Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.04.2014, 04:02   #1
Karl_Andreas
 
Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert - Standard

Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert



Sehr geehrtes Malwareteam,

vor zwei Tagen wollte ich per online-banking eine Überweisung tätigen und war überrascht das ich nach dem Einloggen via web interface nicht direkt zur Startseite des online-bankings kam. Statt dessen erschien ein Ladebalken und kurz darauf die Aufforderung die mir per SMS zugesandte TAN-Nummer einzugeben um auf mein online-banking zugreifen zu können (ich erhielt tatsächlich eine SMS wie ich es vom mTAN-Verfahren gewohnt bin, allerdings mit einer spanischen IBAN-Nummer und einem ziemlich hohen Betrag).

Ich gab nichts ein, schloss den Tab und meldete mich erneut an, mit gleichem Ergebnis. Auch die SMS erhielt ich ein zweites Mal. Ich gab wiederholt nichts ein und wartete auf den nächsten Tag um mit meiner Bank zu sprechen.
Diese empfahl mir mein Antivirenprogramm durchlaufen zu lassen da sie Malware vermuteten. Die Avast-Überprüfung hatte einen Eintrag als Ergebnis, ich klickte auf 'Löschen'. Avast empfahl mir eine Startüberprüfung durchlaufen zu lassen, was ich dann heute machen wollte.
Nach dem Neustart begann allerdings nicht wie gewohnt die Überprüfung sondern Windows fuhr einfach ganz normal hoch. Nachdem ich mich angemeldet hatte stellte ich fest das Avast nicht automatisch gestartet war. Beim Versuch es aus dem Startmenü zu starten erhielt ich dann die Meldung das Avast durch Gruppenrichtlinien blockiert ist und ich den Administrator kontaktieren soll.

Durch kurze Suche bei google stieß ich dann auf Euer Forum in dem kürzlich ein ähnliches Problem behandelt wurde (http://www.trojaner-board.de/151511-...ockiert-2.html).

Ich habe defogger, FRST und GMER wie von Euch beschrieben durchlaufen lassen. Gmer verursachte bei ersten Versuch einen Bluescreen, nachdem ich das Häckchen bei 'Devices' entfernt hatte lief es problemlos durch.

Ein Logfile von Avast hätte ich gerne mitgeschickt, aber leider lässt sich das Programm nicht öffnen...
Das von GMER habe ich gezippt, da es mit 100kb zu groß war. Ich hoffe das ist in Ordnung.

Ich würde mich freuen wenn Ihr auch mir weiterhelfen könntet.

Mit besten Grüßen,
Andreas
Angehängte Dateien
Dateityp: log defogger_disable.log (470 Bytes, 177x aufgerufen)
Dateityp: txt FRST.txt (41,4 KB, 141x aufgerufen)
Dateityp: txt Addition.txt (39,9 KB, 132x aufgerufen)

Alt 26.04.2014, 07:51   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert - Standard

Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 26.04.2014, 15:50   #3
Karl_Andreas
 
Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert - Standard

Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert



Ok schrauber, kein Problem.
Ich hatte bedenken die Logs auf zwei Posts aufzuteilen weil in den Richtlinien steht das man nicht auf seinen eigenen Thread antworten soll, weil andere sonst glauben dass das Problem schon von jemandem bearbeitet wird. ^^

defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:51 on 26/04/2014 (An-D)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-04-2014
Ran by An-D (administrator) on NBAB on 26-04-2014 00:58:43
Running from C:\Users\An-D\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Syntek America Inc.) C:\Windows\System32\StkCSrv.exe
() C:\Program Files\Verbindungsassistent\WTGService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\An-D\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\An-D\Desktop\Defogger.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-07-22] (Intel Corporation)
HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC)
HKLM\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4858968 2014-01-22] (AVAST Software)
HKLM\...\Run: [pdfFactory Pro Dispatcher v3] => C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe [614400 2009-12-15] (FinePrint Software, LLC)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1641896 2013-06-07] (Valve Corporation)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [HumanizedEnso] => C:\Users\An-D\AppData\Local\HumanizedEnso\Enso.exe [117232 2008-01-14] ()
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify Web Helper] => C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-26] (Spotify Ltd)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Google Update] => C:\Users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-10] (Google Inc.)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify] => C:\Users\An-D\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-26] (Spotify Ltd)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [pmsqql] => regsvr32.exe "C:\ProgramData\pmsqql.dat"
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: G - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {09e26436-1893-11de-923a-002269c9ea11} - p.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {14c6265b-2de9-11df-93f1-002269c9ea11} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {1eb03993-d1b4-11e2-9b9d-00059a3c7800} - G:\Menu.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {3a67534b-4d29-11df-aba7-00059a3c7800} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sandisk.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {5c904384-c91e-11df-80c1-00059a3c7800} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {6a97e9da-dfd2-11de-92ca-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\usb_tools.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {6a97ea13-dfd2-11de-92ca-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\sandisk.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {6a97ea16-dfd2-11de-92ca-002269c9ea11} - G:\LaunchU3.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {6a97eb62-dfd2-11de-92ca-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sandisk.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {6c6a0691-dcb2-11dd-a6a8-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\RECYCLER\S-0-2-53-100022423-100008186-100022374-7694.com l:\
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {745e0bc4-f936-11de-9b78-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\u3_sandisk.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {745e0bd0-f936-11de-9b78-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {745e0bed-f936-11de-9b78-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\usb_tools.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {745e0c2e-f936-11de-9b78-00059a3c7800} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\kingston.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {75e83d7f-159f-11e0-a2a0-002269c9ea11} - G:\PCStart.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {9001cf89-e01a-11e2-90d0-002269c9ea11} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {ab65ec01-7b36-11e3-b8b6-002269c9ea11} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {add2cce4-0a76-11df-a970-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_tools.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {b2fda7ce-699a-11df-989d-002269c9ea11} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {d9791e4f-d3e8-11de-abba-002269c9ea11} - F:\Menu.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {d9791e62-d3e8-11de-abba-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\kingston.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {e8a498c1-3d76-11df-a605-002269c9ea11} - F:\AutoRun.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {e8a498db-3d76-11df-a605-002269c9ea11} - F:\AutoRun.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {eb0ad2d0-aaee-11e0-a24a-002269c9ea11} - F:\RunClubSanDisk.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {f854b1d6-4efa-11de-8c8a-00059a3c7800} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL serivces.exe
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {f8ffd9ee-cf00-11de-a39c-00059a3c7800} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\sandisk.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk
ShortcutTarget: Inhaltsmanager-Assistent für PlayStation(R).lnk -> C:\Program Files\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\An-D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
URLSearchHook: HKLM - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
URLSearchHook: HKCU - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial)
Toolbar: HKCU - Vuze Remote Toolbar - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default
FF user.js: detected! => C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\user.js
FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*'))%20%7B%20return%20'PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @3dvia.com/3DVIAStudioPlayer - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes)
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Move Media Player - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\moveplayer@movenetworks.com [2009-04-04]
FF Extension: No Name - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\staged [2014-04-25]
FF Extension: FoxyTunes - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2012-03-27]
FF Extension: DownloadHelper - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26]
FF Extension: Add-on Compatibility Reporter - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\compatibility@addons.mozilla.org.xpi [2011-04-14]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-03-01]
FF Extension: Session Manager - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-08-04]
FF Extension: FlashGot - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-04-09]
FF Extension: NoScript - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-04]
FF Extension: Adblock Plus - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-31]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (3DVIA Player) - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\An-D\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-10]
CHR Extension: (Google-Suche) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-10]
CHR Extension: (Google Wallet) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]
CHR Extension: (Google Mail) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-10]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-04]
CHR StartMenuInternet: Google Chrome - C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2014-01-22] (AVAST Software)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [79144 2008-09-09] (Dassault Systèmes SolidWorks Corp.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584 2007-04-03] (Cisco Systems, Inc.)
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [181544 2009-05-01] (Seagate Technology LLC)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-13] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2009-01-28] (SolidWorks)
R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [31248 2008-01-16] (Syntek America Inc.)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2014-01-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2014-01-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [49760 2014-01-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2014-01-22] ()
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2014-01-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2014-01-22] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2014-01-22] ()
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306295 2007-04-03] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-06-25] (SAMSUNG ELECTRONICS CO., LTD.)
R3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1363088 2008-03-28] (Syntek)
S3 ADDMEM; \??\C:\Users\An-D\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-26 00:58 - 2014-04-26 00:59 - 00033437 _____ () C:\Users\An-D\Desktop\FRST.txt
2014-04-26 00:57 - 2014-04-26 00:58 - 00000000 ____D () C:\FRST
2014-04-26 00:54 - 2014-04-26 00:55 - 01049088 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe
2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log
2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable
2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe
2014-04-23 15:02 - 2014-04-23 15:02 - 00298624 _____ (Microsoft Corporation) C:\ProgramData\pmsqql.dat
2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-22 14:49 - 2014-04-22 14:49 - 00000000 ____D () C:\Users\An-D\Desktop\PERRARO Shooting Schloss Wasserburg
2014-04-22 14:47 - 2014-04-22 14:49 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-13 00:24 - 2014-04-13 00:25 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner
2014-04-09 12:32 - 2014-04-25 23:24 - 00003194 _____ () C:\Users\An-D\Desktop\Meeting 140408 Shooting.txt
2014-04-04 03:57 - 2014-04-04 03:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-04 03:56 - 2014-04-04 03:56 - 00000000 ____D () C:\Program Files\iPod
2014-04-04 03:55 - 2014-04-04 03:57 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-04 03:45 - 2014-04-04 03:45 - 00000000 ____D () C:\Users\An-D\Documents\Optimizer Pro
2014-04-04 03:40 - 2014-04-04 03:40 - 00002107 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-04-04 03:39 - 2014-04-04 03:40 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-04-04 03:16 - 2014-04-04 03:16 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\mysearchdial
2014-04-04 03:16 - 2014-04-04 03:16 - 00000000 ____D () C:\Program Files\Mysearchdial
2014-04-04 03:14 - 2014-04-04 03:14 - 00634240 _____ () C:\Users\An-D\Downloads\FreeYouTubeToMP3Converter.exe
2014-04-01 01:58 - 2014-04-01 01:58 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\DropboxMaster

