Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung
Liste der Anhänge anzeigen (Anzahl: 2) Hallo, kam heute morgen erst nach Neuverbindung des Routers wieder ins Internet (vom Stromnetz wegnehmen allein funzte nicht). Danach hatte ich die o.a. Probleme - ob nun Zufall oder nicht.
Wenn ich zB auf Spiegel-Online, Bild oder Stern einen Link anklicke, dann erscheint neben den gewünschten Fenster auch eine zusätzliche Werbe-Seite.
Bei anderen Seiten, zB bei Google passiert das nicht.
Bin gestern abend noch auf diversen Hotel-Buchungsportalen gewesen - habe aber bewusst
nichts heruntergeladen.
Als Virenscanner habe ich Antivir, finde da aber kein besonderes Protokoll:
Im Thunderbird habe ich in letzter Zeit keine Auffälligkeiten gehabt.
Tip: ist natürlich nicht schön, weiter unten die Anhänge zu machen und dann wieder weiter oben fortzufahren, hoffentlich hat's gefunzt ... besser so? Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:04 on 26/05/2015 (alpha)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
_______________________________________________________________________________________________________
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-05-2015
Ran by alpha at 2015-05-26 19:12:41
Running from C:\Users\alpha\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2637245917-3735504695-533496390-500 - Administrator - Disabled)
alpha (S-1-5-21-2637245917-3735504695-533496390-1000 - Administrator - Enabled) => C:\Users\alpha
beta (S-1-5-21-2637245917-3735504695-533496390-1008 - Administrator - Enabled)
gamma (S-1-5-21-2637245917-3735504695-533496390-1007 - Administrator - Enabled)
Gast (S-1-5-21-2637245917-3735504695-533496390-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2637245917-3735504695-533496390-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
ALDI TALK Verbindungsassistent (HKLM\...\ALDITALKVerbindungsassistent) (Version: - ALDI TALK Verbindungsassistent)
Amazon Kindle (HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\Amazon Kindle) (Version: - Amazon)
Any Video Converter 5.7.6 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
ArcSoft ShowBiz (HKLM\...\{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}) (Version: - ArcSoft)
Audacity 1.2.0 (HKLM\...\Audacity_is1) (Version: - )
Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2218 - AVAST Software)
CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.76.0.2015 - Georgy Berdyshev)
CloneCD (HKLM\...\CloneCD) (Version: - SlySoft)
CloneDVD2 (HKLM\...\CloneDVD2) (Version: - Elaborate Bytes)
Crimson Editor (remove only) (HKLM\...\Crimson Editor) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
Dell C1765 Color MFP (HKLM\...\InstallShield_{B03A2793-A8FF-4242-B23D-88D2D5FAE56A}) (Version: 1.039.0 - Dell Inc.)
Dell C1765 Color MFP (Version: 1.039.0 - Dell Inc.) Hidden
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
Express Rip (HKLM\...\ExpressRip) (Version: 1.94 - NCH Software)
FARO LS 1.1.501.0 (HKLM\...\{8F196892-666A-4A40-8587-6AE38F78A5C2}) (Version: 5.1.0.30630 - FARO Scanner Production)
FARO LS 5.1.0.30630 (HKLM\...\FARO LS_is1) (Version: - FARO Technologies)
Filzip 3.0 (HKLM\...\Filzip 3.0.0.0_is1) (Version: 3.0.0 - Philipp Engel)
Final Surface Demo 4.0.8 (HKLM\...\{861EEB19-15EE-4715-96F9-3D217BB03FA8}_is1) (Version: - GFaI Berlin, Germany)
FotoQuelle Fotosoftware 4.14.2. (HKLM\...\FotoQuelle Fotosoftware) (Version: 4.14.2. - ORWO Net)
Free DWG Viewer 7.2 (HKLM\...\{90751489-B709-4D2F-8634-FEE00BFEC41A}) (Version: 7.2.0.51 - IGC)
Free Video Dub version 2.0.21.822 (HKLM\...\Free Video Dub_is1) (Version: 2.0.21.822 - DVDVideoSoft Ltd.)
FreeOCR v4.2 (HKLM\...\freeocr_is1) (Version: - )
Glary Undelete 5.0.1.19 (HKLM\...\Glary Undelete) (Version: 5.0.1.19 - Glarysoft Ltd)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
GSview 4.6 (HKLM\...\GSview 4.6) (Version: - )
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
Hauppauge WinTV 7 (HKLM\...\Hauppauge WinTV 7) (Version: v7.2.30237 (CD 2.6) - Hauppauge Computer Works)
ImageJ 1.46r (HKLM\...\ImageJ_is1) (Version: - NIH)
InterVideo WinDVR (HKLM\...\{CC9D60B8-B270-4AE0-8208-CCB01C42CD6A}) (Version: - )
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Kyodai (HKLM\...\Kyodai 16.00 (Full package)_is1) (Version: - )
map&guide 10 Karte Europa City (HKLM\...\map&guide 10 Karte Europa City) (Version: - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.30401.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{D9D937B0-E842-4130-9588-B948E876904A}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{9D6D76A6-4328-49E8-97A7-531A74841DA5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Visual C# 2008 Express Edition with SP1 - ENU (HKLM\...\Microsoft Visual C# 2008 Express Edition with SP1 - ENU) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (HKLM\...\Microsoft Visual C++ 2008 Express Edition with SP1 - ENU) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{044F9133-B8D7-4d11-BF39-803FA20F5C8B}) (Version: 6.1.5295.17011 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla (1.7.13) (HKLM\...\Mozilla (1.7.13)) (Version: - )
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MPEG Scissors (HKLM\...\MPEG Scissors_is1) (Version: - )
MuseScore 1.3 (HKLM\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
MyFreeCodec (HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\MyFreeCodec) (Version: - )
Nuance PaperPort 14 (HKLM\...\{08BCE67B-6305-4D8A-B749-F381E7E3DDA2}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{FC984E39-43D0-4AB2-ACC7-A7B87977B009}) (Version: 7.20.3274 - Nuance Communications, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM\...\NVIDIAStereo) (Version: 7.15.11.9038 - NVIDIA Corporation)
OpenOffice.org 3.1 (HKLM\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PhotoFiltre (HKLM\...\PhotoFiltre) (Version: - )
