Bytes  JMP 003B0070 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!IsClipboardFormatAvailable     771644FF 5 Bytes  JMP 003B00F0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetClipboardSequenceNumber     77164513 5 Bytes  JMP 003B0330 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetClipboardOwner              77164525 5 Bytes  JMP 003B0370 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!CountClipboardFormats          7716470A 5 Bytes  JMP 003B01F0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!EnumClipboardFormats           771647EC 5 Bytes  JMP 003B01B0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetOpenClipboardWindow         7716480B 5 Bytes  JMP 003B03F0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!SetCursorPos                   7717C1B0 5 Bytes  JMP 003B0770 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetClipboardViewer             77194AF7 5 Bytes  JMP 003B0470 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetPriorityClipboardFormat     77194BF9 5 Bytes  JMP 003B03B0 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ole32.dll!OleSetClipboard                 762F0045 5 Bytes  JMP 003C0030 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ole32.dll!OleIsCurrentClipboard           762F36B2 5 Bytes  JMP 003C0070 
.text  C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ole32.dll!OleGetClipboard                 7631FDCD 5 Bytes  JMP 003C00B0 
.text  C:\Program Files\Mozilla Firefox\plugin-container.exe[1552] ntdll.dll!LdrLoadDll                                    77C622B8 3 Bytes  JMP 7351901C C:\Program Files\Mozilla Firefox\mozglue.dll
.text  C:\Program Files\Mozilla Firefox\plugin-container.exe[1552] ntdll.dll!LdrLoadDll + 4                                77C622BC 1 Byte  [FB]
.text  C:\Program Files\Mozilla Firefox\plugin-container.exe[1552] USER32.dll!RegisterMessagePumpHook + 2F1                77138B9E 7 Bytes  JMP 583F5A20 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\plugin-container.exe[1552] USER32.dll!IsDialogMessageW + 340                       77144444 7 Bytes  JMP 583F5AF5 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\plugin-container.exe[1552] USER32.dll!GetWindowInfo                                77144B5E 5 Bytes  JMP 583F7DAF C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\plugin-container.exe[1552] USER32.dll!ToUnicodeEx + 71                             77152223 7 Bytes  JMP 583F63D0 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3664] ntdll.dll!DbgBreakPoint                    77C340F0 1 Byte  [C3]
.text  C:\Windows\Explorer.EXE[3708] SHELL32.dll!SHFileOperationW                                                          764496F6 5 Bytes  JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!NtCreateFile                                           77C455C8 5 Bytes  JMP 577F9BE7 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!NtFlushBuffersFile                                     77C45958 5 Bytes  JMP 577F99A6 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!NtQueryFullAttributesFile                              77C45FE8 5 Bytes  JMP 577F9ADA C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!NtReadFile                                             77C462B8 5 Bytes  JMP 577F99E0 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!NtReadFileScatter                                      77C462C8 5 Bytes  JMP 57B09DF5 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!NtWriteFile                                            77C46A68 5 Bytes  JMP 577F9D33 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!NtWriteFileGather                                      77C46A78 5 Bytes  JMP 57B09E45 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!LdrUnloadDll                                           77C5C8DE 5 Bytes  JMP 000E03FC 
.text  C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!LdrLoadDll                                             77C622B8 3 Bytes  JMP 7351901C C:\Program Files\Mozilla Firefox\mozglue.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!LdrLoadDll + 4                                         77C622BC 1 Byte  [FB]
.text  C:\Program Files\Mozilla Firefox\firefox.exe[5812] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D                    77D98996 7 Bytes  JMP 57AF526B C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[5812] KERNEL32.dll!GetEnvironmentStringsA + 11                         77DA2FB1 7 Bytes  JMP 57AF6A29 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[5812] KERNEL32.dll!BaseThreadInitThunk + C9                            77DA3CFC 7 Bytes  JMP 578A4308 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[5812] user32.dll!GetWindowInfo                                         77144B5E 5 Bytes  JMP 57871E07 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[5812] GDI32.dll!GetViewportOrgEx + 26C                                 7624884B 7 Bytes  JMP 57AF3A49 C:\Program Files\Mozilla Firefox\xul.dll

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x1A 0xB3 0xB2 0x9C ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xFE 0x94 0xB0 0x85 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x84 0x6F 0xA6 0x54 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x1A 0xB3 0xB2 0x9C ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xFE 0x94 0xB0 0x85 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x84 0x6F 0xA6 0x54 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xC8 0x28 0x51 0xAF ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x71 0x3B 0x04 0x66 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0x25 0xDA 0xEC 0x7E ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x86 0x8C 0x21 0x01 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xCD 0x44 0xCD 0xB9 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xB0 0x18 0xED 0xA7 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0xFB 0xA7 0x78 0xE6 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x83 0x6C 0x56 0x8B ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xF6 0x0F 0x4E 0x58 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0xB1 0xCD 0x45 0x5A ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0xE3 0x0E 0x66 0xD5 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 2.1 ----
         
