| |
| |||||||
Log-Analyse und Auswertung: Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
26.04.2014, 03:02
| #1 |
| |  Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert Sehr geehrtes Malwareteam, vor zwei Tagen wollte ich per online-banking eine Überweisung tätigen und war überrascht das ich nach dem Einloggen via web interface nicht direkt zur Startseite des online-bankings kam. Statt dessen erschien ein Ladebalken und kurz darauf die Aufforderung die mir per SMS zugesandte TAN-Nummer einzugeben um auf mein online-banking zugreifen zu können (ich erhielt tatsächlich eine SMS wie ich es vom mTAN-Verfahren gewohnt bin, allerdings mit einer spanischen IBAN-Nummer und einem ziemlich hohen Betrag). Ich gab nichts ein, schloss den Tab und meldete mich erneut an, mit gleichem Ergebnis. Auch die SMS erhielt ich ein zweites Mal. Ich gab wiederholt nichts ein und wartete auf den nächsten Tag um mit meiner Bank zu sprechen. Diese empfahl mir mein Antivirenprogramm durchlaufen zu lassen da sie Malware vermuteten. Die Avast-Überprüfung hatte einen Eintrag als Ergebnis, ich klickte auf 'Löschen'. Avast empfahl mir eine Startüberprüfung durchlaufen zu lassen, was ich dann heute machen wollte. Nach dem Neustart begann allerdings nicht wie gewohnt die Überprüfung sondern Windows fuhr einfach ganz normal hoch. Nachdem ich mich angemeldet hatte stellte ich fest das Avast nicht automatisch gestartet war. Beim Versuch es aus dem Startmenü zu starten erhielt ich dann die Meldung das Avast durch Gruppenrichtlinien blockiert ist und ich den Administrator kontaktieren soll. Durch kurze Suche bei google stieß ich dann auf Euer Forum in dem kürzlich ein ähnliches Problem behandelt wurde (http://www.trojaner-board.de/151511-...ockiert-2.html). Ich habe defogger, FRST und GMER wie von Euch beschrieben durchlaufen lassen. Gmer verursachte bei ersten Versuch einen Bluescreen, nachdem ich das Häckchen bei 'Devices' entfernt hatte lief es problemlos durch. Ein Logfile von Avast hätte ich gerne mitgeschickt, aber leider lässt sich das Programm nicht öffnen... Das von GMER habe ich gezippt, da es mit 100kb zu groß war. Ich hoffe das ist in Ordnung. Ich würde mich freuen wenn Ihr auch mir weiterhelfen könntet. Mit besten Grüßen, Andreas |
|
26.04.2014, 06:51
| #2 |
| /// the machine /// TB-Ausbilder    | Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
26.04.2014, 14:50
| #3 |
| | Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert Ok schrauber, kein Problem.
__________________ Ich hatte bedenken die Logs auf zwei Posts aufzuteilen weil in den Richtlinien steht das man nicht auf seinen eigenen Thread antworten soll, weil andere sonst glauben dass das Problem schon von jemandem bearbeitet wird. ^^ defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:51 on 26/04/2014 (An-D)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-04-2014
Ran by An-D (administrator) on NBAB on 26-04-2014 00:58:43
Running from C:\Users\An-D\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Syntek America Inc.) C:\Windows\System32\StkCSrv.exe
() C:\Program Files\Verbindungsassistent\WTGService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\An-D\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\An-D\Desktop\Defogger.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-07-22] (Intel Corporation)
HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC)
HKLM\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4858968 2014-01-22] (AVAST Software)
HKLM\...\Run: [pdfFactory Pro Dispatcher v3] => C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe [614400 2009-12-15] (FinePrint Software, LLC)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1641896 2013-06-07] (Valve Corporation)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [HumanizedEnso] => C:\Users\An-D\AppData\Local\HumanizedEnso\Enso.exe [117232 2008-01-14] ()
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify Web Helper] => C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-26] (Spotify Ltd)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Google Update] => C:\Users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-10] (Google Inc.)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify] => C:\Users\An-D\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-26] (Spotify Ltd)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [pmsqql] => regsvr32.exe "C:\ProgramData\pmsqql.dat"
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: G - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {09e26436-1893-11de-923a-002269c9ea11} - p.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {14c6265b-2de9-11df-93f1-002269c9ea11} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {1eb03993-d1b4-11e2-9b9d-00059a3c7800} - G:\Menu.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {3a67534b-4d29-11df-aba7-00059a3c7800} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sandisk.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {5c904384-c91e-11df-80c1-00059a3c7800} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {6a97e9da-dfd2-11de-92ca-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\usb_tools.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {6a97ea13-dfd2-11de-92ca-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\sandisk.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {6a97ea16-dfd2-11de-92ca-002269c9ea11} - G:\LaunchU3.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {6a97eb62-dfd2-11de-92ca-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sandisk.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {6c6a0691-dcb2-11dd-a6a8-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\RECYCLER\S-0-2-53-100022423-100008186-100022374-7694.com l:\
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {745e0bc4-f936-11de-9b78-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\u3_sandisk.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {745e0bd0-f936-11de-9b78-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {745e0bed-f936-11de-9b78-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\usb_tools.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {745e0c2e-f936-11de-9b78-00059a3c7800} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\kingston.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {75e83d7f-159f-11e0-a2a0-002269c9ea11} - G:\PCStart.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {9001cf89-e01a-11e2-90d0-002269c9ea11} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {ab65ec01-7b36-11e3-b8b6-002269c9ea11} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {add2cce4-0a76-11df-a970-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_tools.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {b2fda7ce-699a-11df-989d-002269c9ea11} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {d9791e4f-d3e8-11de-abba-002269c9ea11} - F:\Menu.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {d9791e62-d3e8-11de-abba-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\kingston.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {e8a498c1-3d76-11df-a605-002269c9ea11} - F:\AutoRun.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {e8a498db-3d76-11df-a605-002269c9ea11} - F:\AutoRun.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {eb0ad2d0-aaee-11e0-a24a-002269c9ea11} - F:\RunClubSanDisk.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {f854b1d6-4efa-11de-8c8a-00059a3c7800} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL serivces.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {f8ffd9ee-cf00-11de-a39c-00059a3c7800} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\sandisk.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk
ShortcutTarget: Inhaltsmanager-Assistent für PlayStation(R).lnk -> C:\Program Files\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\An-D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
URLSearchHook: HKLM - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
URLSearchHook: HKCU - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial)
Toolbar: HKCU - Vuze Remote Toolbar - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default
FF user.js: detected! => C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\user.js
FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*'))%20%7B%20return%20'PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @3dvia.com/3DVIAStudioPlayer - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes)
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Move Media Player - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\moveplayer@movenetworks.com [2009-04-04]
FF Extension: No Name - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\staged [2014-04-25]
FF Extension: FoxyTunes - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2012-03-27]
FF Extension: DownloadHelper - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26]
FF Extension: Add-on Compatibility Reporter - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\compatibility@addons.mozilla.org.xpi [2011-04-14]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-03-01]
FF Extension: Session Manager - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-08-04]
FF Extension: FlashGot - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-04-09]
FF Extension: NoScript - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-04]
FF Extension: Adblock Plus - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-31]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (3DVIA Player) - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\An-D\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-10]
CHR Extension: (Google-Suche) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-10]
CHR Extension: (Google Wallet) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]
CHR Extension: (Google Mail) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-10]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-04]
CHR StartMenuInternet: Google Chrome - C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2014-01-22] (AVAST Software)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [79144 2008-09-09] (Dassault Systèmes SolidWorks Corp.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584 2007-04-03] (Cisco Systems, Inc.)
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [181544 2009-05-01] (Seagate Technology LLC)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-13] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2009-01-28] (SolidWorks)
R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [31248 2008-01-16] (Syntek America Inc.)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2014-01-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2014-01-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [49760 2014-01-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2014-01-22] ()
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2014-01-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2014-01-22] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2014-01-22] ()
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306295 2007-04-03] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-06-25] (SAMSUNG ELECTRONICS CO., LTD.)
