| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Problem mit Delta Search.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.04.2013, 18:54
| #1 |
| |  Problem mit Delta Search. Hallo liebes Trojaner-Board-Team, schönen Abend wünsche ich. Leider habe ich mir auf meinem Laptop den Delta Search Virus gefangen. Wenn ich Firefox starte, erscheint als Startseite "Delta-Search". Außerdem erscheint des Öfteren ein Werbefenster im Internetexplorer, welches ich natürlich nicht angeklickt habe. Dies geschieht bei Firefox und dem IE. Leider kann ich nicht mehr nachvollziehen mit welchem Download ich mir den Plagegeist gefangen habe, da mein Bruder in letzter Zeit mehrere Downloads getätigt hat und ich den Laptop zu dieser Zeit nicht oft benutzt habe. Ich habe am 21.03.13 einen Scan mit Bullguard gemacht, dieser hat mir folgenden Fund ausgespuckt: HTML-Code: E:\setup.exe Details Risiko: HOCH Verhalten: Das Programm setup.exe versuchte, sich selbst an mehrere Stellen zu kopieren. Zeit: 2013/03/21 11:43:20 Aktionen Zulassen: Erfolgreich Jedenfalls habe ich dann am 23.03.2013 noch einen Scan gemacht, der aber nur Cookies zum Vorschein gebracht hat. Dann am 11.04.13 einen, der lautet : Keine Infektionen gefunden. Trotzdem hat sich auch optisch nichts verändert, Delta Search ist nach wie vor da. Ich hoffe ich habe mein Problem so beschrieben, dass ich hier Hilfe bekomme! Außerdem hoffe ich, dass ich dieses Thema hier z.B. an der richtigen Stelle gepostet habe und alle nötigen Informationen aufgelistet habe. Vielen Dank, David! Edit: Mein Betriebssystem ist Windows7 64. Sorry, aber ich habe vergessen die anderen Logs mit in den Thread einzubringen und als der Scan fertig war, war die Stunde Editierzeit schon vorbei, deswegen poste ich die jetzt hier! Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.04.2013 20:12:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Floo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 66,91% Memory free
7,82 Gb Paging File | 6,40 Gb Available in Paging File | 81,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657,54 Gb Total Space | 607,29 Gb Free Space | 92,36% Space Free | Partition Type: NTFS
Drive D: | 38,00 Gb Total Space | 16,16 Gb Free Space | 42,52% Space Free | Partition Type: NTFS
Drive E: | 7,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: FLOO-PC | User Name: Floo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015CF9CF-6BF4-4DE3-8E03-3D44BBFE2CA8}" = rport=137 | protocol=17 | dir=out | app=system |
"{26D57726-07F9-45C0-AFCC-099D98A3D30D}" = lport=137 | protocol=17 | dir=in | app=system |
"{359E9060-FA7D-4A76-9A9E-C5171B78954A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{477597A4-3B2E-4B38-844E-99C6FE748CC5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A65DF23-D9D6-4988-A0DC-84251EE4BCC3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EF315D5-62D3-4A51-8A8D-F45A0DE8CE3B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{75589B8D-A108-4B19-8A16-8B3DC9F0376C}" = lport=445 | protocol=6 | dir=in | app=system |
"{77342834-9760-44AE-9839-40EC3DFB45B7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80EF2BA8-2FED-4115-80CE-67F152F0FA8B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{832B6E93-BA16-43EC-8C66-4392464AAD24}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A3DEE283-3DAD-4D7E-B29C-1F5AB6B247C9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A7981EB1-26A0-4505-A742-C78FB4D4F8EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC54BA2D-9DE7-4D29-8673-C32C50C6F26F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AE095E80-1C25-4D11-B149-A77F72946E2A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B19FD714-1CAB-4057-9834-922306172952}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B265EC17-CD9C-46FF-96DA-E142CE75327E}" = lport=139 | protocol=6 | dir=in | app=system |
"{B97CEA30-5291-48E4-920B-7AF4A95CE2B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE05F585-3490-4600-96BF-A05CE4146E54}" = rport=138 | protocol=17 | dir=out | app=system |
"{D4999BFA-5E71-453B-8E25-1CF9DBFC2ADD}" = rport=139 | protocol=6 | dir=out | app=system |
"{D59A91A5-09E9-4808-9057-640576EA3B2A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DDD9EBED-4784-4004-B693-BF35A2B3ECF7}" = rport=2869 | protocol=6 | dir=out | app=system |