==================== One Month Modified Files and Folders =======

2014-04-26 00:59 - 2014-04-26 00:58 - 00033437 _____ () C:\Users\An-D\Desktop\FRST.txt
2014-04-26 00:58 - 2014-04-26 00:57 - 00000000 ____D () C:\FRST
2014-04-26 00:55 - 2014-04-26 00:54 - 01049088 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe
2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log
2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable
2014-04-26 00:51 - 2013-05-31 15:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-26 00:51 - 2008-11-15 16:35 - 00000000 ____D () C:\Users\An-D
2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe
2014-04-26 00:35 - 2012-06-10 23:05 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA.job
2014-04-26 00:16 - 2008-12-27 17:11 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job
2014-04-26 00:04 - 2012-06-04 01:20 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Spotify
2014-04-26 00:02 - 2012-06-04 01:21 - 00000000 ____D () C:\Users\An-D\AppData\Local\Spotify
2014-04-26 00:02 - 2006-11-02 12:33 - 00824910 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-26 00:01 - 2012-02-14 17:49 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Dropbox
2014-04-26 00:01 - 2010-04-06 23:58 - 00000000 ____D () C:\Program Files\Steam
2014-04-26 00:00 - 2009-02-25 19:38 - 00264787 _____ () C:\ProgramData\nvModes.001
2014-04-26 00:00 - 2009-02-25 18:51 - 00264787 _____ () C:\ProgramData\nvModes.dat
2014-04-26 00:00 - 2008-10-24 02:04 - 01277665 _____ () C:\Windows\WindowsUpdate.log
2014-04-25 23:56 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-25 23:56 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-25 23:56 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-25 23:55 - 2008-06-25 23:08 - 00000836 _____ () C:\Windows\bthservsdp.dat
2014-04-25 23:55 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-25 23:27 - 2012-04-25 22:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-25 23:24 - 2014-04-09 12:32 - 00003194 _____ () C:\Users\An-D\Desktop\Meeting 140408 Shooting.txt
2014-04-23 16:41 - 2012-12-09 21:33 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-23 15:02 - 2014-04-23 15:02 - 00298624 _____ (Microsoft Corporation) C:\ProgramData\pmsqql.dat
2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-22 14:49 - 2014-04-22 14:49 - 00000000 ____D () C:\Users\An-D\Desktop\PERRARO Shooting Schloss Wasserburg
2014-04-22 14:49 - 2014-04-22 14:47 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-19 03:35 - 2012-06-10 23:04 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core.job
2014-04-13 00:25 - 2014-04-13 00:24 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner
2014-04-04 03:57 - 2014-04-04 03:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-04 03:57 - 2014-04-04 03:55 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-04 03:57 - 2008-12-21 00:18 - 00000000 ____D () C:\Program Files\iTunes
2014-04-04 03:56 - 2014-04-04 03:56 - 00000000 ____D () C:\Program Files\iPod
2014-04-04 03:56 - 2008-11-15 18:16 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-04-04 03:45 - 2014-04-04 03:45 - 00000000 ____D () C:\Users\An-D\Documents\Optimizer Pro
2014-04-04 03:40 - 2014-04-04 03:40 - 00002107 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-04-04 03:40 - 2014-04-04 03:39 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-04-04 03:40 - 2013-07-22 01:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-04-04 03:39 - 2013-07-22 01:38 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\DVDVideoSoft
2014-04-04 03:39 - 2013-07-22 01:38 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-04-04 03:31 - 2013-12-20 09:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-04 03:31 - 2009-02-08 10:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-04 03:28 - 2013-08-31 20:23 - 00001870 _____ () C:\Users\An-D\Desktop\Games.txt
2014-04-04 03:16 - 2014-04-04 03:16 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\mysearchdial
2014-04-04 03:16 - 2014-04-04 03:16 - 00000000 ____D () C:\Program Files\Mysearchdial
2014-04-04 03:14 - 2014-04-04 03:14 - 00634240 _____ () C:\Users\An-D\Downloads\FreeYouTubeToMP3Converter.exe
2014-04-01 01:58 - 2014-04-01 01:58 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\DropboxMaster

Files to move or delete:
====================
C:\ProgramData\pmsqql.dat


Some content of TEMP:
====================
C:\Users\An-D\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf3qxe1.dll
C:\Users\An-D\AppData\Local\Temp\ICReinstall_FreeYouTubeToMP3Converter.exe
C:\Users\An-D\AppData\Local\Temp\MySearchDial.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-26 00:05

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-04-2014
Ran by An-D at 2014-04-26 00:59:24
Running from C:\Users\An-D\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Out of date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Out of date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
3DVIA Player (HKLM\...\{1DB0BD6C-F04A-4DB1-A931-F677F5C1F91D}) (Version: 2.6.57 - Dassault Systemes)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe After Effects CS4 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Presets (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Third Party Content (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Contribute CS4 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_697a06b96d8bcbe2d77b88e7d5448d0) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CS4 American English Speech Analysis Models (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fireworks CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 Extension - Flash Lite STI others (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 STI-other (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Common Base Files (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe kuler (HKLM\...\com.adobe.kuler.Desktop.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1 - Adobe Systems Incorporated)
Adobe kuler (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Dolby (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe OnLocation CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Functional Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe SGM CS4 (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Adobe SING CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 Codecs (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS4 Server (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version:  - )
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - )
avast! Free Antivirus (HKLM\...\avast) (Version: 8.0.1506.0 - AVAST Software)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Braid (HKLM\...\Steam App 26800) (Version:  - Number None, Inc.)
Business Contact Manager für Outlook 2007 (HKLM\...\Business Contact Manager für Outlook 2007) (Version: 3.0.5828.0 - Microsoft Corporation)
Business Contact Manager für Outlook 2007 (Version: 3.0.5828.0 - Microsoft Corporation) Hidden
Cisco Systems VPN Client 5.0.00.0340 (HKLM\...\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}) (Version: 5.0.0 - Cisco Systems, Inc.)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
dBpoweramp m4a Codec (HKLM\...\dBpoweramp m4a Codec) (Version: Release 14 - Illustrate)
dBpoweramp Music Converter (HKLM\...\dBpoweramp Music Converter) (Version: Release 13.1 - Illustrate)
DEFCON (HKLM\...\Steam App 1520) (Version:  - Introversion Software)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
Easy Network Manager 3.0 (HKLM\...\InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Ihr Firmenname)
Easy Network Manager 3.0 (Version: 3.0.0.0 - Ihr Firmenname) Hidden
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.1.0 - )
EDGE (HKLM\...\Steam App 38740) (Version:  - Two Tribes)
FoxyTunes for Firefox (HKLM\...\FoxyTunesForFirefox) (Version:  - )
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
GetFLV Pro 9.0.4.0 (HKLM\...\GetFLV Pro_is1) (Version:  - GetFLV, Inc.)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google SketchUp Pro 8 (HKLM\...\{E0A160F1-127B-43AC-AF96-EBB6319B01C7}) (Version: 3.0.4811 - Google, Inc.)
Half-Life 2: Episode Two (HKLM\...\Steam App 420) (Version:  - Valve)
Humanized Enso (HKCU\...\HumanizedEnso) (Version:  - )
imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD)
Inhaltsmanager-Assistent für PlayStation(R) (HKLM\...\{E500DF84-3A0A-4989-93C2-D33B935008C1}) (Version: 2.00.5976.25 - Sony Computer Entertainment Inc.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}) (Version: 12.00.2000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Japanese Fonts Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5760-0000-800000000003}) (Version: 8.0 - Adobe Systems)
Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Last.fm 1.5.4.27091 (HKLM\...\LastFM_is1) (Version:  - Last.fm)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.1.2047.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Miranda ProZ Black Edition (HKLM\...\Miranda ProZ Black Edition) (Version: 1.5.0.0 - T!tr0)
MobileMe Control Panel (HKLM\...\{A71D5E81-B967-43DB-93D7-FD31BFB95748}) (Version: 3.1.5.0 - Apple Inc.)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
Mp3tag v2.42 (HKLM\...\Mp3tag) (Version: v2.42 - Florian Heidenreich)
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
Multiwinia (HKLM\...\Steam App 1530) (Version:  - Introversion Software)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{2D99A593-C841-43A7-B7C9-D6F3AE70B756}) (Version: 7.1.45.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.62.1 - Nokia)
Nokia PC Suite (Version: 7.1.62.1 - Nokia) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
PC Connectivity Solution (HKLM\...\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.19.0 - Nokia)
PDF Editor 3 (HKLM\...\PDF Editor 3) (Version:  - )
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
pdfFactory Pro (HKLM\...\pdfFactory Pro) (Version:  - )
pdfsam (HKCU\...\pdfsam) (Version: 2.2.0 - )
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
Play AVStation (HKLM\...\InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.50 - Ihr Firmenname)
Play AVStation (Version: 4.1.20.50 - Ihr Firmenname) Hidden
Play Camera (HKLM\...\InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}) (Version: 2.0.0.13 - Ihr Firmenname)
Play Camera (Version: 2.0.0.13 - Ihr Firmenname) Hidden
PlayStation(R)Network Downloader (HKLM\...\{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}) (Version: 1.01.00018 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 1.0.0.11252 - Sony Computer Entertainment Inc.)
PowerArchiver 2009 German (HKLM\...\{80F23E47-2A00-4C56-B916-354FF332059F}) (Version: 11.03.04 - ConeXware, Inc.)
QIP 2005 8095 Jeak-Edition (HKLM\...\QIP 2005 8095 Jeak-Edition) (Version: 8095 - Jeak)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD)
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.5 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}) (Version: 2.0 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., LTD) Hidden
Seagate Manager Installer (HKLM\...\InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}) (Version: 2.01.0109 - Seagate)
Seagate Manager Installer (Version: 2.01.0109 - Seagate) Hidden
Shadowgrounds Editor (HKLM\...\Steam App 2505) (Version:  - Frozenbyte)
SIW version 2008-10-28 (HKLM\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2008.10.28 - Topala Software Solutions)
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.155 - Skype Technologies S.A.)
SolidWorks 2009 SP0 (HKLM\...\{85C71366-4610-4180-8C23-7B3BB98F3C30}) (Version: 17.1.0003 - SolidWorks)
Sony Media Manager for PSP 3.0 (HKLM\...\{21C6344A-918B-4D35-ADB6-7614F97B78EA}) (Version: 3.0.892 - Sony)
SpeedCommander 12 (HKLM\...\SpeedCommander 12) (Version: 12 - SpeedProject)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Swords and Soldiers HD (HKLM\...\Steam App 63500) (Version:  - Ronimo Games)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Office 2007 (KB934528) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version:  - )
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version:  - )
USB2.0 UVC WebCam (HKLM\...\{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}) (Version: 6.11.706.012 - D-MAX)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Verbindungsassistent (HKLM\...\Verbindungsassistent) (Version: 2.1 - Verbindungsassistent)
VLC media player 0.9.6 (HKLM\...\VLC media player) (Version: 0.9.6 - VideoLAN Team)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 4.8.1.2 - Azureus Software, Inc.)
Vuze Remote Toolbar (HKLM\...\Vuze_Remote Toolbar) (Version: 6.3.3.3 - Vuze Remote) <==== ATTENTION
VVVVVV (HKLM\...\Steam App 70300) (Version:  - )
WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - WIDCOMM, Inc.)
Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}) (Version: 6.0.6783.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{CB8CA439-DA83-419C-A4CF-5A0A50025144}) (Version: 6.0.6783.0 - Microsoft Corporation)
Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5) (HKLM\...\3F930CC3EE841B82D6D463716B5F67BD240BBD46) (Version: 09/17/2009 3.0.0.5 - Apple Inc.)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Wise Disk Cleaner 7.33 (HKLM\...\Wise Disk Cleaner_is1) (Version:  - WiseCleaner.com, Inc.)
Wise Registry Cleaner 7.25 (HKLM\...\Wise Registry Cleaner_is1) (Version:  - WiseCleaner.com, Inc.)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2008-12-23 18:36 - 2008-12-23 18:36 - 00001239 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {0AA60ADE-1999-4F56-A1B9-EF09CA2714C6} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-05] (Samsung Electronics Co., Ltd.)
Task: {14E96646-B1B8-4385-9E73-72681E0DC0DC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA => C:\Users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2789001F-47B6-4652-841F-4674F8B404D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core => C:\Users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.)
Task: {28AEB676-1078-4713-90F5-8D99EB6214F8} - System32\Tasks\SupBackGroundTask => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe [2010-04-20] ()
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {43DFD917-C210-4C9F-90EB-64F6025C5CD7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {49F3B6FC-9BEE-4734-82C4-FAA606100F0A} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-05-22] (SAMSUNG Electronics)
Task: {53403752-F29A-45E1-97AD-465D3F834308} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.)
Task: {5FC395FB-E1D8-4566-91D2-4585565871B0} - System32\Tasks\{0928E92B-0230-4D30-B123-B9529A88739C} => C:\Program Files\Skype\\Phone\Skype.exe [2010-03-09] (Skype Technologies S.A.)
Task: {941FD8D6-59AD-4980-AC39-88DA8A84FC45} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2008-04-25] (Samsung Electronics Co., Ltd.)
Task: {CD4314D0-71BB-4ED0-ABB6-4D82AB1577CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {D0788E40-8320-4501-80BC-C2550CB0E9CB} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-01-22] (AVAST Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core.job => C:\Users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA.job => C:\Users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SupBackGroundTask.job => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe

==================== Loaded Modules (whitelisted) =============

2014-03-05 05:05 - 2014-03-04 21:16 - 02275840 _____ () C:\Program Files\Alwil Software\Avast5\defs\14030401\algo.dll
2008-05-23 06:46 - 2008-05-23 06:46 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-04-03 17:18 - 2007-04-03 17:18 - 00197672 _____ () C:\Windows\system32\vpnapi.dll
2010-04-14 10:35 - 2009-03-03 12:45 - 00296400 ____N () C:\Program Files\Verbindungsassistent\WTGService.exe
2008-06-25 07:30 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
2008-06-25 07:30 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2008-06-25 07:30 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll
2014-04-26 00:00 - 2014-04-26 00:00 - 00041984 _____ () c:\users\an-d\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf3qxe1.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\An-D\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-25 22:43 - 2014-04-24 02:33 - 00065352 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-25 22:43 - 2014-04-24 02:33 - 04081480 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-25 22:43 - 2014-04-24 02:33 - 00390472 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-25 22:43 - 2014-04-24 02:33 - 01647432 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-12 15:55 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-12 15:55 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-04-25 22:43 - 2014-04-24 02:33 - 13692232 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:EA5DE28FA39D1DB8

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk => C:\Windows\pss\VPN Client.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Adobe_ID0ENQBO => C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: uTorrent => "C:\Program Files\uTorrent\uTorrent.exe"

==================== Faulty Device Manager Devices =============

Name: Microsoft-6zu4-Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/26/2014 00:02:58 AM) (Source: LoadPerf) (User: )
Description: WMI-Objekte16

Error: (04/26/2014 00:02:58 AM) (Source: LoadPerf) (User: )
Description: 775216

Error: (04/25/2014 11:56:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/25/2014 11:56:47 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/25/2014 11:34:25 PM) (Source: LoadPerf) (User: )
Description: WMI-Objekte16

Error: (04/25/2014 11:34:25 PM) (Source: LoadPerf) (User: )
Description: 775216

Error: (04/25/2014 11:29:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/25/2014 11:28:09 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (04/25/2014 08:27:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15616

Error: (04/25/2014 08:27:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15616


System errors:
=============
Error: (04/26/2014 00:00:24 AM) (Source: Service Control Manager) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058

Error: (04/25/2014 11:57:15 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (04/25/2014 11:56:52 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (04/25/2014 11:56:29 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (04/25/2014 11:36:39 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (04/25/2014 11:31:27 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (04/25/2014 11:29:28 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058

Error: (04/25/2014 11:29:28 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (04/25/2014 11:29:28 PM) (Source: Service Control Manager) (User: )
Description: Automatische WLAN-KonfigurationExtensible Authentication-Protokoll%%16389

Error: (04/25/2014 11:29:28 PM) (Source: Service Control Manager) (User: )
Description: Extensible Authentication-Protokoll%%16389


Microsoft Office Sessions:
=========================
Error: (05/12/2012 03:48:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 58 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/17/2012 04:18:26 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/19/2011 09:54:51 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 53 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/04/2011 05:02:51 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 220 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-04-26 00:59:10.010
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 00:59:09.979
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 00:59:09.948
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 00:59:09.916
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 00:59:09.854
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 00:59:09.823
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 00:59:09.792
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-26 00:59:09.745
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-09-12 00:14:11.328
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Alwil Software\Avast5\Setup\INF\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-09-12 00:14:11.210
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Alwil Software\Avast5\Setup\INF\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 48%
Total physical RAM: 3065.88 MB
Available physical RAM: 1588.7 MB
Total Pagefile: 6334.89 MB
Available Pagefile: 4679.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:80.09 GB) (Free:5.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:208 GB) (Free:16.8 GB) NTFS
Drive f: (Elements) (Fixed) (Total:931.51 GB) (Free:608.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 3A21C8C8)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=208 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 00021631)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 26.04.2014, 15:51   #4
Karl_Andreas
 
Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert - Standard

Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert



Gmer
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-26 02:23:30
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\An-D\AppData\Local\Temp\pxldqpog.sys


---- System - GMER 2.1 ----

SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwAddBootEntry [0x91A78610]
SSDT      \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                        ZwAllocateVirtualMemory [0x91E7A5FA]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwAssignProcessToJobObject [0x91A790E6]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwCreateEvent [0x91A84F18]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwCreateEventPair [0x91A84F64]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwCreateIoCompletion [0x91A850FE]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwCreateMutant [0x91A84E86]
SSDT      \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                        ZwCreateSection [0x91E7A992]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwCreateSemaphore [0x91A84ECE]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwCreateThread [0x91A795E4]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwCreateTimer [0x91A850B8]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwDebugActiveProcess [0x91A79E9C]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwDeleteBootEntry [0x91A78676]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwDuplicateObject [0x91A7D596]
SSDT      \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                        ZwFreeVirtualMemory [0x91E7A6C2]
SSDT      \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                        ZwLoadDriver [0x91E78C12]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwModifyBootEntry [0x91A786DC]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwNotifyChangeKey [0x91A7D98C]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwNotifyChangeMultipleKeys [0x91A7A92C]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwOpenEvent [0x91A84F42]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwOpenEventPair [0x91A84F86]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwOpenIoCompletion [0x91A85122]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwOpenMutant [0x91A84EAC]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwOpenProcess [0x91A7CE78]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwOpenSection [0x91A85036]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwOpenSemaphore [0x91A84EF6]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwOpenThread [0x91A7D26E]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwOpenTimer [0x91A850DC]
SSDT      \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                        ZwProtectVirtualMemory [0x91E7A822]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwQueryObject [0x91A7A7F8]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwQueueApcThread [0x91A7A34E]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwSetBootEntryOrder [0x91A78742]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwSetBootOptions [0x91A787A8]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwSetContextThread [0x91A79D16]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwSetSystemInformation [0x91A782F8]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwSetSystemPowerState [0x91A784CE]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwShutdownSystem [0x91A7845C]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwSuspendProcess [0x91A7A066]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwSuspendThread [0x91A7A1C8]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwSystemDebugControl [0x91A78556]
SSDT      \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                        ZwTerminateProcess [0x91E7A8EA]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwTerminateThread [0x91A79CF6]
SSDT      \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                        ZwUnloadDriver [0x91E78C42]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwVdmControl [0x91A7880E]
SSDT      \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                        ZwWriteVirtualMemory [0x91E7A76E]
SSDT      \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                        ZwCreateThreadEx [0x91A79800]