R3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1363088 2008-03-28] (Syntek)
S3 ADDMEM; \??\C:\Users\An-D\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-26 00:58 - 2014-04-26 00:59 - 00033437 _____ () C:\Users\An-D\Desktop\FRST.txt
2014-04-26 00:57 - 2014-04-26 00:58 - 00000000 ____D () C:\FRST
2014-04-26 00:54 - 2014-04-26 00:55 - 01049088 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe
2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log
2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable
2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe
2014-04-23 15:02 - 2014-04-23 15:02 - 00298624 _____ (Microsoft Corporation) C:\ProgramData\pmsqql.dat
2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-22 14:49 - 2014-04-22 14:49 - 00000000 ____D () C:\Users\An-D\Desktop\PERRARO Shooting Schloss Wasserburg
2014-04-22 14:47 - 2014-04-22 14:49 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-13 00:24 - 2014-04-13 00:25 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner
2014-04-09 12:32 - 2014-04-25 23:24 - 00003194 _____ () C:\Users\An-D\Desktop\Meeting 140408 Shooting.txt
2014-04-04 03:57 - 2014-04-04 03:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-04 03:56 - 2014-04-04 03:56 - 00000000 ____D () C:\Program Files\iPod
2014-04-04 03:55 - 2014-04-04 03:57 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-04 03:45 - 2014-04-04 03:45 - 00000000 ____D () C:\Users\An-D\Documents\Optimizer Pro
2014-04-04 03:40 - 2014-04-04 03:40 - 00002107 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-04-04 03:39 - 2014-04-04 03:40 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-04-04 03:16 - 2014-04-04 03:16 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\mysearchdial
2014-04-04 03:16 - 2014-04-04 03:16 - 00000000 ____D () C:\Program Files\Mysearchdial
2014-04-04 03:14 - 2014-04-04 03:14 - 00634240 _____ () C:\Users\An-D\Downloads\FreeYouTubeToMP3Converter.exe
2014-04-01 01:58 - 2014-04-01 01:58 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\DropboxMaster
==================== One Month Modified Files and Folders =======
2014-04-26 00:59 - 2014-04-26 00:58 - 00033437 _____ () C:\Users\An-D\Desktop\FRST.txt
2014-04-26 00:58 - 2014-04-26 00:57 - 00000000 ____D () C:\FRST
2014-04-26 00:55 - 2014-04-26 00:54 - 01049088 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe
2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log
2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable
2014-04-26 00:51 - 2013-05-31 15:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-26 00:51 - 2008-11-15 16:35 - 00000000 ____D () C:\Users\An-D
2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe
2014-04-26 00:35 - 2012-06-10 23:05 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA.job
2014-04-26 00:16 - 2008-12-27 17:11 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job
2014-04-26 00:04 - 2012-06-04 01:20 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Spotify
2014-04-26 00:02 - 2012-06-04 01:21 - 00000000 ____D () C:\Users\An-D\AppData\Local\Spotify
2014-04-26 00:02 - 2006-11-02 12:33 - 00824910 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-26 00:01 - 2012-02-14 17:49 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Dropbox
2014-04-26 00:01 - 2010-04-06 23:58 - 00000000 ____D () C:\Program Files\Steam
2014-04-26 00:00 - 2009-02-25 19:38 - 00264787 _____ () C:\ProgramData\nvModes.001
2014-04-26 00:00 - 2009-02-25 18:51 - 00264787 _____ () C:\ProgramData\nvModes.dat
2014-04-26 00:00 - 2008-10-24 02:04 - 01277665 _____ () C:\Windows\WindowsUpdate.log
2014-04-25 23:56 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-25 23:56 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-25 23:56 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-25 23:55 - 2008-06-25 23:08 - 00000836 _____ () C:\Windows\bthservsdp.dat
2014-04-25 23:55 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-25 23:27 - 2012-04-25 22:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-25 23:24 - 2014-04-09 12:32 - 00003194 _____ () C:\Users\An-D\Desktop\Meeting 140408 Shooting.txt
2014-04-23 16:41 - 2012-12-09 21:33 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-23 15:02 - 2014-04-23 15:02 - 00298624 _____ (Microsoft Corporation) C:\ProgramData\pmsqql.dat
2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-22 14:49 - 2014-04-22 14:49 - 00000000 ____D () C:\Users\An-D\Desktop\PERRARO Shooting Schloss Wasserburg
2014-04-22 14:49 - 2014-04-22 14:47 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-19 03:35 - 2012-06-10 23:04 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core.job
2014-04-13 00:25 - 2014-04-13 00:24 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner
2014-04-04 03:57 - 2014-04-04 03:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-04 03:57 - 2014-04-04 03:55 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-04 03:57 - 2008-12-21 00:18 - 00000000 ____D () C:\Program Files\iTunes
2014-04-04 03:56 - 2014-04-04 03:56 - 00000000 ____D () C:\Program Files\iPod
2014-04-04 03:56 - 2008-11-15 18:16 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-04-04 03:45 - 2014-04-04 03:45 - 00000000 ____D () C:\Users\An-D\Documents\Optimizer Pro
2014-04-04 03:40 - 2014-04-04 03:40 - 00002107 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-04-04 03:40 - 2014-04-04 03:39 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-04-04 03:40 - 2013-07-22 01:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-04-04 03:39 - 2013-07-22 01:38 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\DVDVideoSoft
2014-04-04 03:39 - 2013-07-22 01:38 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-04-04 03:31 - 2013-12-20 09:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-04 03:31 - 2009-02-08 10:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-04 03:28 - 2013-08-31 20:23 - 00001870 _____ () C:\Users\An-D\Desktop\Games.txt
2014-04-04 03:16 - 2014-04-04 03:16 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\mysearchdial
2014-04-04 03:16 - 2014-04-04 03:16 - 00000000 ____D () C:\Program Files\Mysearchdial
2014-04-04 03:14 - 2014-04-04 03:14 - 00634240 _____ () C:\Users\An-D\Downloads\FreeYouTubeToMP3Converter.exe
2014-04-01 01:58 - 2014-04-01 01:58 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\DropboxMaster
Files to move or delete:
====================
C:\ProgramData\pmsqql.dat
Some content of TEMP:
====================
C:\Users\An-D\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf3qxe1.dll
C:\Users\An-D\AppData\Local\Temp\ICReinstall_FreeYouTubeToMP3Converter.exe
C:\Users\An-D\AppData\Local\Temp\MySearchDial.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-26 00:05
==================== End Of Log ============================
--- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-04-2014
Ran by An-D at 2014-04-26 00:59:24
Running from C:\Users\An-D\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Out of date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Out of date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
3DVIA Player (HKLM\...\{1DB0BD6C-F04A-4DB1-A931-F677F5C1F91D}) (Version: 2.6.57 - Dassault Systemes)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe After Effects CS4 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Presets (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Third Party Content (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Contribute CS4 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_697a06b96d8bcbe2d77b88e7d5448d0) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CS4 American English Speech Analysis Models (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fireworks CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 Extension - Flash Lite STI others (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 STI-other (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Common Base Files (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe kuler (HKLM\...\com.adobe.kuler.Desktop.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1 - Adobe Systems Incorporated)
Adobe kuler (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Dolby (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe OnLocation CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Functional Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe SGM CS4 (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Adobe SING CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 Codecs (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS4 Server (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version: - )
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - )
avast! Free Antivirus (HKLM\...\avast) (Version: 8.0.1506.0 - AVAST Software)
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Braid (HKLM\...\Steam App 26800) (Version: - Number None, Inc.)
Business Contact Manager für Outlook 2007 (HKLM\...\Business Contact Manager für Outlook 2007) (Version: 3.0.5828.0 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 (Version: 3.0.5828.0 - Microsoft Corporation) Hidden
Cisco Systems VPN Client 5.0.00.0340 (HKLM\...\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}) (Version: 5.0.0 - Cisco Systems, Inc.)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
dBpoweramp m4a Codec (HKLM\...\dBpoweramp m4a Codec) (Version: Release 14 - Illustrate)
dBpoweramp Music Converter (HKLM\...\dBpoweramp Music Converter) (Version: Release 13.1 - Illustrate)
DEFCON (HKLM\...\Steam App 1520) (Version: - Introversion Software)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
Easy Network Manager 3.0 (HKLM\...\InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Ihr Firmenname)
Easy Network Manager 3.0 (Version: 3.0.0.0 - Ihr Firmenname) Hidden
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.1.0 - )
EDGE (HKLM\...\Steam App 38740) (Version: - Two Tribes)
FoxyTunes for Firefox (HKLM\...\FoxyTunesForFirefox) (Version: - )
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
GetFLV Pro 9.0.4.0 (HKLM\...\GetFLV Pro_is1) (Version: - GetFLV, Inc.)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google SketchUp Pro 8 (HKLM\...\{E0A160F1-127B-43AC-AF96-EBB6319B01C7}) (Version: 3.0.4811 - Google, Inc.)
Half-Life 2: Episode Two (HKLM\...\Steam App 420) (Version: - Valve)
Humanized Enso (HKCU\...\HumanizedEnso) (Version: - )
imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD)
Inhaltsmanager-Assistent für PlayStation(R) (HKLM\...\{E500DF84-3A0A-4989-93C2-D33B935008C1}) (Version: 2.00.5976.25 - Sony Computer Entertainment Inc.)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}) (Version: 12.00.2000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Japanese Fonts Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5760-0000-800000000003}) (Version: 8.0 - Adobe Systems)
Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Last.fm 1.5.4.27091 (HKLM\...\LastFM_is1) (Version: - Last.fm)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.1.2047.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Miranda ProZ Black Edition (HKLM\...\Miranda ProZ Black Edition) (Version: 1.5.0.0 - T!tr0)
MobileMe Control Panel (HKLM\...\{A71D5E81-B967-43DB-93D7-FD31BFB95748}) (Version: 3.1.5.0 - Apple Inc.)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
Mp3tag v2.42 (HKLM\...\Mp3tag) (Version: v2.42 - Florian Heidenreich)
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
Multiwinia (HKLM\...\Steam App 1530) (Version: - Introversion Software)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{2D99A593-C841-43A7-B7C9-D6F3AE70B756}) (Version: 7.1.45.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.62.1 - Nokia)
Nokia PC Suite (Version: 7.1.62.1 - Nokia) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version: - )
PC Connectivity Solution (HKLM\...\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.19.0 - Nokia)
PDF Editor 3 (HKLM\...\PDF Editor 3) (Version: - )
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
pdfFactory Pro (HKLM\...\pdfFactory Pro) (Version: - )
pdfsam (HKCU\...\pdfsam) (Version: 2.2.0 - )
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
Play AVStation (HKLM\...\InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.50 - Ihr Firmenname)
Play AVStation (Version: 4.1.20.50 - Ihr Firmenname) Hidden
Play Camera (HKLM\...\InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}) (Version: 2.0.0.13 - Ihr Firmenname)
Play Camera (Version: 2.0.0.13 - Ihr Firmenname) Hidden
PlayStation(R)Network Downloader (HKLM\...\{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}) (Version: 1.01.00018 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 1.0.0.11252 - Sony Computer Entertainment Inc.)
PowerArchiver 2009 German (HKLM\...\{80F23E47-2A00-4C56-B916-354FF332059F}) (Version: 11.03.04 - ConeXware, Inc.)
QIP 2005 8095 Jeak-Edition (HKLM\...\QIP 2005 8095 Jeak-Edition) (Version: 8095 - Jeak)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD)
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.5 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}) (Version: 2.0 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., LTD) Hidden
Seagate Manager Installer (HKLM\...\InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}) (Version: 2.01.0109 - Seagate)
Seagate Manager Installer (Version: 2.01.0109 - Seagate) Hidden
Shadowgrounds Editor (HKLM\...\Steam App 2505) (Version: - Frozenbyte)
SIW version 2008-10-28 (HKLM\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2008.10.28 - Topala Software Solutions)
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.155 - Skype Technologies S.A.)