"{E2890DEB-92E0-4FEC-B584-449A03C14CDE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E5843954-95E4-4427-BFAA-631502006492}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E6E9CA23-F1A1-4974-BACC-6FA3F142286A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED059996-1C4F-451E-BE7B-15805036445A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EE9659E1-0617-46E8-BF70-9A7888F7F136}" = lport=138 | protocol=17 | dir=in | app=system |
"{F4A4CDEB-4F7C-487B-A67F-F5CF215E2809}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F605A393-CFF0-471D-9958-4BDA880230AD}" = rport=445 | protocol=6 | dir=out | app=system |
"{F9FD85EB-9A24-41F3-9DD2-B7C7291B9F3E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D90BDF-4592-4F9B-AEDB-8987A9FF2AFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0DDBCF6D-B067-4403-8CD9-AF04A41C9369}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{12856B99-4030-4841-B8BC-B24B5846F87F}" = protocol=17 | dir=in | app=c:\program files (x86)\webcam 7\wlite.exe |
"{19123CD5-5253-48C2-B13B-EB10C6548230}" = protocol=6 | dir=in | app=c:\program files (x86)\webcam 7\wservice.exe |
"{4A678D7F-27E3-4F15-A08D-18FC489DCE1F}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{4ABE867E-8F56-4681-AEB2-B67B259F0609}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4BD8D57B-C139-4645-A317-538E88B53464}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4DCED4EA-7951-4306-ACF2-E11226F269F6}" = protocol=17 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{50514AE0-6F1A-40CE-B796-402C095F5DCE}" = protocol=6 | dir=in | app=c:\program files (x86)\webcam 7\wlite.exe |
"{50AB686D-796B-4406-89EE-0A421A8F9A06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50CEABB1-9C3B-4C78-ABEE-8B3FA22F55AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5AB409ED-0E08-40EC-B503-4260FDB63168}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5C6CC0A4-A09D-439D-893B-536989B8770D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{632114FA-7368-4DEE-8D96-8A63052B905E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6628D21A-848C-443B-912F-ECCE0F348C16}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{6C3C1932-FB58-491A-B0C3-D8B01BBF84EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{73DF9180-E2C4-4034-9557-AFA073670B22}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{79F25BB6-AD3D-4D91-BAD3-04512396AAA8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7A8C3046-9BCB-4419-8FFE-EBA6EB115719}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8CB06A0B-36FF-4D9E-9957-C696AABD2533}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9C3E6D29-E96B-4038-9C27-0A671E894EBB}" = protocol=17 | dir=in | app=c:\program files (x86)\webcam 7\wservice.exe |
"{9F0E7110-87E6-4A05-8DC4-73E80009F4A5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9FB781A0-F0AA-43E2-AA16-26F1027D7128}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{A7FDCA14-B385-4932-A497-3BD595EFD338}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{A8D17331-3575-4F77-99FA-131FB55503A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B646C4CA-310B-4BB3-8A7B-FC9058AFD47C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0A8C8AA-3431-4B05-A818-977D12A2374F}" = protocol=6 | dir=out | app=system |
"{CC056E48-7D41-4133-89B6-32F159F958EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6F74012-A8AE-4106-87F5-DF0B66C9E58F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8A0AC91-4A64-4F43-8FE3-16F1E56896E1}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{EB9E50EC-3711-401C-8946-73BE95A578FB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F228930F-CF5F-453F-8CB1-177552D79B20}" = protocol=6 | dir=in | app=c:\sg interactive\project blackout\pblackout.exe |
"{F4B5EC10-C8EB-4CC2-AB5D-A845733AF500}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{188CB541-05C3-4932-8F22-4AA0DEEE5FC8}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{3EE642C2-C258-44D4-82ED-9A3FCA362E6F}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"TCP Query User{743C31B7-08DA-4035-984A-9C9C60E4179B}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{F1AE29AD-2B6A-4BBF-B00C-2BF00C04691F}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{F4915D10-671F-426F-86C7-0D079B69A100}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"UDP Query User{23644F63-B8E3-46BD-A7AE-C9BA3C2E3A81}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{5C740A99-5596-4033-B49B-FA4DDD2C5D40}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"UDP Query User{7611E83F-C284-45A5-9A72-61C9AF3E5529}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"UDP Query User{8AE14652-A2D3-4D00-A5BE-CCE5DEC49C90}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"UDP Query User{DB9944DD-CD46-4349-A67C-5D1106698C89}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{794E5C90-96E5-4413-B3F5-C803205AE30C}" = Intel(R) PROSet/Wireless WiFi-Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BullGuard" = BullGuard