INT 0x61  ?                                                                                                                            914157D0
INT 0x71  ?                                                                                                                            91415A50

Code      \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                        ZwCreateProcessEx [0x91E93E00]
Code      \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                        ObInsertObject
Code      \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                        ObMakeTemporaryObject

---- Kernel code sections - GMER 2.1 ----

.text     ntoskrnl.exe!KeInsertQueue + 2FD                                                                                             830768F4 4 Bytes  [10, 86, A7, 91]
.text     ntoskrnl.exe!KeInsertQueue + 321                                                                                             83076918 4 Bytes  [FA, A5, E7, 91] {CLI ; MOVSD ; OUT 0x91, EAX}
.text     ntoskrnl.exe!KeInsertQueue + 381                                                                                             83076978 4 Bytes  [E6, 90, A7, 91] {OUT 0x90, AL; CMPSD ; XCHG ECX, EAX}
.text     ntoskrnl.exe!KeInsertQueue + 3C1                                                                                             830769B8 8 Bytes  [18, 4F, A8, 91, 64, 4F, A8, ...] {SBB [EDI-0x58], CL; XCHG ECX, EAX; DEC EDI; TEST AL, 0x91}
.text     ntoskrnl.exe!KeInsertQueue + 3CD                                                                                             830769C4 4 Bytes  [FE, 50, A8, 91]
.text     ...                                                                                                                          
PAGE      ntoskrnl.exe!ObMakeTemporaryObject                                                                                           831ACF3A 5 Bytes  JMP 91E90C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE      ntoskrnl.exe!ZwReplyWaitReceivePortEx + 110                                                                                  831F6213 4 Bytes  CALL 91A7AFEF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE      ntoskrnl.exe!ObInsertObject                                                                                                  831FA68B 5 Bytes  JMP 91E927B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE      ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 121                                                                                 83223A9D 4 Bytes  CALL 91A7B005 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE      ntoskrnl.exe!ZwCreateProcessEx                                                                                               832912F4 7 Bytes  JMP 91E93E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text     win32k.sys!EngCreateRectRgn + 51BE                                                                                           9CCB4126 5 Bytes  JMP 91A7E628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngPaint + 2029                                                                                                   9CCC7348 5 Bytes  JMP 91A7DAD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngCreatePalette + 3DF2                                                                                           9CCD2CB7 5 Bytes  JMP 91A7E6CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!XLATEOBJ_iXlate + B45                                                                                             9CCDAC31 5 Bytes  JMP 91A7D9C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!XLATEOBJ_iXlate + F1C                                                                                             9CCDB008 5 Bytes  JMP 91A7F1B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!XLATEOBJ_iXlate + 1EA3                                                                                            9CCDBF8F 5 Bytes  JMP 91A7E88C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngCombineRgn + 3A1                                                                                               9CCDCB6D 5 Bytes  JMP 91A7E7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngCombineRgn + 3161                                                                                              9CCDF92D 5 Bytes  JMP 91A7DF24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngSetRectRgn + 1939                                                                                              9CCE25FD 5 Bytes  JMP 91A7DD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngTransparentBlt + 65D3                                                                                          9CCEC7AD 5 Bytes  JMP 91A7E4DC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngTransparentBlt + 8746                                                                                          9CCEE920 5 Bytes  JMP 91A7F56C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngTransparentBlt + A393                                                                                          9CCF056D 5 Bytes  JMP 91A7E7E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngTransparentBlt + B91D                                                                                          9CCF1AF7 5 Bytes  JMP 91A7E2F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngUnmapFontFileFD + C738                                                                                         9CD0BF57 5 Bytes  JMP 91A7E22C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngUnmapFontFileFD + C80B                                                                                         9CD0C02A 5 Bytes  JMP 91A7E508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngGradientFill + 3FB5                                                                                            9CD2E0EF 5 Bytes  JMP 91A7F060 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngGradientFill + 7E1D                                                                                            9CD31F57 5 Bytes  JMP 91A7DDF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngMulDiv + 9165                                                                                                  9CD3B854 5 Bytes  JMP 91A7E6EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngNineGrid + 442A                                                                                                9CD44354 5 Bytes  JMP 91A7DBF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngNineGrid + 9061                                                                                                9CD48F8B 5 Bytes  JMP 91A7F33C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngNineGrid + 92BD                                                                                                9CD491E7 5 Bytes  JMP 91A7F3FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngLpkInstalled + 17                                                                                              9CD4D280 5 Bytes  JMP 91A7F162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngStretchBlt + 3838                                                                                              9CD5D548 5 Bytes  JMP 91A7F614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngStrokePath + 4D22                                                                                              9CD65C96 5 Bytes  JMP 91A7F116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngCopyBits + 17BC                                                                                                9CD6F7BE 5 Bytes  JMP 91A7F284 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!STROBJ_vEnumStart + 478A                                                                                          9CD7624D 5 Bytes  JMP 91A7DCDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngDeleteSemaphore + 40E                                                                                          9CD92951 5 Bytes  JMP 91A7E008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!CLIPOBJ_bEnum + CE1                                                                                               9CD9C786 5 Bytes  JMP 91A7DEBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngPlgBlt + 26D9                                                                                                  9CDA02BE 5 Bytes  JMP 91A7F4BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngPlgBlt + 45C5                                                                                                  9CDA21AA 5 Bytes  JMP 91A7E70A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngFillPath + 309B                                                                                                9CDBAF37 5 Bytes  JMP 91A7E150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text     win32k.sys!EngFillPath + 6C71                                                                                                9CDBEB0D 5 Bytes  JMP 91A7E0AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE      spsys.sys!?SPVersion@@3PADA + 1A67                                                                                           93B5503F 240 Bytes  [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE      spsys.sys!?SPVersion@@3PADA + 1B58                                                                                           93B55130 6 Bytes  [0E, 83, 78, 14, 01, 75]
PAGE      spsys.sys!?SPVersion@@3PADA + 1B5F                                                                                           93B55137 167 Bytes  [83, 78, 18, 37, 75, 02, B3, ...]
PAGE      spsys.sys!?SPVersion@@3PADA + 1C07                                                                                           93B551DF 2046 Bytes  [8B, 51, 08, 50, 6A, 00, 6A, ...]
PAGE      spsys.sys!?SPVersion@@3PADA + 2406                                                                                           93B559DE 47 Bytes  [04, BB, A8, 01, 00, 00, 8D, ...]
PAGE      ...                                                                                                                          