SolidWorks 2009 SP0 (HKLM\...\{85C71366-4610-4180-8C23-7B3BB98F3C30}) (Version: 17.1.0003 - SolidWorks)
Sony Media Manager for PSP 3.0 (HKLM\...\{21C6344A-918B-4D35-ADB6-7614F97B78EA}) (Version: 3.0.892 - Sony)
SpeedCommander 12 (HKLM\...\SpeedCommander 12) (Version: 12 - SpeedProject)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Swords and Soldiers HD (HKLM\...\Steam App 63500) (Version: - Ronimo Games)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB934528) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version: - )
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version: - )
USB2.0 UVC WebCam (HKLM\...\{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}) (Version: 6.11.706.012 - D-MAX)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Verbindungsassistent (HKLM\...\Verbindungsassistent) (Version: 2.1 - Verbindungsassistent)
VLC media player 0.9.6 (HKLM\...\VLC media player) (Version: 0.9.6 - VideoLAN Team)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 4.8.1.2 - Azureus Software, Inc.)
Vuze Remote Toolbar (HKLM\...\Vuze_Remote Toolbar) (Version: 6.3.3.3 - Vuze Remote) <==== ATTENTION
VVVVVV (HKLM\...\Steam App 70300) (Version: - )
WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - WIDCOMM, Inc.)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}) (Version: 6.0.6783.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{CB8CA439-DA83-419C-A4CF-5A0A50025144}) (Version: 6.0.6783.0 - Microsoft Corporation)
Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5) (HKLM\...\3F930CC3EE841B82D6D463716B5F67BD240BBD46) (Version: 09/17/2009 3.0.0.5 - Apple Inc.)
Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Wise Disk Cleaner 7.33 (HKLM\...\Wise Disk Cleaner_is1) (Version: - WiseCleaner.com, Inc.)
Wise Registry Cleaner 7.25 (HKLM\...\Wise Registry Cleaner_is1) (Version: - WiseCleaner.com, Inc.)
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
==================== Restore Points =========================
==================== Hosts content: ==========================
2008-12-23 18:36 - 2008-12-23 18:36 - 00001239 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {0AA60ADE-1999-4F56-A1B9-EF09CA2714C6} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-05] (Samsung Electronics Co., Ltd.)
Task: {14E96646-B1B8-4385-9E73-72681E0DC0DC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA => C:\Users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2789001F-47B6-4652-841F-4674F8B404D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core => C:\Users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.)
Task: {28AEB676-1078-4713-90F5-8D99EB6214F8} - System32\Tasks\SupBackGroundTask => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe [2010-04-20] ()
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {43DFD917-C210-4C9F-90EB-64F6025C5CD7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {49F3B6FC-9BEE-4734-82C4-FAA606100F0A} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-05-22] (SAMSUNG Electronics)
Task: {53403752-F29A-45E1-97AD-465D3F834308} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.)
Task: {5FC395FB-E1D8-4566-91D2-4585565871B0} - System32\Tasks\{0928E92B-0230-4D30-B123-B9529A88739C} => C:\Program Files\Skype\\Phone\Skype.exe [2010-03-09] (Skype Technologies S.A.)
Task: {941FD8D6-59AD-4980-AC39-88DA8A84FC45} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2008-04-25] (Samsung Electronics Co., Ltd.)
Task: {CD4314D0-71BB-4ED0-ABB6-4D82AB1577CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {D0788E40-8320-4501-80BC-C2550CB0E9CB} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-01-22] (AVAST Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core.job => C:\Users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA.job => C:\Users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SupBackGroundTask.job => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
==================== Loaded Modules (whitelisted) =============
2014-03-05 05:05 - 2014-03-04 21:16 - 02275840 _____ () C:\Program Files\Alwil Software\Avast5\defs\14030401\algo.dll
2008-05-23 06:46 - 2008-05-23 06:46 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-04-03 17:18 - 2007-04-03 17:18 - 00197672 _____ () C:\Windows\system32\vpnapi.dll
2010-04-14 10:35 - 2009-03-03 12:45 - 00296400 ____N () C:\Program Files\Verbindungsassistent\WTGService.exe
2008-06-25 07:30 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
2008-06-25 07:30 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2008-06-25 07:30 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll
2014-04-26 00:00 - 2014-04-26 00:00 - 00041984 _____ () c:\users\an-d\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf3qxe1.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\An-D\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-25 22:43 - 2014-04-24 02:33 - 00065352 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-25 22:43 - 2014-04-24 02:33 - 04081480 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-25 22:43 - 2014-04-24 02:33 - 00390472 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-25 22:43 - 2014-04-24 02:33 - 01647432 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-12 15:55 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-12 15:55 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-04-25 22:43 - 2014-04-24 02:33 - 13692232 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Windows:EA5DE28FA39D1DB8
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk => C:\Windows\pss\VPN Client.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Adobe_ID0ENQBO => C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: uTorrent => "C:\Program Files\uTorrent\uTorrent.exe"
==================== Faulty Device Manager Devices =============
Name: Microsoft-6zu4-Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/26/2014 00:02:58 AM) (Source: LoadPerf) (User: )
Description: WMI-Objekte16
Error: (04/26/2014 00:02:58 AM) (Source: LoadPerf) (User: )
Description: 775216
Error: (04/25/2014 11:56:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/25/2014 11:56:47 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/25/2014 11:34:25 PM) (Source: LoadPerf) (User: )
Description: WMI-Objekte16
Error: (04/25/2014 11:34:25 PM) (Source: LoadPerf) (User: )
Description: 775216
Error: (04/25/2014 11:29:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/25/2014 11:28:09 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (04/25/2014 08:27:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15616
Error: (04/25/2014 08:27:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15616
System errors:
=============
Error: (04/26/2014 00:00:24 AM) (Source: Service Control Manager) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058
Error: (04/25/2014 11:57:15 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (04/25/2014 11:56:52 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (04/25/2014 11:56:29 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos
Error: (04/25/2014 11:36:39 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (04/25/2014 11:31:27 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (04/25/2014 11:29:28 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058
Error: (04/25/2014 11:29:28 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (04/25/2014 11:29:28 PM) (Source: Service Control Manager) (User: )
Description: Automatische WLAN-KonfigurationExtensible Authentication-Protokoll%%16389
Error: (04/25/2014 11:29:28 PM) (Source: Service Control Manager) (User: )
Description: Extensible Authentication-Protokoll%%16389
Microsoft Office Sessions:
=========================
Error: (05/12/2012 03:48:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 58 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/17/2012 04:18:26 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/19/2011 09:54:51 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 53 seconds with 0 seconds of active time. This session ended with a crash.
Error: (09/04/2011 05:02:51 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 220 seconds with 60 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-04-26 00:59:10.010
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-26 00:59:09.979
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-26 00:59:09.948
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-26 00:59:09.916
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-26 00:59:09.854
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-26 00:59:09.823
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-26 00:59:09.792
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-26 00:59:09.745
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-09-12 00:14:11.328
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Alwil Software\Avast5\Setup\INF\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-09-12 00:14:11.210
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Alwil Software\Avast5\Setup\INF\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 48%
Total physical RAM: 3065.88 MB
Available physical RAM: 1588.7 MB
Total Pagefile: 6334.89 MB
Available Pagefile: 4679.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.13 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:80.09 GB) (Free:5.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:208 GB) (Free:16.8 GB) NTFS
Drive f: (Elements) (Fixed) (Total:931.51 GB) (Free:608.81 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 3A21C8C8)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=208 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 00021631)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
26.04.2014, 14:51
| #4 |
| | Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert Gmer Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-26 02:23:30
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\An-D\AppData\Local\Temp\pxldqpog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x91A78610]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x91E7A5FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x91A790E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x91A84F18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x91A84F64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x91A850FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x91A84E86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x91E7A992]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x91A84ECE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x91A795E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x91A850B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x91A79E9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x91A78676]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x91A7D596]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x91E7A6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x91E78C12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x91A786DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x91A7D98C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x91A7A92C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x91A84F42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x91A84F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x91A85122]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x91A84EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x91A7CE78]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x91A85036]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x91A84EF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x91A7D26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x91A850DC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x91E7A822]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x91A7A7F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x91A7A34E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x91A78742]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x91A787A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x91A79D16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x91A782F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x91A784CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x91A7845C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x91A7A066]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x91A7A1C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x91A78556]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x91E7A8EA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x91A79CF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x91E78C42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x91A7880E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x91E7A76E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x91A79800]
INT 0x61 ? 914157D0
INT 0x71 ? 91415A50
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x91E93E00]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!KeInsertQueue + 2FD 830768F4 4 Bytes [10, 86, A7, 91]
.text ntoskrnl.exe!KeInsertQueue + 321 83076918 4 Bytes [FA, A5, E7, 91] {CLI ; MOVSD ; OUT 0x91, EAX}
.text ntoskrnl.exe!KeInsertQueue + 381 83076978 4 Bytes [E6, 90, A7, 91] {OUT 0x90, AL; CMPSD ; XCHG ECX, EAX}
.text ntoskrnl.exe!KeInsertQueue + 3C1 830769B8 8 Bytes [18, 4F, A8, 91, 64, 4F, A8, ...] {SBB [EDI-0x58], CL; XCHG ECX, EAX; DEC EDI; TEST AL, 0x91}
.text ntoskrnl.exe!KeInsertQueue + 3CD 830769C4 4 Bytes [FE, 50, A8, 91]
.text ...