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1" = Minecraft PC Gamer Demo version 1.5
"{5E7A8F05-013C-44FD-B450-5434CA581098}_is1" = MicroVolts
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"1ClickDownload" = HDVidCodec
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Project Blackout" = Project Blackout
"SoftwareUpdater" = SoftwareUpdater
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.04.2013 09:07:50 | Computer Name = Floo-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description =
Error - 04.04.2013 04:14:26 | Computer Name = Floo-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description =
Error - 08.04.2013 12:21:17 | Computer Name = Floo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.0.4833,
Zeitstempel: 0x5152542c Name des fehlerhaften Moduls: xul.dll, Version: 20.0.0.4833,
Zeitstempel: 0x51525346 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000973d8 ID des fehlerhaften
Prozesses: 0x1258 Startzeit der fehlerhaften Anwendung: 0x01ce3472590f39a0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
566e4d50-a068-11e2-9eea-f93a0a620abd
Error - 08.04.2013 15:34:35 | Computer Name = Floo-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description =
Error - 10.04.2013 09:22:29 | Computer Name = Floo-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 3a4 Startzeit: 01ce35ee6df4b9a2 Endzeit: 0 Anwendungspfad: C:\Riot
Games\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: afc488de-a1e1-11e2-b351-9a3f83ad0d86
Error - 10.04.2013 09:45:22 | Computer Name = Floo-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description =
Error - 10.04.2013 10:31:00 | Computer Name = Floo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.6.0.5920,
Zeitstempel: 0x510610d1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006de2d ID des fehlerhaften
Prozesses: 0x928 Startzeit der fehlerhaften Anwendung: 0x01ce35f1ef9964b6 Pfad der
fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.0\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.0\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Berichtskennung: 43652f0a-a1eb-11e2-b351-9a3f83ad0d86
Error - 10.04.2013 17:10:34 | Computer Name = Floo-PC | Source = Application Hang | ID = 1002
Description = Programm north.exe, Version 3.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1710 Startzeit:
01ce362f2bbafc5a Endzeit: 60000 Anwendungspfad: C:\Users\Floo\AppData\Local\Temp\nse6808.tmp\north.exe
Berichts-ID:
e5e313b5-a222-11e2-baad-bd6340a7d188
Error - 11.04.2013 01:12:54 | Computer Name = Floo-PC | Source = System Restore | ID = 8193
Description =
Error - 11.04.2013 02:35:06 | Computer Name = Floo-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description =
[ System Events ]
Error - 11.04.2013 08:29:10 | Computer Name = Floo-PC | Source = ipnathlp | ID = 31004
Description =
Error - 11.04.2013 08:29:14 | Computer Name = Floo-PC | Source = ipnathlp | ID = 31004
Description =
Error - 11.04.2013 08:54:12 | Computer Name = Floo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?04.?2013 um 14:52:00 unerwartet heruntergefahren.
Error - 11.04.2013 08:54:26 | Computer Name = Floo-PC | Source = ipnathlp | ID = 31004
Description =
Error - 11.04.2013 12:46:47 | Computer Name = Floo-PC | Source = ipnathlp | ID = 31004
Description =
Error - 11.04.2013 12:46:47 | Computer Name = Floo-PC | Source = ipnathlp | ID = 31004
Description =
Error - 11.04.2013 13:14:26 | Computer Name = Floo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?04.?2013 um 19:11:51 unerwartet heruntergefahren.
Error - 11.04.2013 13:14:37 | Computer Name = Floo-PC | Source = ipnathlp | ID = 31004
Description =
Error - 11.04.2013 13:41:29 | Computer Name = Floo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?04.?2013 um 19:35:09 unerwartet heruntergefahren.