---- User code sections - GMER 2.1 ----

.text     C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[12] kernel32.dll!GetBinaryTypeW + 70  76511AE8 1 Byte  [62]
.text     C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[580] kernel32.dll!GetBinaryTypeW + 70                                 76511AE8 1 Byte  [62]
.text     C:\Windows\system32\csrss.exe[600] KERNEL32.dll!GetBinaryTypeW + 70                                                          76511AE8 1 Byte  [62]
.text     C:\Windows\system32\wininit.exe[652] kernel32.dll!GetBinaryTypeW + 70                                                        76511AE8 1 Byte  [62]
.text     C:\Windows\system32\csrss.exe[664] KERNEL32.dll!GetBinaryTypeW + 70                                                          76511AE8 1 Byte  [62]
.text     ...                                                                                                                          
.text     C:\Windows\servicing\TrustedInstaller.exe[772] ntdll.dll!LdrLoadDll                                                          77197933 5 Bytes  JMP 000501F8 
.text     C:\Windows\servicing\TrustedInstaller.exe[772] ntdll.dll!LdrUnloadDll                                                        771AE89C 5 Bytes  JMP 000503FC 
.text     C:\Windows\servicing\TrustedInstaller.exe[772] KERNEL32.dll!GetBinaryTypeW + 70                                              76511AE8 1 Byte  [62]
.text     C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!CreateServiceW                                                   75C138FF 5 Bytes  JMP 000603FC 
.text     C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!DeleteService                                                    75C13BEE 5 Bytes  JMP 00060600 
.text     C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!SetServiceObjectSecurity                                         75C566A9 5 Bytes  JMP 00061014 
.text     C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!ChangeServiceConfigA                                             75C567A9 5 Bytes  JMP 00060804 
.text     C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!ChangeServiceConfigW                                             75C56951 5 Bytes  JMP 00060A08 
.text     C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!ChangeServiceConfig2A                                            75C56A69 5 Bytes  JMP 00060C0C 
.text     C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!ChangeServiceConfig2W                                            75C56BB1 5 Bytes  JMP 00060E10 
.text     C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!CreateServiceA                                                   75C56C71 5 Bytes  JMP 000601F8 
.text     C:\Windows\servicing\TrustedInstaller.exe[772] USER32.dll!SetWindowsHookExW                                                  76427B69 5 Bytes  JMP 000B0804 
.text     C:\Windows\servicing\TrustedInstaller.exe[772] USER32.dll!SetWinEventHook                                                    7642915C 5 Bytes  JMP 000B01F8 
.text     C:\Windows\servicing\TrustedInstaller.exe[772] USER32.dll!UnhookWinEvent                                                     7642B702 5 Bytes  JMP 000B03FC 
.text     C:\Windows\servicing\TrustedInstaller.exe[772] USER32.dll!SetWindowsHookExA                                                  7644BB0E 5 Bytes  JMP 000B0600 
.text     C:\Windows\servicing\TrustedInstaller.exe[772] USER32.dll!UnhookWindowsHookEx                                                764508BE 5 Bytes  JMP 000B0A08 
.text     C:\Program Files\Bonjour\mDNSResponder.exe[860] kernel32.dll!GetBinaryTypeW + 70                                             76511AE8 1 Byte  [62]
.text     C:\Windows\system32\svchost.exe[864] kernel32.dll!GetBinaryTypeW + 70                                                        76511AE8 1 Byte  [62]
.text     C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!GetBinaryTypeW + 70                                                         76511AE8 1 Byte  [62]
.text     C:\Windows\system32\svchost.exe[948] kernel32.dll!GetBinaryTypeW + 70                                                        76511AE8 1 Byte  [62]
.text     C:\Windows\system32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 70                                                        76511AE8 1 Byte  [62]
.text     ...                                                                                                                          
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ntdll.dll!LdrLoadDll                                  77197933 5 Bytes  JMP 001601F8 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ntdll.dll!LdrUnloadDll                                771AE89C 5 Bytes  JMP 001603FC 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] KERNEL32.dll!CreateProcessW                           764C1C01 5 Bytes  JMP 01B58840 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] KERNEL32.dll!CreateProcessA                           764C1C36 5 Bytes  JMP 01B588E9 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] KERNEL32.dll!GetBinaryTypeW + 70                      76511AE8 1 Byte  [62]
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] USER32.dll!SetWindowsHookExW                          76427B69 5 Bytes  JMP 00170804 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] USER32.dll!SetWinEventHook                            7642915C 5 Bytes  JMP 001701F8 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] USER32.dll!UnhookWinEvent                             7642B702 5 Bytes  JMP 001703FC 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] USER32.dll!SetWindowsHookExA                          7644BB0E 5 Bytes  JMP 00170600 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] USER32.dll!UnhookWindowsHookEx                        764508BE 5 Bytes  JMP 00170A08 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!CreateProcessAsUserW                     75BEA8F5 5 Bytes  JMP 01B5898E 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!CreateServiceW                           75C138FF 5 Bytes  JMP 001803FC 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!DeleteService                            75C13BEE 5 Bytes  JMP 00180600 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!CreateProcessAsUserA                     75C348A6 5 Bytes  JMP 01B58A3A 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!SetServiceObjectSecurity                 75C566A9 5 Bytes  JMP 00181014 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!ChangeServiceConfigA                     75C567A9 5 Bytes  JMP 00180804 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!ChangeServiceConfigW                     75C56951 5 Bytes  JMP 00180A08 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!ChangeServiceConfig2A                    75C56A69 5 Bytes  JMP 00180C0C 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!ChangeServiceConfig2W                    75C56BB1 5 Bytes  JMP 00180E10 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!CreateServiceA                           75C56C71 5 Bytes  JMP 001801F8 
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] Crypt32.dll!PFXImportCertStore                        7537914C 5 Bytes  JMP 01B57410 
.text     C:\Windows\system32\svchost.exe[1636] kernel32.dll!GetBinaryTypeW + 70                                                       76511AE8 1 Byte  [62]
.text     C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1652] kernel32.dll!GetBinaryTypeW + 70                                            76511AE8 1 Byte  [62]
.text     C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1748] kernel32.dll!GetBinaryTypeW + 70                                   76511AE8 1 Byte  [62]
.text     C:\Windows\system32\WLANExt.exe[1772] kernel32.dll!GetBinaryTypeW + 70                                                       76511AE8 1 Byte  [62]
.text     C:\Windows\System32\spoolsv.exe[1916] kernel32.dll!GetBinaryTypeW + 70                                                       76511AE8 1 Byte  [62]
.text     ...                                                                                                                          
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ntdll.dll!LdrLoadDll                                                     77197933 5 Bytes  JMP 001501F8 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ntdll.dll!LdrUnloadDll                                                   771AE89C 5 Bytes  JMP 001503FC 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] KERNEL32.dll!CreateProcessW                                              764C1C01 5 Bytes  JMP 01C68840 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] KERNEL32.dll!CreateProcessA                                              764C1C36 5 Bytes  JMP 01C688E9 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] KERNEL32.dll!GetBinaryTypeW + 70                                         76511AE8 1 Byte  [62]
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] USER32.dll!SetWindowsHookExW                                             76427B69 5 Bytes  JMP 00160804 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] USER32.dll!SetWinEventHook                                               7642915C 5 Bytes  JMP 001601F8 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] USER32.dll!UnhookWinEvent                                                7642B702 5 Bytes  JMP 001603FC 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] USER32.dll!SetWindowsHookExA                                             7644BB0E 5 Bytes  JMP 00160600 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] USER32.dll!UnhookWindowsHookEx                                           764508BE 5 Bytes  JMP 00160A08 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!CreateProcessAsUserW                                        75BEA8F5 5 Bytes  JMP 01C6898E 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!CreateServiceW                                              75C138FF 5 Bytes  JMP 001703FC 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!DeleteService                                               75C13BEE 5 Bytes  JMP 00170600 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!CreateProcessAsUserA                                        75C348A6 5 Bytes  JMP 01C68A3A 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!SetServiceObjectSecurity                                    75C566A9 5 Bytes  JMP 00171014 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!ChangeServiceConfigA                                        75C567A9 5 Bytes  JMP 00170804 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!ChangeServiceConfigW                                        75C56951 5 Bytes  JMP 00170A08 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!ChangeServiceConfig2A                                       75C56A69 5 Bytes  JMP 00170C0C 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!ChangeServiceConfig2W                                       75C56BB1 5 Bytes  JMP 00170E10 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!CreateServiceA                                              75C56C71 5 Bytes  JMP 001701F8 
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] Crypt32.dll!PFXImportCertStore                                           7537914C 5 Bytes  JMP 01C67410 
.text     C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2124] kernel32.dll!GetBinaryTypeW + 70                 76511AE8 1 Byte  [62]
.text     C:\Windows\system32\svchost.exe[2276] kernel32.dll!GetBinaryTypeW + 70                                                       76511AE8 1 Byte  [62]
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ntdll.dll!LdrLoadDll                           77197933 5 Bytes  JMP 001601F8 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ntdll.dll!LdrUnloadDll                         771AE89C 5 Bytes  JMP 001603FC 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] KERNEL32.dll!CreateProcessW                    764C1C01 5 Bytes  JMP 01BB8840 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] KERNEL32.dll!CreateProcessA                    764C1C36 5 Bytes  JMP 01BB88E9 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] KERNEL32.dll!GetBinaryTypeW + 70               76511AE8 1 Byte  [62]
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!CreateProcessAsUserW              75BEA8F5 5 Bytes  JMP 01BB898E 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!CreateServiceW                    75C138FF 5 Bytes  JMP 002703FC 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!DeleteService                     75C13BEE 5 Bytes  JMP 00270600 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!CreateProcessAsUserA              75C348A6 5 Bytes  JMP 01BB8A3A 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity          75C566A9 5 Bytes  JMP 00271014 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!ChangeServiceConfigA              75C567A9 5 Bytes  JMP 00270804 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!ChangeServiceConfigW              75C56951 5 Bytes  JMP 00270A08 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!ChangeServiceConfig2A             75C56A69 5 Bytes  JMP 00270C0C 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W             75C56BB1 5 Bytes  JMP 00270E10 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!CreateServiceA                    75C56C71 5 Bytes  JMP 002701F8 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] USER32.dll!SetWindowsHookExW                   76427B69 5 Bytes  JMP 00280804 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] USER32.dll!SetWinEventHook                     7642915C 5 Bytes  JMP 002801F8 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] USER32.dll!UnhookWinEvent                      7642B702 5 Bytes  JMP 002803FC 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] USER32.dll!SetWindowsHookExA                   7644BB0E 5 Bytes  JMP 00280600 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] USER32.dll!UnhookWindowsHookEx                 764508BE 5 Bytes  JMP 00280A08 