PAGE ntoskrnl.exe!ObMakeTemporaryObject 831ACF3A 5 Bytes JMP 91E90C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 110 831F6213 4 Bytes CALL 91A7AFEF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ObInsertObject 831FA68B 5 Bytes JMP 91E927B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 121 83223A9D 4 Bytes CALL 91A7B005 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 832912F4 7 Bytes JMP 91E93E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngCreateRectRgn + 51BE 9CCB4126 5 Bytes JMP 91A7E628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 2029 9CCC7348 5 Bytes JMP 91A7DAD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 3DF2 9CCD2CB7 5 Bytes JMP 91A7E6CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + B45 9CCDAC31 5 Bytes JMP 91A7D9C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F1C 9CCDB008 5 Bytes JMP 91A7F1B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 1EA3 9CCDBF8F 5 Bytes JMP 91A7E88C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCombineRgn + 3A1 9CCDCB6D 5 Bytes JMP 91A7E7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCombineRgn + 3161 9CCDF92D 5 Bytes JMP 91A7DF24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetRectRgn + 1939 9CCE25FD 5 Bytes JMP 91A7DD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 65D3 9CCEC7AD 5 Bytes JMP 91A7E4DC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8746 9CCEE920 5 Bytes JMP 91A7F56C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + A393 9CCF056D 5 Bytes JMP 91A7E7E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + B91D 9CCF1AF7 5 Bytes JMP 91A7E2F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + C738 9CD0BF57 5 Bytes JMP 91A7E22C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + C80B 9CD0C02A 5 Bytes JMP 91A7E508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 3FB5 9CD2E0EF 5 Bytes JMP 91A7F060 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 7E1D 9CD31F57 5 Bytes JMP 91A7DDF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 9165 9CD3B854 5 Bytes JMP 91A7E6EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 442A 9CD44354 5 Bytes JMP 91A7DBF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 9061 9CD48F8B 5 Bytes JMP 91A7F33C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 92BD 9CD491E7 5 Bytes JMP 91A7F3FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 17 9CD4D280 5 Bytes JMP 91A7F162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 3838 9CD5D548 5 Bytes JMP 91A7F614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 4D22 9CD65C96 5 Bytes JMP 91A7F116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 17BC 9CD6F7BE 5 Bytes JMP 91A7F284 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 478A 9CD7624D 5 Bytes JMP 91A7DCDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 40E 9CD92951 5 Bytes JMP 91A7E008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + CE1 9CD9C786 5 Bytes JMP 91A7DEBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 9CDA02BE 5 Bytes JMP 91A7F4BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 45C5 9CDA21AA 5 Bytes JMP 91A7E70A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 309B 9CDBAF37 5 Bytes JMP 91A7E150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 6C71 9CDBEB0D 5 Bytes JMP 91A7E0AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE spsys.sys!?SPVersion@@3PADA + 1A67 93B5503F 240 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1B58 93B55130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE spsys.sys!?SPVersion@@3PADA + 1B5F 93B55137 167 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1C07 93B551DF 2046 Bytes [8B, 51, 08, 50, 6A, 00, 6A, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 2406 93B559DE 47 Bytes [04, BB, A8, 01, 00, 00, 8D, ...]
PAGE ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[12] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[580] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\system32\csrss.exe[600] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\system32\wininit.exe[652] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\system32\csrss.exe[664] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text ...
.text C:\Windows\servicing\TrustedInstaller.exe[772] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000501F8
.text C:\Windows\servicing\TrustedInstaller.exe[772] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000503FC
.text C:\Windows\servicing\TrustedInstaller.exe[772] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000603FC
.text C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00060600
.text C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00061014
.text C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00060804
.text C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00060A08
.text C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00060C0C
.text C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00060E10
.text C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000601F8
.text C:\Windows\servicing\TrustedInstaller.exe[772] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 000B0804
.text C:\Windows\servicing\TrustedInstaller.exe[772] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 000B01F8
.text C:\Windows\servicing\TrustedInstaller.exe[772] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 000B03FC
.text C:\Windows\servicing\TrustedInstaller.exe[772] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 000B0600
.text C:\Windows\servicing\TrustedInstaller.exe[772] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 000B0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text ...
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 01B58840
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 01B588E9
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00170804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001701F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001703FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00170600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00170A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 01B5898E
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001803FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00180600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 01B58A3A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00181014
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00180804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00180A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001801F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 01B57410
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1652] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1748] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1772] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1916] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text ...
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 01C68840
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 01C688E9
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00160804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00160600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00160A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 01C6898E
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 01C68A3A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00171014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 01C67410
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2124] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2276] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 01BB8840
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 01BB88E9
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 01BB898E
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 002703FC
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00270600
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 01BB8A3A
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00271014
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00270804
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00270A08
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00270C0C
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00270E10
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 002701F8
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00280804
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 002801F8
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 002803FC
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00280600
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00280A08
.text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 01BB7410
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2392] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000601F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000603FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 010B8840
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 010B88E9
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 010B898E
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000703FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00070600
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 010B8A3A
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00071014
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00070804
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00070A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00070C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00070E10
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000701F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00080804
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 000801F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 000803FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00080600
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00080A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2416] CRYPT32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 010B7410
.text C:\Windows\system32\svchost.exe[2452] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000A01F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000A03FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 01AA8840
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 01AA88E9
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 01AA898E
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000B03FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 000B0600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 01AA8A3A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 000B1014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 000B0804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 000B0A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 000B0C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 000B0E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000B01F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 000C0804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 000C01F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 000C03FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 000C0600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 000C0A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 01AA7410
.text C:\Windows\System32\StkCSrv.exe[2488] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[2644] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000501F8
.text C:\Windows\ehome\ehmsas.exe[2644] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000503FC
.text C:\Windows\ehome\ehmsas.exe[2644] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 021C8840
.text C:\Windows\ehome\ehmsas.exe[2644] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 021C88E9
.text C:\Windows\ehome\ehmsas.exe[2644] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 021C898E
.text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 021C8A3A
.text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00071014
.text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00070C0C
.text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00070E10
.text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehmsas.exe[2644] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00080804
.text C:\Windows\ehome\ehmsas.exe[2644] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 000801F8
.text C:\Windows\ehome\ehmsas.exe[2644] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 000803FC
.text C:\Windows\ehome\ehmsas.exe[2644] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00080600
.text C:\Windows\ehome\ehmsas.exe[2644] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00080A08
.text C:\Windows\ehome\ehmsas.exe[2644] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 021C7410
.text C:\Windows\system32\Dwm.exe[2772] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\Explorer.EXE[2796] kernel32.dll!CreateProcessW 764C1C01 5 Bytes JMP 062D8840
.text C:\Windows\Explorer.EXE[2796] kernel32.dll!CreateProcessA 764C1C36 5 Bytes JMP 062D88E9
.text C:\Windows\Explorer.EXE[2796] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\Explorer.EXE[2796] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 062D898E
.text C:\Windows\Explorer.EXE[2796] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 062D8A3A
.text C:\Windows\Explorer.EXE[2796] CRYPT32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 062D7410
.text C:\Windows\system32\SearchIndexer.exe[2900] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\Verbindungsassistent\WTGService.exe[2960] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3056] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3500] kernel32.dll!CreateProcessW 764C1C01 5 Bytes JMP 03298840
.text C:\Windows\system32\taskeng.exe[3500] kernel32.dll!CreateProcessA 764C1C36 5 Bytes JMP 032988E9
.text C:\Windows\system32\taskeng.exe[3500] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3500] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 0329898E
.text C:\Windows\system32\taskeng.exe[3500] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 03298A3A
.text C:\Windows\system32\taskeng.exe[3500] CRYPT32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 03297410
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 016B8840
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 016B88E9
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00170804
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001701F8
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001703FC
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00170600
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00170A08
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 016B898E
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001803FC
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00180600
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 016B8A3A
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00181014
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00180804
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00180A08
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001801F8
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 016B7410
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 02408840
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 024088E9
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00180804
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001801F8
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001803FC
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00180600
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00180A08
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 0240898E
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001903FC
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00190600
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 02408A3A
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00191014
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00190804
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00190A08
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00190C0C
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00190E10
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001901F8
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 02407410
.text C:\Windows\System32\mobsync.exe[3736] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000601F8
.text C:\Windows\System32\mobsync.exe[3736] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000603FC
.text C:\Windows\System32\mobsync.exe[3736] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00071014
.text C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00070804
.text C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00070A08
.text C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\mobsync.exe[3736] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00180804
.text C:\Windows\System32\mobsync.exe[3736] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001801F8
.text C:\Windows\System32\mobsync.exe[3736] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001803FC
.text C:\Windows\System32\mobsync.exe[3736] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00180600
.text C:\Windows\System32\mobsync.exe[3736] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00180A08
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 016D8840
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 016D88E9
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00170804
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001701F8
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001703FC
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00170600
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00170A08
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 016D898E
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001803FC
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00180600
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 016D8A3A
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00181014
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00180804
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00180A08
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00180C0C
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00180E10
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001801F8
.text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] CRYPT32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 016D7410
.text C:\Windows\system32\wbem\wmiprvse.exe[3800] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000601F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3800] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000603FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3800] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3800] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\wmiprvse.exe[3800] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3800] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3800] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[3800] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00080A08