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
PriMus Free 1.1 (Build 10284) (HKLM\...\PriMus Free_is1) (Version: - Columbus Soft)
ProfiSchafkopf (HKLM\...\{AFE2586D-6702-47DA-8237-EB0B40F2A3B3}) (Version: 1.0.4 - CuteSoft)
Rasche`s Kartenspiele 3 (HKLM\...\Rasche`s Kartenspiele 3) (Version: - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Scansoft PDF Professional (Version: - ) Hidden
Scribus 1.4.3 (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Sokoban YASC (HKLM\...\Sokoban YASC - Yet Another Sokoban Clone_is1) (Version: - )
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
TSDoctor (HKLM\...\{F31D0373-A505-4ADC-8CB1-DE04246A6725}) (Version: 1.2.166 - Cypheros)
Ulead VideoStudio SE DVD (HKLM\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
USB2.0 Grabber (HKLM\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.002 - Youyan)
Vereinsscout (HKLM\...\Vereinsscout) (Version: 14.2.1 - Scoutsystems Software)
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
webssearches uninstall (HKLM\...\webssearches uninstall) (Version: - webssearches) <==== ATTENTION
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinSCP 5.1.2 (HKLM\...\winscp3_is1) (Version: 5.1.2 - Martin Prikryl)
XMedia Recode Version 3.1.5.3 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.5.3 - XMedia Recode)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
25-12-2014 18:59:23 Konfiguriert Dell C1765 Color MFP
25-12-2014 19:19:01 Microsoft Visual C++ 2005 Redistributable wird installiert
25-12-2014 19:19:59 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
25-12-2014 19:22:24 Windows Update
25-12-2014 19:27:44 Installed Nuance PaperPort 14.
25-12-2014 19:31:49 Installed Nuance PDF Viewer Plus.
25-12-2014 19:33:54 Installed PaperPort Image Printer.
26-12-2014 14:59:32 Install CloneCD
05-01-2015 21:50:57 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 22:04:22 TSDoctor wird installiert
11-02-2015 21:26:44 TSDoctor wird installiert
03-03-2015 17:36:15 ProfiSchafkopf wird installiert
07-04-2015 19:53:46 TSDoctor wird installiert
07-04-2015 19:58:25 TSDoctor wird installiert
17-04-2015 12:03:00 TSDoctor wird installiert
22-04-2015 18:59:23 avast! antivirus system restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {003A64EC-61A2-4D07-B5B2-B201478CB58E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-22] (Avast Software s.r.o.)
Task: {0B3BF15B-1DCD-4255-8934-C632BD3F4702} - System32\Tasks\{191CE641-D476-4A51-81D5-66811D5D743E} => C:\Program Files\PCTV Systems\TVCenter\TVCenter.exe
Task: {18D05FCF-156F-42BB-AC9A-E3F4C22BA022} - System32\Tasks\{33BDC46F-2173-4D16-9320-7D35E38D6ECC} => pcalua.exe -a C:\Users\alpha\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs1 <==== ATTENTION
Task: {582611E8-28D9-4809-8E15-8BAFDAA96D5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-23] (Google Inc.)
Task: {AF44318E-0B3D-4B65-AED3-44E5254120D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-23] (Google Inc.)
Task: {B8BE6139-CE95-41DC-872D-D410538112C4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {CDE2C523-D398-40C2-8F8E-9803552C2C1E} - System32\Tasks\{1A00003E-DD42-4A62-B66F-63FF30166DFF} => C:\Program Files\PCTV Systems\TVCenter\TVCenter.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-04-22 19:00 - 2015-04-22 19:00 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-22 19:00 - 2015-04-22 19:00 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-26 10:10 - 2015-05-26 10:10 - 02948096 _____ () C:\Program Files\AVAST Software\Avast\defs\15052600\algo.dll
2014-12-25 18:14 - 2012-06-07 17:48 - 00019968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dltfm1zPP.dll
2014-12-25 18:14 - 2013-02-01 15:55 - 12875264 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dlthm1zRC.DLL
2013-07-04 10:44 - 2013-07-04 10:44 - 00358968 _____ () C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2013-02-06 17:37 - 2013-02-06 17:37 - 00191464 _____ () C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
2013-01-16 18:08 - 2011-08-23 10:04 - 00057344 _____ () C:\Program Files\WinTV\TVServer\libhdhomerun.dll
2013-01-16 18:08 - 2012-01-16 17:12 - 00018944 _____ () C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
2014-12-25 18:13 - 2012-08-16 19:33 - 00041984 _____ () C:\Windows\system32\dltsm1zwia.dll
2010-07-04 22:32 - 2010-07-04 22:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-12-23 23:35 - 2009-05-07 09:50 - 00073728 ____R () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2012-12-23 23:35 - 2009-05-07 09:53 - 00106496 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2012-12-23 23:35 - 2008-02-14 06:57 - 00094208 ____R () C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll
2012-12-23 23:35 - 2009-09-02 02:28 - 47628288 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2010-07-04 20:51 - 2010-07-04 20:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2015-04-22 19:00 - 2015-04-22 19:00 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-05-23 15:11 - 2013-07-18 06:52 - 00036352 _____ () C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
2013-05-23 15:12 - 2013-07-23 02:00 - 17223680 _____ () C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
2013-05-23 15:11 - 2013-07-23 01:58 - 00564736 _____ () C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
2013-05-23 10:15 - 2013-07-18 06:51 - 00023040 _____ () C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
2013-05-22 20:34 - 2013-05-22 20:34 - 00057856 _____ () C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
2013-02-12 17:37 - 2002-07-30 01:03 - 00098304 _____ () C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
2013-07-04 10:44 - 2013-07-04 10:44 - 00510520 _____ () C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2012-12-26 23:19 - 2012-12-26 23:16 - 00046080 _____ () C:\Program Files\HPiotr\MSWinSl\MSWinSl.exe