Error - 11.04.2013 13:41:39 | Computer Name = Floo-PC | Source = ipnathlp | ID = 31004
Description =
< End of report >
OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.04.2013 20:12:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Floo\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 66,91% Memory free 7,82 Gb Paging File | 6,40 Gb Available in Paging File | 81,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 657,54 Gb Total Space | 607,29 Gb Free Space | 92,36% Space Free | Partition Type: NTFS Drive D: | 38,00 Gb Total Space | 16,16 Gb Free Space | 42,52% Space Free | Partition Type: NTFS Drive E: | 7,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: FLOO-PC | User Name: Floo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.11 20:10:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Floo\Desktop\OTL.exe PRC - [2013.01.28 19:16:20 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.08.09 15:21:12 | 000,156,512 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe PRC - [2010.12.15 16:23:02 | 000,207,400 | ---- | M] (Wistron) -- C:\Program Files (x86)\Launch Manager\HotkeyApp.exe PRC - [2010.06.21 14:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WButton.exe PRC - [2009.12.11 16:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\OSD.exe PRC - [2009.10.22 18:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.08.24 17:11:59 | 000,482,656 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\Files32\SQLite.dll ========== Services (SafeList) ========== SRV - [2013.04.03 18:23:19 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.24 11:46:46 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.25 15:39:58 | 000,575,840 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire) SRV - [2013.02.25 15:39:57 | 000,289,632 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain) SRV - [2013.02.25 15:39:56 | 000,515,424 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy) SRV - [2013.02.25 15:36:37 | 000,382,304 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate) SRV - [2013.02.18 09:52:54 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe -- (SrvUpdater) SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.08.24 17:12:01 | 000,368,480 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan) SRV - [2012.08.24 17:12:00 | 000,274,784 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan) SRV - [2012.08.24 17:11:55 | 000,201,056 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner) SRV - [2012.06.14 14:33:08 | 000,071,520 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup) SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate) SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc) SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.02.04 16:34:20 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2011.02.04 16:24:24 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2011.02.04 16:19:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.22 18:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.06.20 20:13:58 | 000,038,528 | R--- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Afw.sys -- (AFW) DRV:64bit: - [2012.06.20 20:13:49 | 000,445,568 | R--- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AfwCore.sys -- (afwcore) DRV:64bit: - [2012.06.10 15:28:09 | 000,025,160 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSNetmon.sys -- (NovaShieldTDIDriver) DRV:64bit: - [2012.06.10 15:28:03 | 000,256,072 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NSKernel.sys -- (NovaShieldFilterDriver) DRV:64bit: - [2012.06.10 15:28:02 | 000,290,376 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos) DRV:64bit: - [2012.04.28 14:17:13 | 000,066,272 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdSpy.sys -- (BdSpy) DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.24 11:40:20 | 008,591,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=bee808c2-5450-430f-a6da-dd8dfd5bc212&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=bee808c2-5450-430f-a6da-dd8dfd5bc212&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=bee808c2-5450-430f-a6da-dd8dfd5bc212&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119887&babsrc=HP_ss&mntrId=82e91b28000000000000bc77370e37a7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 CC 44 4A DB 2A CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=bee808c2-5450-430f-a6da-dd8dfd5bc212&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=bee808c2-5450-430f-a6da-dd8dfd5bc212&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=bee808c2-5450-430f-a6da-dd8dfd5bc212&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119887&babsrc=SP_ss&mntrId=82e91b28000000000000bc77370e37a7 IE - HKCU\..\SearchScopes\{AC6F0F2B-BD4B-403A-AE0C-3C8C06087D29}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=85B04CA0-BA85-4CEA-92CE-D50CDC4D347F&apn_sauid=FB9CF9AE-23C8-4222-A68C-F39668862AC0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119887&babsrc=HP_ss&mntrId=82e91b28000000000000bc77370e37a7" FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.03 18:23:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin [2012.06.11 13:31:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter [2012.06.11 13:31:14 | 000,000,000 | ---D | M] [2012.10.07 12:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Floo\AppData\Roaming\mozilla\Extensions [2013.03.10 11:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Floo\AppData\Roaming\mozilla\Firefox\Profiles\4dibghn4.default\extensions [2013.02.05 17:05:25 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Floo\AppData\Roaming\mozilla\Firefox\Profiles\4dibghn4.default\extensions\toolbar@ask.com [2013.03.10 11:43:19 | 000,021,485 | ---- | M] () (No name found) -- C:\Users\Floo\AppData\Roaming\mozilla\firefox\profiles\4dibghn4.default\extensions\plugin@yontoo.com.xpi [2013.01.28 19:14:20 | 000,002,333 | ---- | M] () -- C:\Users\Floo\AppData\Roaming\mozilla\firefox\profiles\4dibghn4.default\searchplugins\askcom.xml [2013.04.03 18:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.03 18:23:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.03 18:23:19 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.09 22:34:23 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: CHR - Extension: No name found = C:\Users\Floo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: No name found = C:\Users\Floo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Floo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Floo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [BullGuard] c:\program files\bullguard ltd\bullguard\BullGuard.exe (BullGuard Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe" File not found O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programme\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programme\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3FE50A5-B2E0-41BC-9A86-50531C1C4246}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (BgGamingMonitor.dll) - C:\Windows\SysNative\BgGamingMonitor.dll (BullGuard Ltd.) O20 - AppInit_DLLs: (BgGamingMonitor.dll) - C:\Windows\SysWow64\BgGamingMonitor.dll (BullGuard Ltd.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{58024119-6ae2-11e2-a49d-f40287e6f282}\Shell - "" = AutoRun O33 - MountPoints2\{58024119-6ae2-11e2-a49d-f40287e6f282}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\{aaeeff14-3713-11e2-b9a6-ec06f891f988}\Shell - "" = AutoRun O33 - MountPoints2\{aaeeff14-3713-11e2-b9a6-ec06f891f988}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.11 20:10:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Floo\Desktop\OTL.exe [2013.04.10 15:10:50 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.10 15:10:50 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.10 15:10:49 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.04.10 15:10:49 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.04.10 15:10:49 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.04.10 15:10:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.04.10 15:10:16 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.10 15:10:12 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.10 15:10:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.10 15:10:12 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.10 15:10:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.10 15:10:12 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.10 15:10:11 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.10 15:10:04 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 15:10:03 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.10 15:10:03 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.10 15:10:02 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.10 15:10:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.10 15:10:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.09 20:48:16 | 000,000,000 | ---D | C] -- C:\Users\Floo\Desktop\musik [2013.04.03 18:23:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.30 22:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\webcam 7 [2013.03.24 11:46:46 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.24 11:46:46 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.24 11:45:33 | 000,000,000 | ---D | C] -- C:\Users\Floo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com [2013.03.24 11:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hdvidcodec.com [2013.03.23 20:41:33 | 000,000,000 | ---D | C] -- C:\Users\Floo\Documents\GTA San Andreas User Files [2013.03.21 14:31:19 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.21 14:04:55 | 000,000,000 | ---D | C] -- C:\Users\Floo\Desktop\Neuer Ordner [2013.03.21 12:52:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks [2013.03.21 12:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks [2013.03.21 12:42:43 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2013.03.21 12:42:43 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2013.03.21 12:39:52 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2013.03.21 12:39:52 | 000,000,000 | RH-D | C] -- C:\Users\Floo\AppData\Roaming\SecuROM [2013.03.21 12:39:47 | 000,000,000 | ---D | C] -- C:\Users\Floo\AppData\Local\Oblivion [2013.03.21 12:39:47 | 000,000,000 | ---D | C] -- C:\Users\Floo\Documents\My Games [1 C:\Users\Floo\Desktop\*.tmp files -> C:\Users\Floo\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.11 20:10:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Floo\Desktop\OTL.exe [2013.04.11 20:07:39 | 000,000,000 | ---- | M] () -- C:\Users\Floo\defogger_reenable [2013.04.11 20:06:25 | 000,050,477 | ---- | M] () -- C:\Users\Floo\Desktop\Defogger.exe [2013.04.11 19:48:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.11 19:48:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.11 19:41:35 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2013.04.11 19:41:30 | 000,000,480 | ---- | M] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD [2013.04.11 19:41:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.11 19:41:26 | 3148,140,544 | -HS- | M] () -- C:\hiberfil.sys [2013.04.11 19:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.11 08:02:14 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.02 10:51:12 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.02 10:51:12 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.02 10:51:12 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.02 10:51:12 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.02 10:51:12 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.01 20:21:16 | 000,067,920 | ---- | M] () -- C:\Users\Floo\Desktop\ö.jpg [2013.03.30 19:51:21 | 000,732,389 | ---- | M] () -- C:\Users\Floo\Desktop\IMG_2262.JPG [2013.03.30 19:39:02 | 000,091,171 | ---- | M] () -- C:\Users\Floo\Desktop\IMG_2107.JPG [2013.03.24 11:46:46 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.24 11:46:46 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.21 12:39:52 