--- --- --- =================================================================================
Angehängte Dateien
Dateityp: txt Addition.txt (35,4 KB, 107x aufgerufen)
Dateityp: log defogger_disable.log (582 Bytes, 70x aufgerufen)
Dateityp: txt FRST.txt (26,3 KB, 91x aufgerufen)
Dateityp: txt GMER.txt (42,9 KB, 69x aufgerufen)

Geändert von picus (26.05.2015 um 22:39 Uhr)

Alt 26.05.2015, 21:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung - Standard

Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung



Hi und

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 20.07.2015, 18:16   #3
picus
 
Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung - Standard

Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung



Hallo, nun möchte ich doch 'mal nachhaken ...
oder hat schon irgendein guter Geist etwas zur Lösung
oder besser gesagt "zur Erlösung von den Übel" hinterlegt?
Danke
picus
__________________

Alt 20.07.2015, 22:35   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung - Standard

Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung



Wenn du im Nachhinein editierst, bekommt man keine Benachrichtigung darüber...

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    webssearches uninstall

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung
anderen, antivir, bild, diverse, fenster, firefox, google, heute, installmanager.exe, interne, internet, klicke, klicken, link, morgen, probleme, protokoll, required, scan, scanner, seiten, unerwünschte, virenscan, virenscanner, webseite, werbung, windows, windows 7, zusätzliche



Ähnliche Themen: Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung


  1. Beim anklicken öffnen sich ständig neue Werbeseiten und Werbung ohne Ende
    Plagegeister aller Art und deren Bekämpfung - 08.10.2015 (13)
  2. Firefox öffnet bei Aktion neues Fenster mit Werbung bzw unerwünschter Seite
    Plagegeister aller Art und deren Bekämpfung - 11.09.2015 (8)
  3. Link Klick öffnet zunächst eine Link Fremde Seite " Casino Werbung " " Siele Werbung " "Erotik Seiten " oder ähnliches!
    Plagegeister aller Art und deren Bekämpfung - 26.08.2015 (17)
  4. PC bleibt beim anklicken von PDF-Dateien oder dem Facebook-Login mit Firefox kurz hängen
    Alles rund um Windows - 14.03.2015 (2)
  5. Wenn ich irgendwo im Chrome auf der Seite klicke, öffnet sich eine neue Tab mit Werbung
    Log-Analyse und Auswertung - 26.10.2014 (12)
  6. Beim Anklicken von Links öffnet sich http://open.url.ph/70244
    Log-Analyse und Auswertung - 23.02.2014 (21)
  7. Win 7: IE 11 öffnet falsche/zusätzliche Seiten/Werbung (TubeSaver)
    Log-Analyse und Auswertung - 17.12.2013 (7)
  8. unerwünschte Weiterleitung im Firefox beim Anklicken von Google-Suchergebnissen
    Plagegeister aller Art und deren Bekämpfung - 19.02.2012 (78)
  9. Mozila Firefox öffnet einfach eine leere Seite
    Log-Analyse und Auswertung - 17.10.2011 (1)
  10. Firefox öffnet ohne ersichtlichen Grund eine leere Seite
    Plagegeister aller Art und deren Bekämpfung - 09.07.2011 (12)
  11. Firefox öffnet im Leerlauf eine Merkwürde Seite ohne Inhalt.
    Plagegeister aller Art und deren Bekämpfung - 13.06.2011 (9)
  12. Beim Start öffnet sich immer kurz ein scwarzes fenster + Opera öffnet immer eine Seite
    Log-Analyse und Auswertung - 06.06.2011 (10)
  13. Firefox öffnet Tabs mit Werbung / Anstelle einer verlinkten URL öffnet sich Werbung
    Plagegeister aller Art und deren Bekämpfung - 08.08.2010 (4)
  14. fremde seite öffnet sich In Mozilla firefox beim Surfen.
    Plagegeister aller Art und deren Bekämpfung - 25.07.2010 (37)
  15. Virus: Beim Start Grauer Bildschirm, Öffnet Werbung in Firefox und IE
    Plagegeister aller Art und deren Bekämpfung - 10.04.2010 (5)
  16. Firefox öffnet ständig Werbung und öffnet nie die gewünschte Seite
    Log-Analyse und Auswertung - 05.06.2009 (2)
  17. Firefox lahmt rum und leitet beim Anklicken von links auf irgendwelche Werbeseiten um
    Log-Analyse und Auswertung - 12.11.2008 (1)

Zum Thema Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung - Hallo, kam heute morgen erst nach Neuverbindung des Routers wieder ins Internet (vom Stromnetz wegnehmen allein funzte nicht). Danach hatte ich die o.a. Probleme - ob nun Zufall oder nicht. - Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung...
Archiv
Du betrachtest: Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.