2009-08-18 15:54 - 2009-08-18 15:54 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2012-12-23 21:03 - 2012-12-26 16:36 - 00058368 _____ () C:\Program Files\HPiotr\MSOffix2010\MSOffix2010.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\alpha\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{FC0EF7C5-DFD4-4585-913A-00480A815950}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{3586705B-55A5-44CA-BDAE-00E7400D6DEE}C:\program files\winscp\winscp.exe] => (Allow) C:\program files\winscp\winscp.exe
FirewallRules: [UDP Query User{9D015B41-56FE-41E2-BE62-3858C6F9839A}C:\program files\winscp\winscp.exe] => (Allow) C:\program files\winscp\winscp.exe
FirewallRules: [{C58E0582-B221-49C1-8B0B-60E1D9EE46CA}] => (Allow) LPort=1900
FirewallRules: [{6EEBE553-6E1F-4367-98C2-BD939C31E7C8}] => (Allow) LPort=2869
FirewallRules: [{75D22465-1D3F-4629-8B41-7B02B75AA2E4}] => (Allow) LPort=1900
FirewallRules: [{92CCC059-5CEC-44BC-909B-B9B62164B3BA}] => (Allow) LPort=2869
FirewallRules: [{9B0314EA-7B3D-4DAD-B92E-9B8D346EA8F9}] => (Allow) C:\Program Files\PCTV Systems\TVCenter\TVCenter.exe
FirewallRules: [{7D20D4C3-E911-4386-9F3A-190DB5ED7AFE}] => (Allow) C:\Program Files\Common Files\PCTV Systems\PVR\VideoControl.exe
FirewallRules: [{6612222F-96E7-479B-AE39-179E0EEF8832}] => (Allow) C:\Program Files\Common Files\PCTV Systems\StreamingServer\StrmServer.exe
FirewallRules: [{C375E347-556A-4D4D-AA85-DB1713D51D48}] => (Allow) LPort=1900
FirewallRules: [{C79621B7-A2A8-40EC-8306-77225752AAA4}] => (Allow) LPort=2869
FirewallRules: [{14DD4465-271E-4D9C-89B6-ADD78C3FE68E}] => (Allow) C:\Windows\ehome\ehrecvr.exe
FirewallRules: [TCP Query User{6C487D24-DC31-4834-98A8-FDF89BB419C9}C:\program files\imagej\jre\bin\javaw.exe] => (Allow) C:\program files\imagej\jre\bin\javaw.exe
FirewallRules: [UDP Query User{F2F1B931-382D-49C2-9A40-F97B46DBB8E2}C:\program files\imagej\jre\bin\javaw.exe] => (Allow) C:\program files\imagej\jre\bin\javaw.exe
FirewallRules: [TCP Query User{3B54D67A-7EFA-4EB2-80BC-5D9CAD379204}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{C0ADDA59-A119-4F49-AE47-70C645A6184A}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [{AFC477CA-7555-4B9D-B3B0-49684E7F6959}] => (Allow) C:\Program Files\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{7D4644DD-A9AA-4725-A6AF-F88A664949D8}] => (Allow) C:\Program Files\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{0EEEE83D-EE60-49BA-B902-F59CB6495BE7}] => (Allow) C:\Program Files\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{D4612235-04C1-4F4E-A60A-4AD76EB1658D}] => (Allow) C:\Program Files\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{102FDC0C-F00C-4CF5-AE29-AB617C039A9E}] => (Allow) C:\Program Files\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{9AB85B32-7E45-4F1C-B70B-44935B760177}] => (Allow) C:\Program Files\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{6BAF254C-B453-41B7-AF03-99AFED89CB78}] => (Allow) C:\Program Files\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{CD627BB3-6743-4DAA-9B0F-9044308D1709}] => (Allow) C:\Program Files\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{8AF3EF8F-63D8-4DEA-BC24-29F5942374AF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{23BFA937-4B71-4929-9082-F316A0AA14D9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A95D0535-BF1B-4BA8-B145-35AA06F1E9B1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{498476BB-0D98-4B58-BF22-0191955080AE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B7E5C42D-D0C9-4AEB-B2F2-6AEDDF85CC3D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/26/2015 11:19:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.1.5611, Zeitstempel: 0x55541a90
Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.1.5611, Zeitstempel: 0x55540a1e
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x220
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (05/26/2015 08:06:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: googleearth.exe, Version: 7.1.2.2041, Zeitstempel: 0x525310f1
Name des fehlerhaften Moduls: googleearth_free.dll, Version: 0.0.0.0, Zeitstempel: 0x525310cb
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00b5e892
ID des fehlerhaften Prozesses: 0x1da4
Startzeit der fehlerhaften Anwendung: 0xgoogleearth.exe0
Pfad der fehlerhaften Anwendung: googleearth.exe1
Pfad des fehlerhaften Moduls: googleearth.exe2
Berichtskennung: googleearth.exe3
Error: (05/25/2015 05:32:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 14dc
Startzeit: 01d09638b38be4f5
Endzeit: 16
Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe
Berichts-ID: 9ffb1fb1-02fb-11e5-9af6-002522a3b3ce
Error: (05/24/2015 04:41:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 12d4
Startzeit: 01d09579936b66c3
Endzeit: 14
Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe
Berichts-ID: 5371808d-022b-11e5-9af6-002522a3b3ce
Error: (05/23/2015 05:41:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1750
Startzeit: 01d0952c152acd8f
Endzeit: 24
Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe
Berichts-ID: 88bdd972-016a-11e5-9af6-002522a3b3ce
Error: (05/22/2015 06:08:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 15a0
Startzeit: 01d0901f4bb90c5c
Endzeit: 237
Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe
Berichts-ID: 21518198-00a5-11e5-860b-002522a3b3ce
Error: (05/16/2015 08:34:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm PhotoFiltre.exe, Version 6.3.1.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 70
Startzeit: 01d0900f09ab350e
Endzeit: 32
Anwendungspfad: C:\Program Files\PhotoFiltre\PhotoFiltre.exe
Berichts-ID:
Error: (05/12/2015 09:03:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1898
Startzeit: 01d08ca335a7640b
Endzeit: 831
Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe
Berichts-ID: e6f4f83b-f8e1-11e4-9008-002522a3b3ce
Error: (05/11/2015 11:00:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f64
Startzeit: 01d08c3053343ebd
Endzeit: 17
Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe
Berichts-ID: 259794bf-f829-11e4-9008-002522a3b3ce
Error: (05/11/2015 08:14:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e68
Startzeit: 01d08a8d0e924226
Endzeit: 1147
Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe
Berichts-ID: edbb3b24-f811-11e4-9008-002522a3b3ce
System errors:
=============
Error: (05/26/2015 07:09:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/26/2015 07:08:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/26/2015 07:07:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (05/26/2015 07:07:06 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/26/2015 07:05:12 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
Error: (05/26/2015 09:27:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/26/2015 09:26:06 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (05/26/2015 09:26:00 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/26/2015 09:23:25 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
Error: (05/26/2015 09:23:10 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Microsoft Office:
=========================
Error: (05/26/2015 11:19:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.1.561155541a90mozalloc.dll38.0.1.561155540a1e8000000300001aa122001d0979489fcad08C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllb1d253cf-0390-11e5-b356-002522a3b3ce
Error: (05/26/2015 08:06:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: googleearth.exe7.1.2.2041525310f1googleearth_free.dll0.0.0.0525310cbc000040900b5e8921da401d0972517a9f125C:\Program Files\Google\Google Earth\client\googleearth.exeC:\Program Files\Google\Google Earth\client\googleearth_free.dllac6b2396-0375-11e5-9af6-002522a3b3ce
Error: (05/25/2015 05:32:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.014dc01d09638b38be4f516C:\Program Files\RaschesSpiele3\RasCard3_0.exe9ffb1fb1-02fb-11e5-9af6-002522a3b3ce
Error: (05/24/2015 04:41:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.012d401d09579936b66c314C:\Program Files\RaschesSpiele3\RasCard3_0.exe5371808d-022b-11e5-9af6-002522a3b3ce
Error: (05/23/2015 05:41:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.0175001d0952c152acd8f24C:\Program Files\RaschesSpiele3\RasCard3_0.exe88bdd972-016a-11e5-9af6-002522a3b3ce
Error: (05/22/2015 06:08:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.015a001d0901f4bb90c5c237C:\Program Files\RaschesSpiele3\RasCard3_0.exe21518198-00a5-11e5-860b-002522a3b3ce
Error: (05/16/2015 08:34:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: PhotoFiltre.exe6.3.1.07001d0900f09ab350e32C:\Program Files\PhotoFiltre\PhotoFiltre.exe
Error: (05/12/2015 09:03:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.0189801d08ca335a7640b831C:\Program Files\RaschesSpiele3\RasCard3_0.exee6f4f83b-f8e1-11e4-9008-002522a3b3ce
Error: (05/11/2015 11:00:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.0f6401d08c3053343ebd17C:\Program Files\RaschesSpiele3\RasCard3_0.exe259794bf-f829-11e4-9008-002522a3b3ce
Error: (05/11/2015 08:14:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.0e6801d08a8d0e9242261147C:\Program Files\RaschesSpiele3\RasCard3_0.exeedbb3b24-f811-11e4-9008-002522a3b3ce
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 220 Processor
Percentage of memory in use: 40%
Total physical RAM: 3327.3 MB
Available physical RAM: 1984.59 MB
Total Pagefile: 6652.89 MB
Available Pagefile: 5204.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.41 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:156.25 GB) (Free:23.74 GB) NTFS
Drive u: (U_ser) (Fixed) (Total:244.14 GB) (Free:116.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive v: (V_ip) (Fixed) (Total:65.37 GB) (Free:4.86 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 96854552)
Partition 1: (Not Active) - (Size=156.2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=65.4 GB) - (Type=07 NTFS)
==================== End of log ============================
________________________________________________________________________________________________________
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-05-2015
Ran by alpha (administrator) on GRIZZLY on 26-05-2015 19:11:59
Running from C:\Users\alpha\Downloads
Loaded Profiles: alpha (Available Profiles: alpha)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
() C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
(Hauppauge Computer Works, Inc) C:\Program Files\WinTV\Extend\WinTVExtender.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(XTab system) C:\Program Files\XTab\ProtectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dell Inc.) C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1pl.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDFViewer\PdfPro7Hook.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
(PCTV Systems S.à r.l.) C:\Program Files\Common Files\PCTV Systems\RemoTerm\remoterm.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files\Samsung\Kies\KiesAirMessage.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
(InterVideo Inc.) C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
() C:\Program Files\HPiotr\MSWinSl\MSWinSl.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
() C:\Program Files\HPiotr\MSOffix2010\MSOffix2010.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [UVS10 Preload] => C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-10] (Ulead Systems, Inc.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1681408 2009-09-21] (VIA)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [LauncherC1765nf] => C:\Program Files\Dell Printers\Printer SSW\Launcher\dlm1launcher.exe [2471928 2013-08-13] (Dell Inc.)