.text C:\Windows\ehome\ehtray.exe[3992] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000601F8
.text C:\Windows\ehome\ehtray.exe[3992] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000603FC
.text C:\Windows\ehome\ehtray.exe[3992] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 009A8840
.text C:\Windows\ehome\ehtray.exe[3992] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 009A88E9
.text C:\Windows\ehome\ehtray.exe[3992] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 009A898E
.text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 009A8A3A
.text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00071014
.text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00070C0C
.text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00070E10
.text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehtray.exe[3992] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00080804
.text C:\Windows\ehome\ehtray.exe[3992] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 000801F8
.text C:\Windows\ehome\ehtray.exe[3992] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 000803FC
.text C:\Windows\ehome\ehtray.exe[3992] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00080600
.text C:\Windows\ehome\ehtray.exe[3992] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00080A08
.text C:\Windows\ehome\ehtray.exe[3992] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 009A7410
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 01E78840
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 01E788E9
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 01E7898E
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001803FC
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00180600
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 01E78A3A
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00181014
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00180804
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00180A08
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001801F8
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00190804
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001901F8
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001903FC
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00190600
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00190A08
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 01E77410
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001501F8
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001503FC
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 01CC8840
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 01CC88E9
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00160804
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001601F8
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001603FC
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00160600
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00160A08
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 01CC898E
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001703FC
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00170600
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 01CC8A3A
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00171014
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00170804
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00170A08
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00170C0C
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00170E10
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001701F8
.text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 01CC7410
.text C:\Windows\RtHDVCpl.exe[4040] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8
.text C:\Windows\RtHDVCpl.exe[4040] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC
.text C:\Windows\RtHDVCpl.exe[4040] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 02AD8840
.text C:\Windows\RtHDVCpl.exe[4040] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 02AD88E9
.text C:\Windows\RtHDVCpl.exe[4040] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 02AD898E
.text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 002703FC
.text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00270600
.text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 02AD8A3A
.text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00271014
.text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00270804
.text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00270A08
.text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00270C0C
.text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00270E10
.text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 002701F8
.text C:\Windows\RtHDVCpl.exe[4040] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00280804
.text C:\Windows\RtHDVCpl.exe[4040] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 002801F8
.text C:\Windows\RtHDVCpl.exe[4040] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 002803FC
.text C:\Windows\RtHDVCpl.exe[4040] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00280600
.text C:\Windows\RtHDVCpl.exe[4040] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00280A08
.text C:\Windows\RtHDVCpl.exe[4040] CRYPT32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 02AD7410
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 04078840
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 040788E9
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 0407898E
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001803FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00180600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 04078A3A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00181014
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00180804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00180A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00180C0C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00180E10
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001801F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00190804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001901F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001903FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00190600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00190A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] CRYPT32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 04077410
.text C:\Windows\system32\svchost.exe[4428] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[4428] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[4428] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[4428] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[4428] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[4428] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[4428] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[4428] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00080A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00280804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 002801F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 002803FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00280600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00280A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 002903FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00290600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00291014
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00290804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00290A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00290C0C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00290E10
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 002901F8
.text C:\Program Files\iPod\bin\iPodService.exe[5128] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000601F8
.text C:\Program Files\iPod\bin\iPodService.exe[5128] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000603FC
.text C:\Program Files\iPod\bin\iPodService.exe[5128] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000703FC
.text C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00070600
.text C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00071014
.text C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00070804
.text C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00070A08
.text C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00070C0C
.text C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00070E10
.text C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000701F8
.text C:\Program Files\iPod\bin\iPodService.exe[5128] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00080804
.text C:\Program Files\iPod\bin\iPodService.exe[5128] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 000801F8
.text C:\Program Files\iPod\bin\iPodService.exe[5128] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 000803FC
.text C:\Program Files\iPod\bin\iPodService.exe[5128] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00080600
.text C:\Program Files\iPod\bin\iPodService.exe[5128] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00080A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001803FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00180600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00181014
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00180804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00180A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00180C0C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00180E10
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001801F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00190804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001901F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001903FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00190600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00190A08
.text C:\Windows\system32\svchost.exe[5444] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[5444] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[5444] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[5444] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[5444] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[5444] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[5444] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[5444] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00080A08
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 00378840
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 003788E9
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62]
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 0037898E
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001C03FC
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 001C0600
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 00378A3A
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 001C1014
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 001C0804
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 001C0A08
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 001C0C0C
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 001C0E10
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001C01F8
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 001D0804
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001D01F8
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001D03FC
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 001D0600
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 001D0A08
.text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 00377410
---- Processes - GMER 2.1 ----
Process (*** hidden *** ) [4] 8526DA90
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd65b4f
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd6642e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269c9ea11
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269c9ea11@c8979f6daf40 0xAB 0xDB 0x6A 0xCA ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e4cd65b4f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e4cd6642e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002269c9ea11 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002269c9ea11@c8979f6daf40 0xAB 0xDB 0x6A 0xCA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x5D 0x3B 0x90 0xB3 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
26.04.2014, 18:42
| #5 |
| /// the machine /// TB-Ausbilder | Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.04.2014, 11:25
| #6 |
| | Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert Hallo schrauber, Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-04-2014
Ran by An-D at 2014-04-26 20:51:04 Run:1
Running from C:\Users\An-D\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
*****************
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
==== End of Fixlog ====
'Error A setiface error has occured: 2 Try to reinstall or contact support, please' Habe dann den Computer neu gestartet. Nach der Anmeldung tauchte diese Fehlermeldung auf: 'RegSvr32 Das Modul "C:\ProgramData\pmsqql.dat" konnte nicht geladen werden. Vergewissern Sie sich, dass die Binärdatei am angegebenen Pfad gespeichert ist, oder debuggen Sie die Datei, um Probleme mit der binären Datei oder abhängigen DLL-Dateien auszuschließen. Das angegebene Modul wurde nicht gefunden.' Nach erneutem Neustart tauchte der Fehler nicht mehr auf. Habe dann Combofix durchlaufen lassen: Code:
ATTFilter ComboFix 14-04-26.01 - An-D 27.04.2014 20:33:21.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1031.18.3066.2181 [GMT 2:00]
Running from: c:\users\An-D\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
---- Previous Run -------
.
C:\END
c:\programdata\pmsqql.dat
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\An-D\AppData\Roaming\Start
c:\users\An-D\AppData\Roaming\Start\temp_BB40E0B5\flash.9.0.115.0.ocx
c:\users\An-D\AppData\Roaming\Start\temp_BB40E0B5\flash.9.0.159.0.ocx
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
F:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2014-03-27 to 2014-04-27 )))))))))))))))))))))))))))))))
.
.
2014-04-27 18:47 . 2014-04-27 18:47 -------- d-----w- c:\users\An-D\AppData\Local\temp
2014-04-27 18:47 . 2014-04-27 18:47 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2014-04-27 18:47 . 2014-04-27 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-27 16:57 . 2014-04-27 16:57 -------- d-----w- c:\program files\VS Revo Group
2014-04-25 22:57 . 2014-04-26 18:51 -------- d-----w- C:\FRST
2014-04-22 12:53 . 2014-04-22 12:53 -------- d-----w- c:\users\An-D\AppData\Roaming\Thunderbird
2014-04-22 12:53 . 2014-04-22 12:53 -------- d-----w- c:\users\An-D\AppData\Local\Thunderbird
2014-04-22 12:53 . 2014-04-22 12:53 -------- d-----w- c:\program files\Mozilla Thunderbird
2014-04-04 01:56 . 2014-04-04 01:56 -------- d-----w- c:\program files\iPod
2014-04-04 01:55 . 2014-04-04 01:57 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-04 01:39 . 2014-04-04 01:40 -------- d-----w- c:\program files\DVDVideoSoft
2014-04-04 01:16 . 2014-04-04 01:16 -------- d-----w- c:\users\An-D\AppData\Roaming\mysearchdial
2014-04-04 01:16 . 2014-04-04 01:16 -------- d-----w- c:\program files\Mysearchdial
2014-03-31 23:58 . 2014-03-31 23:58 -------- d-----w- c:\users\An-D\AppData\Roaming\DropboxMaster
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 21:51 . 2012-03-31 09:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-11 21:51 . 2011-05-21 18:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-27 18:29 297128 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\An-D\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\An-D\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\An-D\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\An-D\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Steam"="c:\program files\Steam\Steam.exe" [2013-06-06 1641896]
"HumanizedEnso"="c:\users\An-D\AppData\Local\HumanizedEnso\Enso.exe" [2008-01-14 117232]
"Spotify Web Helper"="c:\users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-04-25 1171000]
"Spotify"="c:\users\An-D\AppData\Roaming\Spotify\Spotify.exe" [2014-04-25 6087224]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"pmsqql"="c:\programdata\pmsqql.dat" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-22 178712]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-12-15 614400]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\An-D\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-4-18 33604728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
Inhaltsmanager-Assistent für PlayStation(R).lnk - c:\program files\Sony\Content Manager Assistant\CMA.exe [2012-11-13 3359712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 15:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 08:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
c:\program files\uTorrent\uTorrent.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 ADDMEM;ADDMEM;c:\users\An-D\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 21:51]
.
2014-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core.job
- c:\users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10 21:04]
.
2014-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA.job
- c:\users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10 21:04]
.
2014-04-27 c:\windows\Tasks\SupBackGroundTask.job
- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-10-27 12:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
FF - prefs.js: network.proxy.type - 2
FF - user.js: extensions.irmysearch.aflt - dvd_14_14_ff
FF - user.js: extensions.irmysearch.instlRef - 140305_a
FF - user.js: extensions.irmysearch.cr - 415182659
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=&q=
FF - user.js: extensions.mysearchdial.id - 002269C9EA118D32
FF - user.js: extensions.mysearchdial.instlDay - 16164
FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.03:28
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dvd_14_14_ff
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 140305_a
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial.cr - 415182659
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q
FF - user.js: extensions.mysearchdial.AL - 2
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-04-27 20:47
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3115540864-2871994801-2538804916-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"="0 0.1443 0.2474 0.5285 0.7387 0.8275 0.8296 "
"Increment"=".009434"
"FRT"="5vnfaWSAJnKs4FtkI2L8Qy4cOgB1XTOg3I5Neu1xdG1K9WYAadxc9g=="
"PLCK"="rq7wuQhyeA7wxO+SO4UIGgMluvhHRnNF"
"PHSH"=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:5d,3b,90,b3,59,60,83,e8,b4,2d,b1,05,ae,0c,3a,a0,04,a6,dd,76,f7,
c3,49,dd,fa,21,e0,59,fa,ec,7f,f2,88,3a,cc,81,c9,bd,40,2a,a8,72,be,05,90,47,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3480)
c:\windows\system32\btmmhook.dll
.
Completion time: 2014-04-27 21:22:52
ComboFix-quarantined-files.txt 2014-04-27 19:22
.
Pre-Run: 5.040.078.848 Bytes frei
Post-Run: 4.894.347.264 Bytes frei
.