.text     C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] Crypt32.dll!PFXImportCertStore                 7537914C 5 Bytes  JMP 01BB7410 
.text     C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2392] kernel32.dll!GetBinaryTypeW + 70                        76511AE8 1 Byte  [62]
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] ntdll.dll!LdrLoadDll                                                          77197933 5 Bytes  JMP 000601F8 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] ntdll.dll!LdrUnloadDll                                                        771AE89C 5 Bytes  JMP 000603FC 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] KERNEL32.dll!CreateProcessW                                                   764C1C01 5 Bytes  JMP 010B8840 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] KERNEL32.dll!CreateProcessA                                                   764C1C36 5 Bytes  JMP 010B88E9 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] KERNEL32.dll!GetBinaryTypeW + 70                                              76511AE8 1 Byte  [62]
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!CreateProcessAsUserW                                             75BEA8F5 5 Bytes  JMP 010B898E 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!CreateServiceW                                                   75C138FF 5 Bytes  JMP 000703FC 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!DeleteService                                                    75C13BEE 5 Bytes  JMP 00070600 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!CreateProcessAsUserA                                             75C348A6 5 Bytes  JMP 010B8A3A 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!SetServiceObjectSecurity                                         75C566A9 5 Bytes  JMP 00071014 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!ChangeServiceConfigA                                             75C567A9 5 Bytes  JMP 00070804 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!ChangeServiceConfigW                                             75C56951 5 Bytes  JMP 00070A08 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!ChangeServiceConfig2A                                            75C56A69 5 Bytes  JMP 00070C0C 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!ChangeServiceConfig2W                                            75C56BB1 5 Bytes  JMP 00070E10 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!CreateServiceA                                                   75C56C71 5 Bytes  JMP 000701F8 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] USER32.dll!SetWindowsHookExW                                                  76427B69 5 Bytes  JMP 00080804 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] USER32.dll!SetWinEventHook                                                    7642915C 5 Bytes  JMP 000801F8 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] USER32.dll!UnhookWinEvent                                                     7642B702 5 Bytes  JMP 000803FC 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] USER32.dll!SetWindowsHookExA                                                  7644BB0E 5 Bytes  JMP 00080600 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] USER32.dll!UnhookWindowsHookEx                                                764508BE 5 Bytes  JMP 00080A08 
.text     C:\Program Files\iTunes\iTunesHelper.exe[2416] CRYPT32.dll!PFXImportCertStore                                                7537914C 5 Bytes  JMP 010B7410 
.text     C:\Windows\system32\svchost.exe[2452] kernel32.dll!GetBinaryTypeW + 70                                                       76511AE8 1 Byte  [62]
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!LdrLoadDll                                                77197933 5 Bytes  JMP 000A01F8 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!LdrUnloadDll                                              771AE89C 5 Bytes  JMP 000A03FC 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] KERNEL32.dll!CreateProcessW                                         764C1C01 5 Bytes  JMP 01AA8840 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] KERNEL32.dll!CreateProcessA                                         764C1C36 5 Bytes  JMP 01AA88E9 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] KERNEL32.dll!GetBinaryTypeW + 70                                    76511AE8 1 Byte  [62]
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!CreateProcessAsUserW                                   75BEA8F5 5 Bytes  JMP 01AA898E 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!CreateServiceW                                         75C138FF 5 Bytes  JMP 000B03FC 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!DeleteService                                          75C13BEE 5 Bytes  JMP 000B0600 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!CreateProcessAsUserA                                   75C348A6 5 Bytes  JMP 01AA8A3A 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!SetServiceObjectSecurity                               75C566A9 5 Bytes  JMP 000B1014 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!ChangeServiceConfigA                                   75C567A9 5 Bytes  JMP 000B0804 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!ChangeServiceConfigW                                   75C56951 5 Bytes  JMP 000B0A08 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!ChangeServiceConfig2A                                  75C56A69 5 Bytes  JMP 000B0C0C 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!ChangeServiceConfig2W                                  75C56BB1 5 Bytes  JMP 000B0E10 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!CreateServiceA                                         75C56C71 5 Bytes  JMP 000B01F8 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!SetWindowsHookExW                                        76427B69 5 Bytes  JMP 000C0804 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!SetWinEventHook                                          7642915C 5 Bytes  JMP 000C01F8 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!UnhookWinEvent                                           7642B702 5 Bytes  JMP 000C03FC 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!SetWindowsHookExA                                        7644BB0E 5 Bytes  JMP 000C0600 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!UnhookWindowsHookEx                                      764508BE 5 Bytes  JMP 000C0A08 
.text     C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] Crypt32.dll!PFXImportCertStore                                      7537914C 5 Bytes  JMP 01AA7410 
.text     C:\Windows\System32\StkCSrv.exe[2488] kernel32.dll!GetBinaryTypeW + 70                                                       76511AE8 1 Byte  [62]
.text     C:\Windows\ehome\ehmsas.exe[2644] ntdll.dll!LdrLoadDll                                                                       77197933 5 Bytes  JMP 000501F8 
.text     C:\Windows\ehome\ehmsas.exe[2644] ntdll.dll!LdrUnloadDll                                                                     771AE89C 5 Bytes  JMP 000503FC 
.text     C:\Windows\ehome\ehmsas.exe[2644] KERNEL32.dll!CreateProcessW                                                                764C1C01 5 Bytes  JMP 021C8840 
.text     C:\Windows\ehome\ehmsas.exe[2644] KERNEL32.dll!CreateProcessA                                                                764C1C36 5 Bytes  JMP 021C88E9 
.text     C:\Windows\ehome\ehmsas.exe[2644] KERNEL32.dll!GetBinaryTypeW + 70                                                           76511AE8 1 Byte  [62]
.text     C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!CreateProcessAsUserW                                                          75BEA8F5 5 Bytes  JMP 021C898E 
.text     C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!CreateServiceW                                                                75C138FF 5 Bytes  JMP 000703FC 
.text     C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!DeleteService                                                                 75C13BEE 5 Bytes  JMP 00070600 
.text     C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!CreateProcessAsUserA                                                          75C348A6 5 Bytes  JMP 021C8A3A 
.text     C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!SetServiceObjectSecurity                                                      75C566A9 5 Bytes  JMP 00071014 
.text     C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!ChangeServiceConfigA                                                          75C567A9 5 Bytes  JMP 00070804 
.text     C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!ChangeServiceConfigW                                                          75C56951 5 Bytes  JMP 00070A08 
.text     C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!ChangeServiceConfig2A                                                         75C56A69 5 Bytes  JMP 00070C0C 
.text     C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!ChangeServiceConfig2W                                                         75C56BB1 5 Bytes  JMP 00070E10 
.text     C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!CreateServiceA                                                                75C56C71 5 Bytes  JMP 000701F8 
.text     C:\Windows\ehome\ehmsas.exe[2644] USER32.dll!SetWindowsHookExW                                                               76427B69 5 Bytes  JMP 00080804 
.text     C:\Windows\ehome\ehmsas.exe[2644] USER32.dll!SetWinEventHook                                                                 7642915C 5 Bytes  JMP 000801F8 
.text     C:\Windows\ehome\ehmsas.exe[2644] USER32.dll!UnhookWinEvent                                                                  7642B702 5 Bytes  JMP 000803FC 
.text     C:\Windows\ehome\ehmsas.exe[2644] USER32.dll!SetWindowsHookExA                                                               7644BB0E 5 Bytes  JMP 00080600 
.text     C:\Windows\ehome\ehmsas.exe[2644] USER32.dll!UnhookWindowsHookEx                                                             764508BE 5 Bytes  JMP 00080A08 
.text     C:\Windows\ehome\ehmsas.exe[2644] Crypt32.dll!PFXImportCertStore                                                             7537914C 5 Bytes  JMP 021C7410 
.text     C:\Windows\system32\Dwm.exe[2772] kernel32.dll!GetBinaryTypeW + 70                                                           76511AE8 1 Byte  [62]
.text     C:\Windows\Explorer.EXE[2796] kernel32.dll!CreateProcessW                                                                    764C1C01 5 Bytes  JMP 062D8840 
.text     C:\Windows\Explorer.EXE[2796] kernel32.dll!CreateProcessA                                                                    764C1C36 5 Bytes  JMP 062D88E9 
.text     C:\Windows\Explorer.EXE[2796] kernel32.dll!GetBinaryTypeW + 70                                                               76511AE8 1 Byte  [62]
.text     C:\Windows\Explorer.EXE[2796] ADVAPI32.dll!CreateProcessAsUserW                                                              75BEA8F5 5 Bytes  JMP 062D898E 
.text     C:\Windows\Explorer.EXE[2796] ADVAPI32.dll!CreateProcessAsUserA                                                              75C348A6 5 Bytes  JMP 062D8A3A 
.text     C:\Windows\Explorer.EXE[2796] CRYPT32.dll!PFXImportCertStore                                                                 7537914C 5 Bytes  JMP 062D7410 
.text     C:\Windows\system32\SearchIndexer.exe[2900] kernel32.dll!GetBinaryTypeW + 70                                                 76511AE8 1 Byte  [62]
.text     C:\Program Files\Verbindungsassistent\WTGService.exe[2960] kernel32.dll!GetBinaryTypeW + 70                                  76511AE8 1 Byte  [62]
.text     C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3056] kernel32.dll!GetBinaryTypeW + 70                      76511AE8 1 Byte  [62]
.text     C:\Windows\system32\taskeng.exe[3500] kernel32.dll!CreateProcessW                                                            764C1C01 5 Bytes  JMP 03298840 
.text     C:\Windows\system32\taskeng.exe[3500] kernel32.dll!CreateProcessA                                                            764C1C36 5 Bytes  JMP 032988E9 
.text     C:\Windows\system32\taskeng.exe[3500] kernel32.dll!GetBinaryTypeW + 70                                                       76511AE8 1 Byte  [62]
.text     C:\Windows\system32\taskeng.exe[3500] ADVAPI32.dll!CreateProcessAsUserW                                                      75BEA8F5 5 Bytes  JMP 0329898E 