HKLM\...\Run: [StatusAutoRunC1765nf] => C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1pl.exe [3024360 2013-02-06] (Dell Inc.)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [36168 2013-05-29] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [18248 2013-05-29] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort14reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [330056 2013-03-14] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFProHook] => C:\Program Files\Nuance\PDFViewer\pdfpro7hook.exe [641864 2013-03-20] (Nuance Communications, Inc.)
HKLM\...\Run: [CloneCDTray] => C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [57344 2004-12-09] (SlySoft, Inc.)
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\Run: [RemoTerm.exe] => C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe [227200 2012-06-06] (PCTV Systems S.à r.l.)
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics)
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\MountPoints2: {2ad831f8-e489-11e2-b698-002522a3b3ce} - F:\AutoRun.exe
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\MountPoints2: {2ad831fd-e489-11e2-b698-002522a3b3ce} - F:\AutoRun.exe
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\MountPoints2: {e89fa41a-77b8-11e2-9f9d-002522a3b3ce} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2013-01-16]
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk [2012-12-23]
ShortcutTarget: InterVideo WinCinema Manager.lnk -> C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinScheduler.lnk [2012-12-23]
ShortcutTarget: InterVideo WinScheduler.lnk -> C:\Program Files\InterVideo\WinDVR\WinScheduler.exe (InterVideo Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk [2013-07-04]
ShortcutTarget: Launcher.lnk -> C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk [2013-01-16]
ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\alpha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSOffix2010_Reminder.lnk [2012-12-26]
ShortcutTarget: MSOffix2010_Reminder.lnk -> C:\Program Files\HPiotr\MSOffix2010_Reminder\MSOffix2010_Reminder.exe ()
Startup: C:\Users\alpha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSWinSl.lnk [2012-12-26]
ShortcutTarget: MSWinSl.lnk -> C:\Program Files\HPiotr\MSWinSl\MSWinSl.exe ()
Startup: C:\Users\alpha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2012-12-23]
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-22] (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91&q={searchTerms}
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ef0745b4-bdad-bf5e-5d29-9aa18ace4082&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=04/03/2014&type=hp1000
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91&q={searchTerms}
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ef0745b4-bdad-bf5e-5d29-9aa18ace4082&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=04/03/2014&type=hp1000
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03203&utm_campaign=install_ie&utm_content=ds&from=wpm03203&uid=395049983_1052515_F4F8DD91&ts=1426844859&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP3A02F2EF-6CB4-47FB-9AEE-985BF84EC088&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03203&utm_campaign=install_ie&utm_content=ds&from=wpm03203&uid=395049983_1052515_F4F8DD91&ts=1426844859&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03203&utm_campaign=install_ie&utm_content=ds&from=wpm03203&uid=395049983_1052515_F4F8DD91&ts=1426844859&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03203&utm_campaign=install_ie&utm_content=ds&from=wpm03203&uid=395049983_1052515_F4F8DD91&ts=1426844859&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03203&utm_campaign=install_ie&utm_content=ds&from=wpm03203&uid=395049983_1052515_F4F8DD91&ts=1426844859&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03203&utm_campaign=install_ie&utm_content=ds&from=wpm03203&uid=395049983_1052515_F4F8DD91&ts=1426844859&type=default&q={searchTerms}
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\XTab\SupTab.dll [2015-03-20] (Thinknice Co. Limited)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDFViewer\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-22] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{7C3417E8-24A8-43E5-A023-C40B1609E793}: [NameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91
FireFox:
========
FF ProfilePath: C:\Users\alpha\AppData\Roaming\Mozilla\Firefox\Profiles\mfyfgikt.default-1427573157077
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll [2008-03-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDFViewer\bin\nppdf.dll [2011-07-15] (Zeon Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\webssearches.xml [2015-01-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-23]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\alpha\AppData\Roaming\Mozilla\Firefox\Profiles\yjkweciu.default\extensions\faststartff@gmail.com
FF HKLM\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\alpha\AppData\Roaming\Mozilla\Firefox\Profiles\yjkweciu.default\extensions\searchengine@gmail.com
FF HKLM\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\alpha\AppData\Roaming\Mozilla\Firefox\Profiles\yjkweciu.default\extensions\istart_ffnt@gmail.com
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2013-07-04] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-22] (Avast Software)
R2 DLNBDB; C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe [191464 2013-02-06] ()
R2 Hauppauge WinTV Extender; C:\Program Files\WinTV\Extend\WinTVExtender.exe [71680 2012-05-31] (Hauppauge Computer Works, Inc) []
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [577536 2012-08-24] (Hauppauge Computer Works) []
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158816 2015-03-20] (XTab system)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-05-29] (Nuance Communications, Inc.)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-29] (Ulead Systems, Inc.) []
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [499200 2015-03-28] () [] <==== ATTENTION
S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 sppsvc; %SystemRoot%\system32\sppsvc.exe [X]
S4 sppuinotify; %SystemRoot%\system32\sppuinotify.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) []
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-22] ()
S3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [44544 2009-08-24] (AzureWave Technologies, Inc.)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [26240 2004-08-31] (SlySoft, Inc.) []
R2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [9856 2004-07-21] (Elaborate Bytes AG) []
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [3968 2004-06-08] (Elaborate Bytes AG) []
R3 hcwD1capture; C:\Windows\System32\DRIVERS\hcwD1cap.sys [197488 2012-06-04] (Hauppauge Computer Works, Inc.)
S3 hcwD1encoder; C:\Windows\System32\DRIVERS\hcwD1xcd.sys [8582512 2012-06-04] (ViXS Systems Inc.)