- - End Of File - - D8CF4364E258F774D67E7ECC0A684689
61A349592C4728853F4A90FF78F7628E
Andreas |
|
28.04.2014, 19:32
| #7 |
| /// the machine /// TB-Ausbilder | Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.05.2014, 16:09
| #8 |
| | Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert Hallo Schrauber, ich war ein paar Tage geschäftlich unterwegs, habe in der Zeit meinen Computer aberauch nicht wirklich benutzt. Hier sind die Logs: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 08.05.2014 14:57:28, SYSTEM, NBAB, Protection, Malware Protection, Starting, Protection, 08.05.2014 14:57:28, SYSTEM, NBAB, Protection, Malware Protection, Started, Protection, 08.05.2014 14:57:28, SYSTEM, NBAB, Protection, Malicious Website Protection, Starting, Protection, 08.05.2014 14:57:38, SYSTEM, NBAB, Protection, Malicious Website Protection, Started, Update, 08.05.2014 14:57:53, SYSTEM, NBAB, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1, Update, 08.05.2014 14:58:54, SYSTEM, NBAB, Manual, Malware Database, 2014.3.4.9, 2014.5.8.4, Protection, 08.05.2014 14:59:04, SYSTEM, NBAB, Protection, Refresh, Starting, Protection, 08.05.2014 14:59:04, SYSTEM, NBAB, Protection, Malicious Website Protection, Stopping, Protection, 08.05.2014 14:59:04, SYSTEM, NBAB, Protection, Malicious Website Protection, Stopped, Protection, 08.05.2014 14:59:10, SYSTEM, NBAB, Protection, Refresh, Success, Protection, 08.05.2014 14:59:10, SYSTEM, NBAB, Protection, Malicious Website Protection, Starting, Protection, 08.05.2014 14:59:11, SYSTEM, NBAB, Protection, Malicious Website Protection, Started, (end) Code:
ATTFilter # AdwCleaner v3.207 - Bericht erstellt am 08/05/2014 um 16:31:58
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzername : An-D - NBAB
# Gestartet von : C:\Users\An-D\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Vuze
Ordner Gelöscht : C:\Users\An-D\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\An-D\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\An-D\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\An-D\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\An-D\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\An-D\AppData\LocalLow\Vuze_Remote
Ordner Gelöscht : C:\Users\An-D\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\An-D\Documents\Optimizer Pro
Datei Gelöscht : C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69091116-E0CD-48F6-8037-B5579FD9D326}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
***** [ Browser ] *****
-\\ Internet Explorer v7.0.6001.18319
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\prefs.js ]
Zeile gelöscht : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Zeile gelöscht : user_pref("surfcanyon.last_checked_ts", "1266877330766");
-\\ Google Chrome v
[ Datei : C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
*************************
AdwCleaner[R0].txt - [5042 octets] - [08/05/2014 16:25:53]
AdwCleaner[S0].txt - [4963 octets] - [08/05/2014 16:31:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5023 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by An-D on 08.05.2014 at 16:50:53,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\An-D\appdata\locallow\boost_interprocess"
~~~ FireFox
Emptied folder: C:\Users\An-D\AppData\Roaming\mozilla\firefox\profiles\xp78hkst.default\minidumps [22 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.05.2014 at 16:55:33,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-05-2014
Ran by An-D (administrator) on NBAB on 08-05-2014 17:02:04
Running from C:\Users\An-D\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Syntek America Inc.) C:\Windows\System32\StkCSrv.exe
() C:\Program Files\Verbindungsassistent\WTGService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Spotify Ltd) C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-07-22] (Intel Corporation)
HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC)
HKLM\...\Run: [pdfFactory Pro Dispatcher v3] => C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe [614400 2009-12-15] (FinePrint Software, LLC)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1641896 2013-06-07] (Valve Corporation)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [HumanizedEnso] => C:\Users\An-D\AppData\Local\HumanizedEnso\Enso.exe [117232 2008-01-14] ()
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify Web Helper] => C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-26] (Spotify Ltd)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify] => C:\Users\An-D\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-26] (Spotify Ltd)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk
ShortcutTarget: Inhaltsmanager-Assistent für PlayStation(R).lnk -> C:\Program Files\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\An-D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @3dvia.com/3DVIAStudioPlayer - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes)
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Move Media Player - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\moveplayer@movenetworks.com [2009-04-04]
FF Extension: FoxyTunes - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2012-03-27]
FF Extension: DownloadHelper - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26]
FF Extension: Add-on Compatibility Reporter - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\compatibility@addons.mozilla.org.xpi [2011-04-14]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-03-01]
FF Extension: Session Manager - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-08-04]
FF Extension: FlashGot - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-04-09]
FF Extension: NoScript - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-04]
FF Extension: Adblock Plus - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-31]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (3DVIA Player) - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\An-D\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-10]
CHR Extension: (Google-Suche) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-10]
CHR Extension: (Google Wallet) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]
CHR Extension: (Google Mail) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-10]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-04]
CHR StartMenuInternet: Google Chrome - C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2014-01-22] (AVAST Software)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [79144 2008-09-09] (Dassault Systèmes SolidWorks Corp.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584 2007-04-03] (Cisco Systems, Inc.)
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [181544 2009-05-01] (Seagate Technology LLC)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-13] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2009-01-28] (SolidWorks)
R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [31248 2008-01-16] (Syntek America Inc.)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2014-01-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2014-01-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [49760 2014-01-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2014-01-22] ()
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2014-01-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2014-01-22] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2014-01-22] ()
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306295 2007-04-03] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-06-25] (SAMSUNG ELECTRONICS CO., LTD.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1363088 2008-03-28] (Syntek)
S3 ADDMEM; \??\C:\Users\An-D\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\An-D\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-08 17:02 - 2014-05-08 17:02 - 00024301 _____ () C:\Users\An-D\Desktop\FRST.txt
2014-05-08 17:01 - 2014-05-08 17:01 - 00000000 ____D () C:\Users\An-D\Desktop\FRST-OlderVersion
2014-05-08 16:55 - 2014-05-08 16:55 - 00001166 _____ () C:\Users\An-D\Desktop\JRT.txt
2014-05-08 16:50 - 2014-05-08 16:50 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 16:49 - 2014-05-08 16:50 - 01016261 _____ (Thisisu) C:\Users\An-D\Downloads\JRT.exe
2014-05-08 16:42 - 2014-05-08 16:33 - 00005103 _____ () C:\Users\An-D\Desktop\AdwCleaner[S0].txt
2014-05-08 16:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-08 16:25 - 2014-05-08 16:33 - 00000000 ____D () C:\AdwCleaner
2014-05-08 15:34 - 2014-05-08 15:34 - 00001195 _____ () C:\Users\An-D\Desktop\mbam.txt
2014-05-08 14:57 - 2014-05-08 16:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 14:56 - 2014-05-08 14:56 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-08 14:56 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-08 14:56 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-08 14:56 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-08 14:54 - 2014-05-08 14:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\An-D\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-08 13:43 - 2014-05-08 13:46 - 00069010 _____ () C:\Users\An-D\Desktop\JRT.exe
2014-05-08 13:43 - 2014-05-08 13:43 - 01316991 _____ () C:\Users\An-D\Desktop\adwcleaner.exe
2014-05-08 13:42 - 2014-05-08 13:45 - 14269225 _____ (Malwarebytes Corporation ) C:\Users\An-D\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-30 20:52 - 2014-05-07 13:02 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-28 17:10 - 2014-05-08 16:34 - 00008086 _____ () C:\Windows\PFRO.log
2014-04-27 21:22 - 2014-04-27 21:22 - 00019121 _____ () C:\Users\An-D\Desktop\ComboFix.txt
2014-04-27 20:32 - 2014-04-27 21:23 - 00000000 ____D () C:\ComboFix
2014-04-27 19:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-27 19:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-27 19:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-27 19:09 - 2014-04-27 21:23 - 00000000 ____D () C:\Qoobox
2014-04-27 19:09 - 2014-04-27 19:51 - 00000000 ____D () C:\Windows\erdnt
2014-04-27 18:57 - 2014-04-27 18:57 - 00001057 _____ () C:\Users\An-D\Desktop\Revo Uninstaller.lnk
2014-04-27 18:57 - 2014-04-27 18:57 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-27 18:54 - 2014-04-27 18:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\An-D\Desktop\revosetup95.exe
2014-04-26 20:53 - 2014-04-26 20:54 - 05196309 ____R (Swearware) C:\Users\An-D\Desktop\ComboFix.exe
2014-04-26 03:59 - 2014-04-26 03:59 - 00008153 _____ () C:\Users\An-D\Desktop\Gmer.zip
2014-04-26 02:23 - 2014-04-26 02:23 - 00103056 _____ () C:\Users\An-D\Desktop\Gmer.txt
2014-04-26 01:29 - 2014-04-26 01:29 - 00149176 _____ () C:\Windows\Minidump\Mini042614-01.dmp
2014-04-26 01:04 - 2014-04-26 01:05 - 00380416 _____ () C:\Users\An-D\Desktop\Gmer-19357.exe
2014-04-26 00:59 - 2014-04-26 00:59 - 00040832 _____ () C:\Users\An-D\Desktop\Addition.txt
2014-04-26 00:58 - 2014-04-26 00:59 - 00042375 _____ () C:\Users\An-D\Desktop\FRST old.txt
2014-04-26 00:57 - 2014-05-08 17:02 - 00000000 ____D () C:\FRST