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2013.03.19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [1 C:\Users\Floo\Desktop\*.tmp files -> C:\Users\Floo\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.11 20:07:39 | 000,000,000 | ---- | C] () -- C:\Users\Floo\defogger_reenable [2013.04.11 20:06:25 | 000,050,477 | ---- | C] () -- C:\Users\Floo\Desktop\Defogger.exe [2013.04.11 19:41:30 | 000,000,480 | ---- | C] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD [2013.04.01 20:21:16 | 000,067,920 | ---- | C] () -- C:\Users\Floo\Desktop\ö.jpg [2013.03.30 19:55:52 | 000,732,389 | ---- | C] () -- C:\Users\Floo\Desktop\IMG_2262.JPG [2013.03.30 19:42:05 | 000,091,171 | ---- | C] () -- C:\Users\Floo\Desktop\IMG_2107.JPG [2013.03.24 11:46:50 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.10 21:20:39 | 000,877,747 | ---- | C] () -- C:\Users\Floo\AppData\Local\Tempmusic.ogg [2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.19 23:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Gmer.txt GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-11 21:54:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS547575A9E384 rev.JE4OA60A 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Floo\AppData\Local\Temp\kxldypog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075281465 2 bytes [28, 75]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752814bb 2 bytes [28, 75]
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075281465 2 bytes [28, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752814bb 2 bytes [28, 75]
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076f9f991 8 bytes {MOV EDX, 0xd03e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000076f9f99b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000076f9fa0d 8 bytes {MOV EDX, 0xd01a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 0000000076f9fa17 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000076f9fb25 8 bytes {MOV EDX, 0xd0168; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 0000000076f9fb2f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076f9fbd5 8 bytes {MOV EDX, 0xd0428; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000076f9fbdf 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076f9fc05 8 bytes {MOV EDX, 0xd0368; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000076f9fc0f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076f9fc1d 8 bytes {MOV EDX, 0xd0128; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000076f9fc27 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076f9fc35 8 bytes {MOV EDX, 0xd04e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000076f9fc3f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076f9fc65 8 bytes {MOV EDX, 0xd0528; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000076f9fc6f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076f9fce5 8 bytes {MOV EDX, 0xd04a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000076f9fcef 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076f9fcfd 8 bytes {MOV EDX, 0xd0468; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000076f9fd07 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076f9fd49 8 bytes {MOV EDX, 0xd0068; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000076f9fd53 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 0000000076f9fdad 8 bytes {MOV EDX, 0xd02e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 0000000076f9fdb7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076f9fe41 8 bytes {MOV EDX, 0xd00a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000076f9fe4b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 0000000076f9ff89 8 bytes {MOV EDX, 0xd02a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 0000000076f9ff93 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fa0099 8 bytes {MOV EDX, 0xd0028; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000076fa00a3 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000076fa0781 8 bytes {MOV EDX, 0xd0268; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 0000000076fa078b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000076fa0ffd 8 bytes {MOV EDX, 0xd01e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000076fa1007 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 0000000076fa105d 8 bytes {MOV EDX, 0xd0228; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000076fa1067 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fa10a5 8 bytes {MOV EDX, 0xd03a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000076fa10af 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fa111d 8 bytes {MOV EDX, 0xd0328; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000076fa1127 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fa1321 8 bytes {MOV EDX, 0xd00e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000076fa132b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000074df103d 5 bytes JMP 0000000100010030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000074df1072 5 bytes JMP 0000000100010070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 000000007693119f 5 bytes JMP 0000000100020030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 00000000769311cf 5 bytes JMP 0000000100020070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 00000000766d4de0 5 bytes JMP 00000001002603b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SelectObject 00000000766d4f70 5 bytes JMP 00000001002605f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000766d51a2 5 bytes JMP 00000001002608f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SetTextColor 00000000766d522d 5 bytes JMP 0000000100260a30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!DeleteObject 00000000766d5689 5 bytes JMP 00000001002601b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000766d58b3 5 bytes JMP 0000000100260170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 00000000766d6bad 5 bytes JMP 0000000100260370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SaveDC 