S3 PCTVStargate; C:\Windows\System32\DRIVERS\Stargate.sys [122240 2009-10-20] (Hauppauge Computer Works! )
R3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-13] (NXP Semiconductors)
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2012-12-23] (Duplex Secure Ltd.)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1521544 2010-04-16] (Syntek)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-22] (Avast Software)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-23] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-23] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-23] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\System32\DRIVERS\vpcuxd.sys [12800 2009-09-23] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [294912 2009-09-23] (Microsoft Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [151552 2011-10-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [192000 2011-10-20] (VIA Technologies, Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () []
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-26 19:11 - 2015-05-26 19:12 - 00022483 _____ () C:\Users\alpha\Downloads\FRST.txt
2015-05-26 19:11 - 2015-05-26 19:12 - 00000000 ____D () C:\FRST
2015-05-26 19:10 - 2015-05-26 19:10 - 01147392 _____ (Farbar) C:\Users\alpha\Downloads\FRST.exe
2015-05-26 19:01 - 2015-05-26 19:04 - 00000582 _____ () C:\Users\alpha\Downloads\defogger_disable.log
2015-05-26 19:01 - 2015-05-26 19:04 - 00000176 _____ () C:\Users\alpha\defogger_reenable
2015-05-26 19:00 - 2015-05-26 19:00 - 00050477 _____ () C:\Users\alpha\Downloads\Defogger.exe
2015-05-26 18:59 - 2015-05-26 18:59 - 00668711 _____ () C:\Users\alpha\Downloads\MacKeeper.pkg
2015-05-20 18:06 - 2015-05-23 08:43 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-05-18 19:29 - 2015-05-18 19:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-12 21:30 - 2015-05-12 21:30 - 00000000 ____D () C:\Users\alpha\Tracing
2015-05-01 11:43 - 2015-05-01 11:43 - 00001763 _____ () C:\Users\alpha\Downloads\ESt_1_A_2014.xml
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-26 19:10 - 2012-12-23 17:10 - 01594194 _____ () C:\Windows\WindowsUpdate.log
2015-05-26 19:06 - 2012-12-23 23:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-26 19:06 - 2012-12-23 20:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-26 19:05 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-26 19:05 - 2009-07-14 05:39 - 02467604 _____ () C:\Windows\setupact.log
2015-05-26 19:02 - 2012-12-23 20:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-26 19:01 - 2012-12-23 17:10 - 00000000 ____D () C:\Users\alpha
2015-05-26 18:37 - 2013-07-30 13:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-26 09:24 - 2013-01-16 21:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-24 12:25 - 2012-12-23 17:13 - 01794430 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-22 23:13 - 2013-07-30 13:23 - 00000000 ____D () C:\Users\alpha\AppData\Roaming\vlc
2015-05-20 23:06 - 2012-12-23 21:36 - 00000000 ____D () C:\Users\alpha\AppData\Roaming\Skype
2015-05-17 11:45 - 2014-12-25 19:29 - 00000000 ____D () C:\Users\alpha\AppData\Roaming\.oit
2015-05-17 08:42 - 2014-12-25 22:11 - 00000000 _____ () C:\sparkraw.log
2015-05-16 18:56 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-16 18:46 - 2015-01-03 15:39 - 00000000 ____D () C:\Users\alpha\AppData\Roaming\Swiftdata
2015-05-12 21:30 - 2014-10-13 21:30 - 00000000 ___RD () C:\Program Files\Skype
2015-05-12 21:30 - 2012-12-23 21:36 - 00000000 ____D () C:\ProgramData\Skype
2015-05-01 12:22 - 2012-12-23 20:50 - 00000000 ____D () C:\Users\alpha\Documents\Visual Studio 2008
2015-04-27 20:43 - 2012-12-23 18:50 - 00000600 _____ () C:\Users\alpha\AppData\Roaming\winscp.rnd
==================== Files in the root of some directories =======
2012-12-23 18:50 - 2015-04-27 20:43 - 0000600 _____ () C:\Users\alpha\AppData\Roaming\winscp.rnd
2013-07-26 17:02 - 2013-08-18 19:32 - 0007680 _____ () C:\Users\alpha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-26 22:02 - 2012-12-26 22:44 - 0007598 _____ () C:\Users\alpha\AppData\Local\Resmon.ResmonCfg
Files to move or delete:
====================
C:\Users\alpha\DeepBurner19.exe
Some files in TEMP:
====================
C:\Users\alpha\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-20 15:29
==================== End of log ============================
______________________________________________________________________________________________
GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-26 20:32:45
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000064 ST350041 rev.JC4B 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\alpha\AppData\Local\Temp\pwtdqpow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x9126EACC]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x9132B2F0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x9126F5AA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x9127B67A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x9127B6C6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x9127B860]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x9127B5E8]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x9132B6CA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x9127B630]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x9132B95A]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x9132BA44]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x9127B81A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x91270398]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x9126EB32]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwDuplicateObject [0x9132BB48]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x9132B3C8]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwLoadDriver [0x91328762]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x9132B7AA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x9126EB98]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x91273FE0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x91270EDC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x9127B6A4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x9127B6E8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x9127B884]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x9127B60E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x912734E2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x9127B798]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x9127B658]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x912738CE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x9127B83E]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x9132B548]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x91270CF4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x91270A02]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x9126EBFE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x9126EC64]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x9132B8A6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x9126E7B8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x9126E98A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x9126E918]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x91270562]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x912706C4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x9126EA12]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x9132B616]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x912701F2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x91328792]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x9126ECCA]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x9132B47A]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 82E58339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E91D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82E98DC0 4 Bytes [CC, EA, 26, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82E98DE8 4 Bytes [F0, B2, 32, 91] {MOV DL, 0x32; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82E98E48 4 Bytes [AA, F5, 26, 91] {STOSB ; CMC ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82E98E9C 8 Bytes [7A, B6, 27, 91, C6, B6, 27, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82E98EA8 4 Bytes [60, B8, 27, 91]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8305426D 4 Bytes CALL 912715C3 \SystemRoot\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8306E02C 4 Bytes CALL 912715D9 \SystemRoot\system32\drivers\aswSnx.