2014-04-26 00:54 - 2014-05-08 17:01 - 01053184 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe
2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log
2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable
2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe
2014-04-22 14:53 - 2014-04-30 07:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird
2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird
2014-04-22 14:47 - 2014-04-22 14:49 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-13 00:24 - 2014-04-13 00:25 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner
==================== One Month Modified Files and Folders =======
2014-05-08 17:02 - 2014-05-08 17:02 - 00024301 _____ () C:\Users\An-D\Desktop\FRST.txt
2014-05-08 17:02 - 2014-04-26 00:57 - 00000000 ____D () C:\FRST
2014-05-08 17:01 - 2014-05-08 17:01 - 00000000 ____D () C:\Users\An-D\Desktop\FRST-OlderVersion
2014-05-08 17:01 - 2014-04-26 00:54 - 01053184 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe
2014-05-08 17:01 - 2008-12-27 17:11 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job
2014-05-08 16:55 - 2014-05-08 16:55 - 00001166 _____ () C:\Users\An-D\Desktop\JRT.txt
2014-05-08 16:51 - 2013-05-31 15:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-08 16:50 - 2014-05-08 16:50 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 16:50 - 2014-05-08 16:49 - 01016261 _____ (Thisisu) C:\Users\An-D\Downloads\JRT.exe
2014-05-08 16:42 - 2006-11-02 12:33 - 00824910 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-08 16:41 - 2012-06-04 01:20 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Spotify
2014-05-08 16:40 - 2010-04-06 23:58 - 00000000 ____D () C:\Program Files\Steam
2014-05-08 16:39 - 2008-10-24 02:04 - 01311057 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 16:38 - 2012-06-04 01:21 - 00000000 ____D () C:\Users\An-D\AppData\Local\Spotify
2014-05-08 16:38 - 2012-02-14 17:49 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Dropbox
2014-05-08 16:37 - 2014-05-08 14:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 16:37 - 2009-02-25 19:38 - 00264787 _____ () C:\ProgramData\nvModes.001
2014-05-08 16:37 - 2009-02-25 18:51 - 00264787 _____ () C:\ProgramData\nvModes.dat
2014-05-08 16:35 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-08 16:35 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-08 16:35 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-08 16:34 - 2014-04-28 17:10 - 00008086 _____ () C:\Windows\PFRO.log
2014-05-08 16:34 - 2012-04-25 22:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-08 16:33 - 2014-05-08 16:42 - 00005103 _____ () C:\Users\An-D\Desktop\AdwCleaner[S0].txt
2014-05-08 16:33 - 2014-05-08 16:25 - 00000000 ____D () C:\AdwCleaner
2014-05-08 16:33 - 2008-06-25 23:08 - 00000836 _____ () C:\Windows\bthservsdp.dat
2014-05-08 16:33 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-08 15:35 - 2012-06-10 23:05 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA.job
2014-05-08 15:34 - 2014-05-08 15:34 - 00001195 _____ () C:\Users\An-D\Desktop\mbam.txt
2014-05-08 14:56 - 2014-05-08 14:56 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-08 14:55 - 2014-05-08 14:54 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\An-D\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-08 13:46 - 2014-05-08 13:43 - 00069010 _____ () C:\Users\An-D\Desktop\JRT.exe
2014-05-08 13:45 - 2014-05-08 13:42 - 14269225 _____ (Malwarebytes Corporation ) C:\Users\An-D\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-08 13:43 - 2014-05-08 13:43 - 01316991 _____ () C:\Users\An-D\Desktop\adwcleaner.exe
2014-05-07 13:02 - 2014-04-30 20:52 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-05-03 03:35 - 2012-06-10 23:04 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core.job
2014-05-03 02:41 - 2013-12-20 09:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-30 07:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird
2014-04-30 07:51 - 2012-03-31 11:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-30 07:51 - 2011-05-21 20:08 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 16:18 - 2008-11-19 00:20 - 00116736 _____ () C:\Users\An-D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-27 21:23 - 2014-04-27 20:32 - 00000000 ____D () C:\ComboFix
2014-04-27 21:23 - 2014-04-27 19:09 - 00000000 ____D () C:\Qoobox
2014-04-27 21:22 - 2014-04-27 21:22 - 00019121 _____ () C:\Users\An-D\Desktop\ComboFix.txt
2014-04-27 21:22 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-04-27 21:22 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-04-27 20:47 - 2006-11-02 12:23 - 00000259 _____ () C:\Windows\system.ini
2014-04-27 19:51 - 2014-04-27 19:09 - 00000000 ____D () C:\Windows\erdnt
2014-04-27 18:57 - 2014-04-27 18:57 - 00001057 _____ () C:\Users\An-D\Desktop\Revo Uninstaller.lnk
2014-04-27 18:57 - 2014-04-27 18:57 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-27 18:54 - 2014-04-27 18:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\An-D\Desktop\revosetup95.exe
2014-04-26 20:54 - 2014-04-26 20:53 - 05196309 ____R (Swearware) C:\Users\An-D\Desktop\ComboFix.exe
2014-04-26 03:59 - 2014-04-26 03:59 - 00008153 _____ () C:\Users\An-D\Desktop\Gmer.zip
2014-04-26 03:59 - 2009-02-16 18:42 - 00000000 ____D () C:\Program Files\PowerArchiver
2014-04-26 02:23 - 2014-04-26 02:23 - 00103056 _____ () C:\Users\An-D\Desktop\Gmer.txt
2014-04-26 01:29 - 2014-04-26 01:29 - 00149176 _____ () C:\Windows\Minidump\Mini042614-01.dmp
2014-04-26 01:29 - 2008-12-21 00:04 - 444861160 _____ () C:\Windows\MEMORY.DMP
2014-04-26 01:29 - 2008-12-21 00:04 - 00000000 ____D () C:\Windows\Minidump
2014-04-26 01:05 - 2014-04-26 01:04 - 00380416 _____ () C:\Users\An-D\Desktop\Gmer-19357.exe
2014-04-26 00:59 - 2014-04-26 00:59 - 00040832 _____ () C:\Users\An-D\Desktop\Addition.txt
2014-04-26 00:59 - 2014-04-26 00:58 - 00042375 _____ () C:\Users\An-D\Desktop\FRST old.txt
2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log
2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable
2014-04-26 00:51 - 2008-11-15 16:35 - 00000000 ____D () C:\Users\An-D
2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe
2014-04-23 16:41 - 2012-12-09 21:33 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird
2014-04-22 14:49 - 2014-04-22 14:47 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-13 00:25 - 2014-04-13 00:24 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner
Some content of TEMP:
====================
C:\Users\An-D\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphwlyzf.dll
C:\Users\An-D\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-08 16:41
==================== End Of Log ============================
|
|
09.05.2014, 11:27
| #9 |
| /// the machine /// TB-Ausbilder | Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiertESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.05.2014, 18:01
| #10 |
| | Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiertCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=75b56f0cb58e8b42b110274619462bbd
# engine=18210
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-10 04:50:59
# local_time=2014-05-10 06:50:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776574 100 100 92882018 237273387 0 0
# scanned=421866
# found=2
# cleaned=0
# scan_time=10033
sh=04EC27C13D5660967EC96F334F3798695C64A942 ft=1 fh=82bf198cef546e38 vn="Win32/PSW.Papras.CX Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\pmsqql.dat.vir"
sh=B58B698C21ABDF1F1647914389FEF31B9F854EF0 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-0507.AH Trojaner" ac=I fn="C:\Users\An-D\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\5618bf91-62972101"
' UNSUPPORTED OPERATING SYSTEM! ABORTED!' aus... FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-05-2014
Ran by An-D (administrator) on NBAB on 10-05-2014 18:59:57
Running from C:\Users\An-D\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Syntek America Inc.) C:\Windows\System32\StkCSrv.exe
() C:\Program Files\Verbindungsassistent\WTGService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Spotify Ltd) C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-07-22] (Intel Corporation)
HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC)
HKLM\...\Run: [pdfFactory Pro Dispatcher v3] => C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe [614400 2009-12-15] (FinePrint Software, LLC)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1641896 2013-06-07] (Valve Corporation)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [HumanizedEnso] => C:\Users\An-D\AppData\Local\HumanizedEnso\Enso.exe [117232 2008-01-14] ()
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify Web Helper] => C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-26] (Spotify Ltd)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify] => C:\Users\An-D\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-26] (Spotify Ltd)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk
ShortcutTarget: Inhaltsmanager-Assistent für PlayStation(R).lnk -> C:\Program Files\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\An-D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @3dvia.com/3DVIAStudioPlayer - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes)
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Move Media Player - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\moveplayer@movenetworks.com [2009-04-04]
FF Extension: FoxyTunes - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2012-03-27]
FF Extension: DownloadHelper - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26]
FF Extension: Add-on Compatibility Reporter - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\compatibility@addons.mozilla.org.xpi [2011-04-14]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-03-01]
FF Extension: Session Manager - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-08-04]
FF Extension: FlashGot - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-04-09]
FF Extension: NoScript - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-04]
FF Extension: Adblock Plus - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-31]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (3DVIA Player) - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\An-D\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-10]
CHR Extension: (Google-Suche) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-10]
CHR Extension: (Google Wallet) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]
CHR Extension: (Google Mail) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-10]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-04]
CHR StartMenuInternet: Google Chrome - C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2014-01-22] (AVAST Software)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [79144 2008-09-09] (Dassault Systèmes SolidWorks Corp.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584 2007-04-03] (Cisco Systems, Inc.)