.text     C:\Windows\system32\taskeng.exe[3500] ADVAPI32.dll!CreateProcessAsUserA                                                      75C348A6 5 Bytes  JMP 03298A3A 
.text     C:\Windows\system32\taskeng.exe[3500] CRYPT32.dll!PFXImportCertStore                                                         7537914C 5 Bytes  JMP 03297410 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ntdll.dll!LdrLoadDll                                77197933 5 Bytes  JMP 001601F8 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ntdll.dll!LdrUnloadDll                              771AE89C 5 Bytes  JMP 001603FC 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] KERNEL32.dll!CreateProcessW                         764C1C01 5 Bytes  JMP 016B8840 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] KERNEL32.dll!CreateProcessA                         764C1C36 5 Bytes  JMP 016B88E9 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] KERNEL32.dll!GetBinaryTypeW + 70                    76511AE8 1 Byte  [62]
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] USER32.dll!SetWindowsHookExW                        76427B69 5 Bytes  JMP 00170804 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] USER32.dll!SetWinEventHook                          7642915C 5 Bytes  JMP 001701F8 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] USER32.dll!UnhookWinEvent                           7642B702 5 Bytes  JMP 001703FC 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] USER32.dll!SetWindowsHookExA                        7644BB0E 5 Bytes  JMP 00170600 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] USER32.dll!UnhookWindowsHookEx                      764508BE 5 Bytes  JMP 00170A08 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!CreateProcessAsUserW                   75BEA8F5 5 Bytes  JMP 016B898E 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!CreateServiceW                         75C138FF 5 Bytes  JMP 001803FC 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!DeleteService                          75C13BEE 5 Bytes  JMP 00180600 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!CreateProcessAsUserA                   75C348A6 5 Bytes  JMP 016B8A3A 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!SetServiceObjectSecurity               75C566A9 5 Bytes  JMP 00181014 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!ChangeServiceConfigA                   75C567A9 5 Bytes  JMP 00180804 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!ChangeServiceConfigW                   75C56951 5 Bytes  JMP 00180A08 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!ChangeServiceConfig2A                  75C56A69 5 Bytes  JMP 00180C0C 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!ChangeServiceConfig2W                  75C56BB1 5 Bytes  JMP 00180E10 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!CreateServiceA                         75C56C71 5 Bytes  JMP 001801F8 
.text     C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] Crypt32.dll!PFXImportCertStore                      7537914C 5 Bytes  JMP 016B7410 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ntdll.dll!LdrLoadDll                                        77197933 5 Bytes  JMP 001601F8 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ntdll.dll!LdrUnloadDll                                      771AE89C 5 Bytes  JMP 001603FC 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] KERNEL32.dll!CreateProcessW                                 764C1C01 5 Bytes  JMP 02408840 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] KERNEL32.dll!CreateProcessA                                 764C1C36 5 Bytes  JMP 024088E9 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] KERNEL32.dll!GetBinaryTypeW + 70                            76511AE8 1 Byte  [62]
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] USER32.dll!SetWindowsHookExW                                76427B69 5 Bytes  JMP 00180804 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] USER32.dll!SetWinEventHook                                  7642915C 5 Bytes  JMP 001801F8 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] USER32.dll!UnhookWinEvent                                   7642B702 5 Bytes  JMP 001803FC 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] USER32.dll!SetWindowsHookExA                                7644BB0E 5 Bytes  JMP 00180600 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] USER32.dll!UnhookWindowsHookEx                              764508BE 5 Bytes  JMP 00180A08 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!CreateProcessAsUserW                           75BEA8F5 5 Bytes  JMP 0240898E 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!CreateServiceW                                 75C138FF 5 Bytes  JMP 001903FC 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!DeleteService                                  75C13BEE 5 Bytes  JMP 00190600 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!CreateProcessAsUserA                           75C348A6 5 Bytes  JMP 02408A3A 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!SetServiceObjectSecurity                       75C566A9 5 Bytes  JMP 00191014 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!ChangeServiceConfigA                           75C567A9 5 Bytes  JMP 00190804 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!ChangeServiceConfigW                           75C56951 5 Bytes  JMP 00190A08 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!ChangeServiceConfig2A                          75C56A69 5 Bytes  JMP 00190C0C 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!ChangeServiceConfig2W                          75C56BB1 5 Bytes  JMP 00190E10 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!CreateServiceA                                 75C56C71 5 Bytes  JMP 001901F8 
.text     C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] Crypt32.dll!PFXImportCertStore                              7537914C 5 Bytes  JMP 02407410 
.text     C:\Windows\System32\mobsync.exe[3736] ntdll.dll!LdrLoadDll                                                                   77197933 5 Bytes  JMP 000601F8 
.text     C:\Windows\System32\mobsync.exe[3736] ntdll.dll!LdrUnloadDll                                                                 771AE89C 5 Bytes  JMP 000603FC 
.text     C:\Windows\System32\mobsync.exe[3736] KERNEL32.dll!GetBinaryTypeW + 70                                                       76511AE8 1 Byte  [62]
.text     C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!CreateServiceW                                                            75C138FF 5 Bytes  JMP 000703FC 
.text     C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!DeleteService                                                             75C13BEE 5 Bytes  JMP 00070600 
.text     C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!SetServiceObjectSecurity                                                  75C566A9 5 Bytes  JMP 00071014 
.text     C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!ChangeServiceConfigA                                                      75C567A9 5 Bytes  JMP 00070804 
.text     C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!ChangeServiceConfigW                                                      75C56951 5 Bytes  JMP 00070A08 
.text     C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!ChangeServiceConfig2A                                                     75C56A69 5 Bytes  JMP 00070C0C 
.text     C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!ChangeServiceConfig2W                                                     75C56BB1 5 Bytes  JMP 00070E10 
.text     C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!CreateServiceA                                                            75C56C71 5 Bytes  JMP 000701F8 
.text     C:\Windows\System32\mobsync.exe[3736] USER32.dll!SetWindowsHookExW                                                           76427B69 5 Bytes  JMP 00180804 
.text     C:\Windows\System32\mobsync.exe[3736] USER32.dll!SetWinEventHook                                                             7642915C 5 Bytes  JMP 001801F8 
.text     C:\Windows\System32\mobsync.exe[3736] USER32.dll!UnhookWinEvent                                                              7642B702 5 Bytes  JMP 001803FC 
.text     C:\Windows\System32\mobsync.exe[3736] USER32.dll!SetWindowsHookExA                                                           7644BB0E 5 Bytes  JMP 00180600 
.text     C:\Windows\System32\mobsync.exe[3736] USER32.dll!UnhookWindowsHookEx                                                         764508BE 5 Bytes  JMP 00180A08 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ntdll.dll!LdrLoadDll                                   77197933 5 Bytes  JMP 001601F8 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ntdll.dll!LdrUnloadDll                                 771AE89C 5 Bytes  JMP 001603FC 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] KERNEL32.dll!CreateProcessW                            764C1C01 5 Bytes  JMP 016D8840 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] KERNEL32.dll!CreateProcessA                            764C1C36 5 Bytes  JMP 016D88E9 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] KERNEL32.dll!GetBinaryTypeW + 70                       76511AE8 1 Byte  [62]
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] USER32.dll!SetWindowsHookExW                           76427B69 5 Bytes  JMP 00170804 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] USER32.dll!SetWinEventHook                             7642915C 5 Bytes  JMP 001701F8 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] USER32.dll!UnhookWinEvent                              7642B702 5 Bytes  JMP 001703FC 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] USER32.dll!SetWindowsHookExA                           7644BB0E 5 Bytes  JMP 00170600 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] USER32.dll!UnhookWindowsHookEx                         764508BE 5 Bytes  JMP 00170A08 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!CreateProcessAsUserW                      75BEA8F5 5 Bytes  JMP 016D898E 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!CreateServiceW                            75C138FF 5 Bytes  JMP 001803FC 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!DeleteService                             75C13BEE 5 Bytes  JMP 00180600 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!CreateProcessAsUserA                      75C348A6 5 Bytes  JMP 016D8A3A 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!SetServiceObjectSecurity                  75C566A9 5 Bytes  JMP 00181014 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!ChangeServiceConfigA                      75C567A9 5 Bytes  JMP 00180804 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!ChangeServiceConfigW                      75C56951 5 Bytes  JMP 00180A08 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!ChangeServiceConfig2A                     75C56A69 5 Bytes  JMP 00180C0C 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!ChangeServiceConfig2W                     75C56BB1 5 Bytes  JMP 00180E10 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!CreateServiceA                            75C56C71 5 Bytes  JMP 001801F8 
.text     C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] CRYPT32.dll!PFXImportCertStore                         7537914C 5 Bytes  JMP 016D7410 
.text     C:\Windows\system32\wbem\wmiprvse.exe[3800] ntdll.dll!LdrLoadDll                                                             77197933 5 Bytes  JMP 000601F8 
.text     C:\Windows\system32\wbem\wmiprvse.exe[3800] ntdll.dll!LdrUnloadDll                                                           771AE89C 5 Bytes  JMP 000603FC 
.text     C:\Windows\system32\wbem\wmiprvse.exe[3800] KERNEL32.dll!GetBinaryTypeW + 70                                                 76511AE8 1 Byte  [62]
.text     C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!CreateServiceW                                                      75C138FF 5 Bytes  JMP 000703FC 
.text     C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!DeleteService                                                       75C13BEE 5 Bytes  JMP 00070600 
.text     C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!SetServiceObjectSecurity                                            75C566A9 5 Bytes  JMP 00071014 
.text     C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!ChangeServiceConfigA                                                75C567A9 5 Bytes  JMP 00070804 
.text     C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!ChangeServiceConfigW                                                75C56951 5 Bytes  JMP 00070A08 
.text     C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!ChangeServiceConfig2A                                               75C56A69 5 Bytes  JMP 00070C0C 
.text     C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!ChangeServiceConfig2W                                               75C56BB1 5 Bytes  JMP 00070E10 
.text     C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!CreateServiceA                                                      75C56C71 5 Bytes  JMP 000701F8 
.text     C:\Windows\system32\wbem\wmiprvse.exe[3800] USER32.dll!SetWindowsHookExW                                                     76427B69 5 Bytes  JMP 00080804 