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1224] kernel32.dll!SetUnhandledExceptionFilter 77DA3D01 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1396] kernel32.dll!SetUnhandledExceptionFilter 77DA3D01 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtCreateFile + 6 77C455CE 4 Bytes [28, D0, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtCreateFile + B 77C455D3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtCreateKey + 6 77C4560E 4 Bytes [68, D1, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtCreateKey + B 77C45613 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtCreateMutant + 6 77C4564E 4 Bytes [68, D2, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtCreateMutant + B 77C45653 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtCreateSection + 6 77C456EE 4 Bytes [A8, D2, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtCreateSection + B 77C456F3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtMapViewOfSection + B 77C45C33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenFile + 6 77C45CDE 4 Bytes [68, D0, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenFile + B 77C45CE3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenKey + 6 77C45D0E 4 Bytes [A8, D1, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenKey + B 77C45D13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenKeyEx + B 77C45D23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenMutant + 6 77C45D5E 4 Bytes [28, D2, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenMutant + B 77C45D63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenProcess + 6 77C45D8E 4 Bytes [68, D3, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenProcess + B 77C45D93 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenProcessToken + 6 77C45D9E 4 Bytes [A8, D3, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenProcessToken + B 77C45DA3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenProcessTokenEx + 6 77C45DAE 4 Bytes [68, D4, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenProcessTokenEx + B 77C45DB3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenSection + B 77C45DD3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenThread + 6 77C45E0E 4 Bytes [28, D3, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenThread + B 77C45E13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenThreadToken + 6 77C45E1E 4 Bytes [28, D4, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenThreadToken + B 77C45E23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenThreadTokenEx + 6 77C45E2E 4 Bytes [A8, D4, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtOpenThreadTokenEx + B 77C45E33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtQueryAttributesFile + 6 77C45F3E 4 Bytes [A8, D0, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtQueryAttributesFile + B 77C45F43 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtQueryFullAttributesFile + B 77C45FF3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtSetInformationFile + 6 77C4663E 4 Bytes [28, D1, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtSetInformationFile + B 77C46643 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtSetInformationThread + B 77C466A3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtUnmapViewOfSection + 6 77C469BE 4 Bytes [28, D5, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ntdll.dll!NtUnmapViewOfSection + B 77C469C3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] kernel32.dll!CreateProcessW 77D5204D 5 Bytes JMP 00180030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] kernel32.dll!CreateProcessA 77D52082 5 Bytes JMP 00180070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!DeleteObject 76245F14 5 Bytes JMP 003A01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SelectObject 76246640 5 Bytes JMP 003A05F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SetTextColor 76246906 5 Bytes JMP 003A0A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SetBkMode 762469B1 5 Bytes JMP 003A08F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!DeleteDC 76246EAA 5 Bytes JMP 003A0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetDeviceCaps 76246F7F 5 Bytes JMP 003A03B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!ExtSelectClipRgn 76247114 5 Bytes JMP 003A02F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SelectClipRgn 76247242 5 Bytes JMP 003A05B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SetStretchBltMode 76247705 5 Bytes JMP 003A06B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetCurrentObject 76247917 5 Bytes JMP 003A0370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetTextMetricsW 76247B8F 5 Bytes JMP 003A0E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetTextAlign 76247DAF 5 Bytes JMP 003A0D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!IntersectClipRect 76247DFE 5 Bytes JMP 003A03F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!ExtTextOutW 76248192 5 Bytes JMP 003A0970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SetTextAlign 7624828E 5 Bytes JMP 003A09F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetClipBox 76248525 5 Bytes JMP 003A0330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!MoveToEx 76248C21 5 Bytes JMP 003A0470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!StretchDIBits 7624A53E 5 Bytes JMP 003A0770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!RestoreDC 7624A67B 5 Bytes JMP 003A0530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SaveDC 7624A74B 5 Bytes JMP 003A0570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetTextExtentPoint32W 7624B4B5 5 Bytes JMP 003A0670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetTextFaceW 7624B73A 2 Bytes JMP 003A0D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetTextFaceW + 3 7624B73D 2 Bytes [15, 8A]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetFontData 7624BCC4 5 Bytes JMP 003A0C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SetWorldTransform 7624C90A 5 Bytes JMP 003A06F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!CreateDCA 7624CCA9 5 Bytes JMP 003A00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!CreateDCW 7624CF79 5 Bytes JMP 003A00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!CreateICW 7624CFD0 5 Bytes JMP 003A0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetTextMetricsA 7624D0F2 5 Bytes JMP 003A0DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!Rectangle 7624F1FF 5 Bytes JMP 003A09B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!LineTo 7624F59B 5 Bytes JMP 003A0430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SetICMMode 7624FAA4 5 Bytes JMP 003A0DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!ExtTextOutA 762503F9 5 Bytes JMP 003A0930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetTextExtentPoint32A 762507B0 5 Bytes JMP 003A0630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!ExtEscape 76252949 5 Bytes JMP 003A02B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!Escape 76253939 5 Bytes JMP 003A0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetTextFaceA 76253E6A 5 Bytes JMP 003A0CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SetPolyFillMode 7625D851 5 Bytes JMP 003A0B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SetMiterLimit 7625DA0D 5 Bytes JMP 003A0B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!EndPage 762600D7 5 Bytes JMP 003A0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!ResetDCW 7626050D 5 Bytes JMP 003A0AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!GetGlyphOutlineW 7626C1BA 