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [181544 2009-05-01] (Seagate Technology LLC)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-13] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2009-01-28] (SolidWorks)
R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [31248 2008-01-16] (Syntek America Inc.)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2014-01-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2014-01-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [49760 2014-01-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2014-01-22] ()
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2014-01-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2014-01-22] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2014-01-22] ()
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306295 2007-04-03] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-06-25] (SAMSUNG ELECTRONICS CO., LTD.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1363088 2008-03-28] (Syntek)
S3 ADDMEM; \??\C:\Users\An-D\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\An-D\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-10 18:59 - 2014-05-10 18:59 - 00024211 _____ () C:\Users\An-D\Desktop\FRST.txt
2014-05-10 18:58 - 2014-05-10 18:58 - 00855379 _____ () C:\Users\An-D\Downloads\SecurityCheck.exe
2014-05-10 15:55 - 2014-05-10 15:55 - 02347384 _____ (ESET) C:\Users\An-D\Downloads\esetsmartinstaller_deu.exe
2014-05-08 17:02 - 2014-05-08 17:02 - 00037591 _____ () C:\Users\An-D\Desktop\FRST old.txt
2014-05-08 17:01 - 2014-05-10 18:59 - 00000000 ____D () C:\Users\An-D\Desktop\FRST-OlderVersion
2014-05-08 16:55 - 2014-05-08 16:55 - 00001166 _____ () C:\Users\An-D\Desktop\JRT.txt
2014-05-08 16:50 - 2014-05-08 16:50 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 16:49 - 2014-05-08 16:50 - 01016261 _____ (Thisisu) C:\Users\An-D\Downloads\JRT.exe
2014-05-08 16:42 - 2014-05-08 16:33 - 00005103 _____ () C:\Users\An-D\Desktop\AdwCleaner[S0].txt
2014-05-08 16:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-08 16:25 - 2014-05-08 16:33 - 00000000 ____D () C:\AdwCleaner
2014-05-08 15:34 - 2014-05-08 15:34 - 00001195 _____ () C:\Users\An-D\Desktop\mbam.txt
2014-05-08 14:57 - 2014-05-08 16:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 14:56 - 2014-05-08 14:56 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-08 14:56 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-08 14:56 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-08 14:56 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-08 14:54 - 2014-05-08 14:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\An-D\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-08 13:43 - 2014-05-08 13:46 - 00069010 _____ () C:\Users\An-D\Desktop\JRT.exe
2014-05-08 13:43 - 2014-05-08 13:43 - 01316991 _____ () C:\Users\An-D\Desktop\adwcleaner.exe
2014-05-08 13:42 - 2014-05-08 13:45 - 14269225 _____ (Malwarebytes Corporation ) C:\Users\An-D\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-30 20:52 - 2014-05-07 13:02 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-28 17:10 - 2014-05-08 16:34 - 00008086 _____ () C:\Windows\PFRO.log
2014-04-27 21:22 - 2014-04-27 21:22 - 00019121 _____ () C:\Users\An-D\Desktop\ComboFix.txt
2014-04-27 20:32 - 2014-04-27 21:23 - 00000000 ____D () C:\ComboFix
2014-04-27 19:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-27 19:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-27 19:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-27 19:09 - 2014-04-27 21:23 - 00000000 ____D () C:\Qoobox
2014-04-27 19:09 - 2014-04-27 19:51 - 00000000 ____D () C:\Windows\erdnt
2014-04-27 18:57 - 2014-04-27 18:57 - 00001057 _____ () C:\Users\An-D\Desktop\Revo Uninstaller.lnk
2014-04-27 18:57 - 2014-04-27 18:57 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-27 18:54 - 2014-04-27 18:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\An-D\Desktop\revosetup95.exe
2014-04-26 20:53 - 2014-04-26 20:54 - 05196309 ____R (Swearware) C:\Users\An-D\Desktop\ComboFix.exe
2014-04-26 03:59 - 2014-04-26 03:59 - 00008153 _____ () C:\Users\An-D\Desktop\Gmer.zip
2014-04-26 02:23 - 2014-04-26 02:23 - 00103056 _____ () C:\Users\An-D\Desktop\Gmer.txt
2014-04-26 01:29 - 2014-04-26 01:29 - 00149176 _____ () C:\Windows\Minidump\Mini042614-01.dmp
2014-04-26 01:04 - 2014-04-26 01:05 - 00380416 _____ () C:\Users\An-D\Desktop\Gmer-19357.exe
2014-04-26 00:59 - 2014-04-26 00:59 - 00040832 _____ () C:\Users\An-D\Desktop\Addition.txt
2014-04-26 00:57 - 2014-05-10 18:59 - 00000000 ____D () C:\FRST
2014-04-26 00:54 - 2014-05-10 18:59 - 01054720 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe
2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log
2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable
2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe
2014-04-22 14:53 - 2014-04-30 07:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird
2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird
2014-04-22 14:47 - 2014-04-22 14:49 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-13 00:24 - 2014-04-13 00:25 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner
==================== One Month Modified Files and Folders =======
2014-05-10 19:00 - 2014-05-10 18:59 - 00024211 _____ () C:\Users\An-D\Desktop\FRST.txt
2014-05-10 18:59 - 2014-05-08 17:01 - 00000000 ____D () C:\Users\An-D\Desktop\FRST-OlderVersion
2014-05-10 18:59 - 2014-04-26 00:57 - 00000000 ____D () C:\FRST
2014-05-10 18:59 - 2014-04-26 00:54 - 01054720 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe
2014-05-10 18:58 - 2014-05-10 18:58 - 00855379 _____ () C:\Users\An-D\Downloads\SecurityCheck.exe
2014-05-10 18:52 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-10 18:52 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-10 18:51 - 2013-05-31 15:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-10 18:35 - 2012-06-10 23:05 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA.job
2014-05-10 15:55 - 2014-05-10 15:55 - 02347384 _____ (ESET) C:\Users\An-D\Downloads\esetsmartinstaller_deu.exe
2014-05-10 15:54 - 2006-11-02 12:33 - 00824910 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-10 15:50 - 2009-02-25 19:38 - 00264787 _____ () C:\ProgramData\nvModes.001
2014-05-10 15:50 - 2009-02-25 18:51 - 00264787 _____ () C:\ProgramData\nvModes.dat
2014-05-10 15:50 - 2008-10-24 02:04 - 01311426 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 17:02 - 2014-05-08 17:02 - 00037591 _____ () C:\Users\An-D\Desktop\FRST old.txt
2014-05-08 17:01 - 2008-12-27 17:11 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job
2014-05-08 16:55 - 2014-05-08 16:55 - 00001166 _____ () C:\Users\An-D\Desktop\JRT.txt
2014-05-08 16:50 - 2014-05-08 16:50 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 16:50 - 2014-05-08 16:49 - 01016261 _____ (Thisisu) C:\Users\An-D\Downloads\JRT.exe
2014-05-08 16:41 - 2012-06-04 01:20 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Spotify
2014-05-08 16:40 - 2010-04-06 23:58 - 00000000 ____D () C:\Program Files\Steam
2014-05-08 16:38 - 2012-06-04 01:21 - 00000000 ____D () C:\Users\An-D\AppData\Local\Spotify
2014-05-08 16:38 - 2012-02-14 17:49 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Dropbox
2014-05-08 16:37 - 2014-05-08 14:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 16:35 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-08 16:34 - 2014-04-28 17:10 - 00008086 _____ () C:\Windows\PFRO.log
2014-05-08 16:34 - 2012-04-25 22:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-08 16:33 - 2014-05-08 16:42 - 00005103 _____ () C:\Users\An-D\Desktop\AdwCleaner[S0].txt
2014-05-08 16:33 - 2014-05-08 16:25 - 00000000 ____D () C:\AdwCleaner
2014-05-08 16:33 - 2008-06-25 23:08 - 00000836 _____ () C:\Windows\bthservsdp.dat
2014-05-08 16:33 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-08 15:34 - 2014-05-08 15:34 - 00001195 _____ () C:\Users\An-D\Desktop\mbam.txt
2014-05-08 14:56 - 2014-05-08 14:56 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-08 14:55 - 2014-05-08 14:54 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\An-D\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-08 13:46 - 2014-05-08 13:43 - 00069010 _____ () C:\Users\An-D\Desktop\JRT.exe
2014-05-08 13:45 - 2014-05-08 13:42 - 14269225 _____ (Malwarebytes Corporation ) C:\Users\An-D\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-08 13:43 - 2014-05-08 13:43 - 01316991 _____ () C:\Users\An-D\Desktop\adwcleaner.exe
2014-05-07 13:02 - 2014-04-30 20:52 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-05-03 03:35 - 2012-06-10 23:04 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core.job
2014-05-03 02:41 - 2013-12-20 09:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-30 07:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird
2014-04-30 07:51 - 2012-03-31 11:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-30 07:51 - 2011-05-21 20:08 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 16:18 - 2008-11-19 00:20 - 00116736 _____ () C:\Users\An-D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-27 21:23 - 2014-04-27 20:32 - 00000000 ____D () C:\ComboFix
2014-04-27 21:23 - 2014-04-27 19:09 - 00000000 ____D () C:\Qoobox
2014-04-27 21:22 - 2014-04-27 21:22 - 00019121 _____ () C:\Users\An-D\Desktop\ComboFix.txt
2014-04-27 21:22 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-04-27 21:22 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-04-27 20:47 - 2006-11-02 12:23 - 00000259 _____ () C:\Windows\system.ini
2014-04-27 19:51 - 2014-04-27 19:09 - 00000000 ____D () C:\Windows\erdnt
2014-04-27 18:57 - 2014-04-27 18:57 - 00001057 _____ () C:\Users\An-D\Desktop\Revo Uninstaller.lnk
2014-04-27 18:57 - 2014-04-27 18:57 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-27 18:54 - 2014-04-27 18:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\An-D\Desktop\revosetup95.exe
2014-04-26 20:54 - 2014-04-26 20:53 - 05196309 ____R (Swearware) C:\Users\An-D\Desktop\ComboFix.exe
2014-04-26 03:59 - 2014-04-26 03:59 - 00008153 _____ () C:\Users\An-D\Desktop\Gmer.zip
2014-04-26 03:59 - 2009-02-16 18:42 - 00000000 ____D () C:\Program Files\PowerArchiver
2014-04-26 02:23 - 2014-04-26 02:23 - 00103056 _____ () C:\Users\An-D\Desktop\Gmer.txt
2014-04-26 01:29 - 2014-04-26 01:29 - 00149176 _____ () C:\Windows\Minidump\Mini042614-01.dmp
2014-04-26 01:29 - 2008-12-21 00:04 - 444861160 _____ () C:\Windows\MEMORY.DMP
2014-04-26 01:29 - 2008-12-21 00:04 - 00000000 ____D () C:\Windows\Minidump
2014-04-26 01:05 - 2014-04-26 01:04 - 00380416 _____ () C:\Users\An-D\Desktop\Gmer-19357.exe
2014-04-26 00:59 - 2014-04-26 00:59 - 00040832 _____ () C:\Users\An-D\Desktop\Addition.txt
2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log
2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable
2014-04-26 00:51 - 2008-11-15 16:35 - 00000000 ____D () C:\Users\An-D
2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe
2014-04-23 16:41 - 2012-12-09 21:33 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird
2014-04-22 14:49 - 2014-04-22 14:47 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-13 00:25 - 2014-04-13 00:24 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner
Some content of TEMP:
====================
C:\Users\An-D\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphwlyzf.dll
C:\Users\An-D\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-08 16:41
==================== End Of Log ============================
|
|
11.05.2014, 12:34
| #11 |
| /// the machine /// TB-Ausbilder | Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert |
| administrator, avast, blockiert, bluescreen, durch gruppenrichtlinie blockiert, e-banking, einloggen, forum, gmer, gruppenrichtlinie blockiert, home, logfile, löschen, malware, neustart, programm, seite, startseite, suche, vista, wiederholt, win32/psw.papras.cx, windows, windows vista, überprüfung |
Linear-Darstellung