00000000766d6e05 5 bytes JMP 0000000100260570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!RestoreDC 00000000766d6ead 5 bytes JMP 0000000100260530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 00000000766d7180 5 bytes JMP 00000001002606b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!StretchDIBits 00000000766d7435 5 bytes JMP 0000000100260770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000766d7bcc 5 bytes JMP 00000001002600b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 00000000766d7dc4 5 bytes JMP 00000001002603f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetTextAlign 00000000766d7fd5 5 bytes JMP 0000000100260d70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000766d82b2 5 bytes JMP 0000000100260e30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SetTextAlign 00000000766d8401 5 bytes JMP 00000001002609f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 00000000766d879f 5 bytes JMP 00000001002602f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 00000000766d8916 5 bytes JMP 00000001002605b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 00000000766d8b7a 5 bytes JMP 0000000100260970
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!MoveToEx 00000000766d8ee6 5 bytes JMP 0000000100260470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetFontData 00000000766d9875 5 bytes JMP 0000000100260c70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 00000000766d9936 5 bytes JMP 0000000100260d30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!Rectangle 00000000766da53a 5 bytes JMP 00000001002609b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetClipBox 00000000766daf9f 5 bytes JMP 0000000100260330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!LineTo 00000000766db9e5 5 bytes JMP 0000000100260430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SetICMMode 00000000766dbd55 5 bytes JMP 0000000100260db0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!CreateICW 00000000766dc040 5 bytes JMP 0000000100260130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 00000000766dc107 5 bytes JMP 0000000100260670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 00000000766dc269 5 bytes JMP 00000001002606f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 00000000766dd1f1 5 bytes JMP 0000000100260df0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 00000000766dd349 5 bytes JMP 0000000100260630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 00000000766ddce4 5 bytes JMP 0000000100260930
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000766de743 5 bytes JMP 00000001002600f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000766e03b7 5 bytes JMP 00000001002602b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!Escape 00000000766e1bda 5 bytes JMP 0000000100260270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 00000000766e1e89 5 bytes JMP 0000000100260cf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 00000000766e4843 5 bytes JMP 0000000100260b30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000766e5690 5 bytes JMP 0000000100260b70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!EndPage 00000000766e6bde 5 bytes JMP 0000000100260230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000766ee2db 5 bytes JMP 0000000100260ab0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 00000000766f940d 5 bytes JMP 0000000100260cb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 00000000766fc621 5 bytes JMP 0000000100260bb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 00000000766fd2b2 5 bytes JMP 0000000100260bf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 00000000766fd919 5 bytes JMP 0000000100260c30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000076703adc 5 bytes JMP 0000000100260030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000076703f29 5 bytes JMP 00000001002601f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!StartPage 000000007670401a 5 bytes JMP 0000000100260730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000076704c51 5 bytes JMP 00000001002607f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000767053fd 5 bytes JMP 0000000100260830
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000076705454 5 bytes JMP 0000000100260af0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000767054af 5 bytes JMP 0000000100260070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!EndPath 0000000076705506 5 bytes JMP 0000000100260a70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!StrokePath 000000007670573f 5 bytes JMP 00000001002607b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!FillPath 00000000767057d2 5 bytes JMP 0000000100260870
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000076705c44 5 bytes JMP 00000001002604f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000076705cd5 5 bytes JMP 00000001002604b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000076705d87 5 bytes JMP 00000001002608b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!MapWindowPoints 00000000763e8c40 5 bytes JMP 0000000100270570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 00000000763e9ebd 5 bytes JMP 00000001002702b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 00000000763f0afa 5 bytes JMP 00000001002702f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetClientRect 00000000763f0c62 7 bytes JMP 00000001002705b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetParent 00000000763f0f68 7 bytes JMP 00000001002706f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!IsWindowVisible 00000000763f112d 7 bytes JMP 00000001002706b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000763f12a5 5 bytes JMP 00000001002705f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!ScreenToClient 00000000763f227d 7 bytes JMP 0000000100270670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 00000000763f3150 7 bytes JMP 0000000100270630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!SetCursor 