5 Bytes JMP 003A0CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!CreateScalableFontResourceW 7626E817 5 Bytes JMP 003A0BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!AddFontResourceW 7626EC13 5 Bytes JMP 003A0BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!RemoveFontResourceW 7626F109 5 Bytes JMP 003A0C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!AbortDoc 76274C63 5 Bytes JMP 003A0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!EndDoc 762750AA 5 Bytes JMP 003A01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!StartPage 76275195 5 Bytes JMP 003A0730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!StartDocW 76275BB0 5 Bytes JMP 003A07F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!BeginPath 7627635D 5 Bytes JMP 003A0830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!SelectClipPath 762763B4 5 Bytes JMP 003A0AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!CloseFigure 7627640F 5 Bytes JMP 003A0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!EndPath 76276466 5 Bytes JMP 003A0A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!StrokePath 76276699 5 Bytes JMP 003A07B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!FillPath 76276726 5 Bytes JMP 003A0870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!PolylineTo 76276B94 5 Bytes JMP 003A04F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!PolyBezierTo 76276C25 5 Bytes JMP 003A04B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] GDI32.dll!PolyDraw 76276CD7 5 Bytes JMP 003A08B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!ActivateKeyboardLayout 77138203 5 Bytes JMP 003B04F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!ScreenToClient 7713A506 7 Bytes JMP 003B0670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!RegisterClipboardFormatA 7713C091 5 Bytes JMP 003B02F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!RegisterClipboardFormatW 7713DF8D 5 Bytes JMP 003B02B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!SetCursor 77143075 5 Bytes JMP 003B0530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!MonitorFromWindow 77143622 7 Bytes JMP 003B0630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!PostMessageW 7714447B 5 Bytes JMP 003B05F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!IsWindowVisible 77144D69 7 Bytes JMP 003B06B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetClientRect 771454DD 7 Bytes JMP 003B05B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!MapWindowPoints 77145CAA 5 Bytes JMP 003B0570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetParent 77146029 7 Bytes JMP 003B06F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!EmptyClipboard 7715290C 5 Bytes JMP 003B0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!SetClipboardData 77152962 5 Bytes JMP 003B0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetClipboardData 77152BA7 5 Bytes JMP 003B0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetClipboardFormatNameW 77155FD2 5 Bytes JMP 003B0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!SetClipboardViewer 77156FF6 5 Bytes JMP 003B04B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetClipboardFormatNameA 7715700A 5 Bytes JMP 003B0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!ChangeClipboardChain 7716147C 5 Bytes JMP 003B0430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetTopWindow 771624D9 7 Bytes JMP 003B0730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!CloseClipboard 7716446C 5 Bytes JMP 003B00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!OpenClipboard 7716447E 5 Bytes JMP 003B0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!IsClipboardFormatAvailable 771644FF 5 Bytes JMP 003B00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetClipboardSequenceNumber 77164513 5 Bytes JMP 003B0330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetClipboardOwner 77164525 5 Bytes JMP 003B0370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!CountClipboardFormats 7716470A 5 Bytes JMP 003B01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!EnumClipboardFormats 771647EC 5 Bytes JMP 003B01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetOpenClipboardWindow 7716480B 5 Bytes JMP 003B03F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!SetCursorPos 7717C1B0 5 Bytes JMP 003B0770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetClipboardViewer 77194AF7 5 Bytes JMP 003B0470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] USER32.dll!GetPriorityClipboardFormat 77194BF9 5 Bytes JMP 003B03B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ole32.dll!OleSetClipboard 762F0045 5 Bytes JMP 003C0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ole32.dll!OleIsCurrentClipboard 762F36B2 5 Bytes JMP 003C0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe[1436] ole32.dll!OleGetClipboard 7631FDCD 5 Bytes JMP 003C00B0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1552] ntdll.dll!LdrLoadDll 77C622B8 3 Bytes JMP 7351901C C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1552] ntdll.dll!LdrLoadDll + 4 77C622BC 1 Byte [FB]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1552] USER32.dll!RegisterMessagePumpHook + 2F1 77138B9E 7 Bytes JMP 583F5A20 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1552] USER32.dll!IsDialogMessageW + 340 77144444 7 Bytes JMP 583F5AF5 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1552] USER32.dll!GetWindowInfo 77144B5E 5 Bytes JMP 583F7DAF C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1552] USER32.dll!ToUnicodeEx + 71 77152223 7 Bytes JMP 583F63D0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3664] ntdll.dll!DbgBreakPoint 77C340F0 1 Byte [C3]
.text C:\Windows\Explorer.EXE[3708] SHELL32.dll!SHFileOperationW 764496F6 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!NtCreateFile 77C455C8 5 Bytes JMP 577F9BE7 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!NtFlushBuffersFile 77C45958 5 Bytes JMP 577F99A6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!NtQueryFullAttributesFile 77C45FE8 5 Bytes JMP 577F9ADA C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!NtReadFile 77C462B8 5 Bytes JMP 577F99E0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!NtReadFileScatter 77C462C8 5 Bytes JMP 57B09DF5 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!NtWriteFile 77C46A68 5 Bytes JMP 577F9D33 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!NtWriteFileGather 77C46A78 5 Bytes JMP 57B09E45 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!LdrUnloadDll 77C5C8DE 5 Bytes JMP 000E03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!LdrLoadDll 77C622B8 3 Bytes JMP 7351901C C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] ntdll.dll!LdrLoadDll + 4 77C622BC 1 Byte [FB]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 77D98996 7 Bytes JMP 57AF526B C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] KERNEL32.dll!GetEnvironmentStringsA + 11 77DA2FB1 7 Bytes JMP 57AF6A29 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] KERNEL32.dll!BaseThreadInitThunk + C9 77DA3CFC 7 Bytes JMP 578A4308 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] user32.dll!GetWindowInfo 77144B5E 5 Bytes JMP 57871E07 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5812] GDI32.dll!GetViewportOrgEx + 26C 7624884B 7 Bytes JMP 57AF3A49 C:\Program Files\Mozilla Firefox\xul.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1A 0xB3 0xB2 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFE 0x94 0xB0 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x84 0x6F 0xA6 0x54 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1A 0xB3 0xB2 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFE 0x94 0xB0 0x85 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x84 0x6F 0xA6 0x54 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 2.1 ----
--- --- ---
=================================================================================
|
Lesestoff:
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
dann auf 
und dann auf 
.