00000000763f41f6 5 bytes JMP 0000000100270530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 00000000763f68ef 5 bytes JMP 0000000100270270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 00000000763f77fa 5 bytes JMP 0000000100270230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetTopWindow 00000000763f7887 7 bytes JMP 0000000100270730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 00000000763f8676 5 bytes JMP 00000001002700f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 00000000763f8696 5 bytes JMP 0000000100270330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000763f8e8d 5 bytes JMP 00000001002700b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!OpenClipboard 00000000763f8ecb 5 bytes JMP 0000000100270070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 00000000763fc17b 5 bytes JMP 0000000100270430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 00000000763fc449 5 bytes JMP 00000001002701b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 00000000763fc468 5 bytes JMP 00000001002703f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 00000000763fc486 5 bytes JMP 00000001002701f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000763fc4b6 5 bytes JMP 00000001002704b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 00000000763fd6c0 5 bytes JMP 00000001002704f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 00000000763fe360 5 bytes JMP 0000000100270370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000076428e57 5 bytes JMP 0000000100270170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076429cfd 5 bytes JMP 0000000100270770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076429f1d 5 bytes JMP 0000000100270030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000076447cb9 5 bytes JMP 0000000100270130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000076448111 5 bytes JMP 0000000100270470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 000000007644832f 5 bytes JMP 00000001002703b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 0000000074af9606 5 bytes JMP 00000001002800f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 0000000074b00581 5 bytes JMP 0000000100280130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000074b00bb9 5 bytes JMP 0000000100280270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000074b00c2e 5 bytes JMP 00000001002801b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000074b00f2e 5 bytes JMP 0000000100280070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000074b01096 5 bytes JMP 00000001002800b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 0000000074b0124e 5 bytes JMP 00000001002801f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 0000000074b0129d 5 bytes JMP 0000000100280230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000074b01527 5 bytes JMP 0000000100280030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 0000000074b01590 5 bytes JMP 0000000100280170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000076530045 5 bytes JMP 0000000100290030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000765336b2 5 bytes JMP 0000000100290070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\ole32.dll!OleGetClipboard 000000007655fdcd 5 bytes JMP 00000001002900b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075281465 2 bytes [28, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752814bb 2 bytes [28, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{8864C03D-E3A2-428F-9383-42C7DDB666A4}\Connection@Name isatap.{C267F42B-6BAC-40F4-AEDA-9297F3EDC75D}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{8864C03D-E3A2-428F-9383-42C7DDB666A4}?\Device\{77B05E89-F1B9-434D-9A9F-67EEEA59DFF5}?\Device\{0863EEDD-CF3F-431F-98C2-8568F02C0656}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{8864C03D-E3A2-428F-9383-42C7DDB666A4}"?"{77B05E89-F1B9-434D-9A9F-67EEEA59DFF5}"?"{0863EEDD-CF3F-431F-98C2-8568F02C0656}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{8864C03D-E3A2-428F-9383-42C7DDB666A4}?\Device\TCPIP6TUNNEL_{77B05E89-F1B9-434D-9A9F-67EEEA59DFF5}?\Device\TCPIP6TUNNEL_{0863EEDD-CF3F-431F-98C2-8568F02C0656}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc77370e37aa
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{8864C03D-E3A2-428F-9383-42C7DDB666A4}@InterfaceName isatap.{C267F42B-6BAC-40F4-AEDA-9297F3EDC75D}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{8864C03D-E3A2-428F-9383-42C7DDB666A4}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc77370e37aa (not active ControlSet)
---- EOF - GMER 2.1 ----
Mfg, David Geändert von Terrific (11.04.2013 um 19:00 Uhr) |
|
12.04.2013, 14:11
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Problem mit Delta Search. Hallo und
__________________ Zitat:
__________________ |
|
12.04.2013, 20:14
| #3 |
| | Problem mit Delta Search. Danke für deine schnelle Antwort
__________________ Ich habe extra mal nachgeschaut. E ist tatsächlich DVD. Das Laufwerk beinhaltet momentan und zum Zeitpunkt der Infektion eine King Of Queens (Serie) DVD (Im Laden gekauft). Diese wurde soweit ich weiß auch sofort nach dem Entnehmen aus der verschweißten Packung in den Laptop eingelegt, dort vergessen und auch zweischendurch nicht hinausgenommen oder in einen anderen Rechner eingelegt. Mfg David |
|
13.04.2013, 14:54
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Problem mit Delta Search. Das ist mit ziemlicher Sicherheit ein Fehlalarm...Aber du hast ja noch den Delta-Quatsch drauf  Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Problem mit Delta Search. |
| 1clickdownload, 4d36e972-e325-11ce-bfc1-08002be10318, bingbar, bruder, bullguard, delta, deltasearch, download, explorer, firefox, folge, folgende, fund, html, install.exe, internetexplorer, laptop, launch, nachvollziehen, nicht mehr, nichts, ntdll.dll, ntopenkeyex, plug-in, problem, programm, scan, search, seite, softwareupdater, startseite, thema, tunnel, verändert, virus, werbefenster |
Linear-Darstellung