.text     C:\Windows\system32\wbem\wmiprvse.exe[3800] USER32.dll!SetWinEventHook                                                       7642915C 5 Bytes  JMP 000801F8 
.text     C:\Windows\system32\wbem\wmiprvse.exe[3800] USER32.dll!UnhookWinEvent                                                        7642B702 5 Bytes  JMP 000803FC 
.text     C:\Windows\system32\wbem\wmiprvse.exe[3800] USER32.dll!SetWindowsHookExA                                                     7644BB0E 5 Bytes  JMP 00080600 
.text     C:\Windows\system32\wbem\wmiprvse.exe[3800] USER32.dll!UnhookWindowsHookEx                                                   764508BE 5 Bytes  JMP 00080A08 
.text     C:\Windows\ehome\ehtray.exe[3992] ntdll.dll!LdrLoadDll                                                                       77197933 5 Bytes  JMP 000601F8 
.text     C:\Windows\ehome\ehtray.exe[3992] ntdll.dll!LdrUnloadDll                                                                     771AE89C 5 Bytes  JMP 000603FC 
.text     C:\Windows\ehome\ehtray.exe[3992] KERNEL32.dll!CreateProcessW                                                                764C1C01 5 Bytes  JMP 009A8840 
.text     C:\Windows\ehome\ehtray.exe[3992] KERNEL32.dll!CreateProcessA                                                                764C1C36 5 Bytes  JMP 009A88E9 
.text     C:\Windows\ehome\ehtray.exe[3992] KERNEL32.dll!GetBinaryTypeW + 70                                                           76511AE8 1 Byte  [62]
.text     C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!CreateProcessAsUserW                                                          75BEA8F5 5 Bytes  JMP 009A898E 
.text     C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!CreateServiceW                                                                75C138FF 5 Bytes  JMP 000703FC 
.text     C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!DeleteService                                                                 75C13BEE 5 Bytes  JMP 00070600 
.text     C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!CreateProcessAsUserA                                                          75C348A6 5 Bytes  JMP 009A8A3A 
.text     C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!SetServiceObjectSecurity                                                      75C566A9 5 Bytes  JMP 00071014 
.text     C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!ChangeServiceConfigA                                                          75C567A9 5 Bytes  JMP 00070804 
.text     C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!ChangeServiceConfigW                                                          75C56951 5 Bytes  JMP 00070A08 
.text     C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!ChangeServiceConfig2A                                                         75C56A69 5 Bytes  JMP 00070C0C 
.text     C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!ChangeServiceConfig2W                                                         75C56BB1 5 Bytes  JMP 00070E10 
.text     C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!CreateServiceA                                                                75C56C71 5 Bytes  JMP 000701F8 
.text     C:\Windows\ehome\ehtray.exe[3992] USER32.dll!SetWindowsHookExW                                                               76427B69 5 Bytes  JMP 00080804 
.text     C:\Windows\ehome\ehtray.exe[3992] USER32.dll!SetWinEventHook                                                                 7642915C 5 Bytes  JMP 000801F8 
.text     C:\Windows\ehome\ehtray.exe[3992] USER32.dll!UnhookWinEvent                                                                  7642B702 5 Bytes  JMP 000803FC 
.text     C:\Windows\ehome\ehtray.exe[3992] USER32.dll!SetWindowsHookExA                                                               7644BB0E 5 Bytes  JMP 00080600 
.text     C:\Windows\ehome\ehtray.exe[3992] USER32.dll!UnhookWindowsHookEx                                                             764508BE 5 Bytes  JMP 00080A08 
.text     C:\Windows\ehome\ehtray.exe[3992] Crypt32.dll!PFXImportCertStore                                                             7537914C 5 Bytes  JMP 009A7410 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ntdll.dll!LdrLoadDll                                                  77197933 5 Bytes  JMP 001601F8 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ntdll.dll!LdrUnloadDll                                                771AE89C 5 Bytes  JMP 001603FC 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] KERNEL32.dll!CreateProcessW                                           764C1C01 5 Bytes  JMP 01E78840 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] KERNEL32.dll!CreateProcessA                                           764C1C36 5 Bytes  JMP 01E788E9 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] KERNEL32.dll!GetBinaryTypeW + 70                                      76511AE8 1 Byte  [62]
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!CreateProcessAsUserW                                     75BEA8F5 5 Bytes  JMP 01E7898E 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!CreateServiceW                                           75C138FF 5 Bytes  JMP 001803FC 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!DeleteService                                            75C13BEE 5 Bytes  JMP 00180600 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!CreateProcessAsUserA                                     75C348A6 5 Bytes  JMP 01E78A3A 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!SetServiceObjectSecurity                                 75C566A9 5 Bytes  JMP 00181014 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!ChangeServiceConfigA                                     75C567A9 5 Bytes  JMP 00180804 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!ChangeServiceConfigW                                     75C56951 5 Bytes  JMP 00180A08 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!ChangeServiceConfig2A                                    75C56A69 5 Bytes  JMP 00180C0C 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!ChangeServiceConfig2W                                    75C56BB1 5 Bytes  JMP 00180E10 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!CreateServiceA                                           75C56C71 5 Bytes  JMP 001801F8 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] USER32.dll!SetWindowsHookExW                                          76427B69 5 Bytes  JMP 00190804 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] USER32.dll!SetWinEventHook                                            7642915C 5 Bytes  JMP 001901F8 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] USER32.dll!UnhookWinEvent                                             7642B702 5 Bytes  JMP 001903FC 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] USER32.dll!SetWindowsHookExA                                          7644BB0E 5 Bytes  JMP 00190600 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] USER32.dll!UnhookWindowsHookEx                                        764508BE 5 Bytes  JMP 00190A08 
.text     C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] Crypt32.dll!PFXImportCertStore                                        7537914C 5 Bytes  JMP 01E77410 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ntdll.dll!LdrLoadDll                                77197933 5 Bytes  JMP 001501F8 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ntdll.dll!LdrUnloadDll                              771AE89C 5 Bytes  JMP 001503FC 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] KERNEL32.dll!CreateProcessW                         764C1C01 5 Bytes  JMP 01CC8840 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] KERNEL32.dll!CreateProcessA                         764C1C36 5 Bytes  JMP 01CC88E9 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] KERNEL32.dll!GetBinaryTypeW + 70                    76511AE8 1 Byte  [62]
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] USER32.dll!SetWindowsHookExW                        76427B69 5 Bytes  JMP 00160804 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] USER32.dll!SetWinEventHook                          7642915C 5 Bytes  JMP 001601F8 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] USER32.dll!UnhookWinEvent                           7642B702 5 Bytes  JMP 001603FC 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] USER32.dll!SetWindowsHookExA                        7644BB0E 5 Bytes  JMP 00160600 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] USER32.dll!UnhookWindowsHookEx                      764508BE 5 Bytes  JMP 00160A08 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!CreateProcessAsUserW                   75BEA8F5 5 Bytes  JMP 01CC898E 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!CreateServiceW                         75C138FF 5 Bytes  JMP 001703FC 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!DeleteService                          75C13BEE 5 Bytes  JMP 00170600 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!CreateProcessAsUserA                   75C348A6 5 Bytes  JMP 01CC8A3A 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!SetServiceObjectSecurity               75C566A9 5 Bytes  JMP 00171014 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!ChangeServiceConfigA                   75C567A9 5 Bytes  JMP 00170804 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!ChangeServiceConfigW                   75C56951 5 Bytes  JMP 00170A08 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!ChangeServiceConfig2A                  75C56A69 5 Bytes  JMP 00170C0C 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!ChangeServiceConfig2W                  75C56BB1 5 Bytes  JMP 00170E10 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!CreateServiceA                         75C56C71 5 Bytes  JMP 001701F8 
.text     C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] Crypt32.dll!PFXImportCertStore                      7537914C 5 Bytes  JMP 01CC7410 
.text     C:\Windows\RtHDVCpl.exe[4040] ntdll.dll!LdrLoadDll                                                                           77197933 5 Bytes  JMP 001601F8 
.text     C:\Windows\RtHDVCpl.exe[4040] ntdll.dll!LdrUnloadDll                                                                         771AE89C 5 Bytes  JMP 001603FC 
.text     C:\Windows\RtHDVCpl.exe[4040] KERNEL32.dll!CreateProcessW                                                                    764C1C01 5 Bytes  JMP 02AD8840 
.text     C:\Windows\RtHDVCpl.exe[4040] KERNEL32.dll!CreateProcessA                                                                    764C1C36 5 Bytes  JMP 02AD88E9 
.text     C:\Windows\RtHDVCpl.exe[4040] KERNEL32.dll!GetBinaryTypeW + 70                                                               76511AE8 1 Byte  [62]
.text     C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!CreateProcessAsUserW                                                              75BEA8F5 5 Bytes  JMP 02AD898E 
.text     C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!CreateServiceW                                                                    75C138FF 5 Bytes  JMP 002703FC 
.text     C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!DeleteService                                                                     75C13BEE 5 Bytes  JMP 00270600 
.text     C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!CreateProcessAsUserA                                                              75C348A6 5 Bytes  JMP 02AD8A3A 
.text     C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!SetServiceObjectSecurity                                                          75C566A9 5 Bytes  JMP 00271014 
.text     C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!ChangeServiceConfigA                                                              75C567A9 5 Bytes  JMP 00270804 
.text     C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!ChangeServiceConfigW                                                              75C56951 5 Bytes  JMP 00270A08 
.text     C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!ChangeServiceConfig2A                                                             75C56A69 5 Bytes  JMP 00270C0C 
.text     C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!ChangeServiceConfig2W                                                             75C56BB1 5 Bytes  JMP 00270E10 
.text     C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!CreateServiceA                                                                    75C56C71 5 Bytes  JMP 002701F8 
.text     C:\Windows\RtHDVCpl.exe[4040] USER32.dll!SetWindowsHookExW                                                                   76427B69 5 Bytes  JMP 00280804 
.text     C:\Windows\RtHDVCpl.exe[4040] USER32.dll!SetWinEventHook                                                                     7642915C 5 Bytes  JMP 002801F8 
.text     C:\Windows\RtHDVCpl.exe[4040] USER32.dll!UnhookWinEvent                                                                      7642B702 5 Bytes  JMP 002803FC 
.text     C:\Windows\RtHDVCpl.exe[4040] USER32.dll!SetWindowsHookExA                                                                   7644BB0E 5 Bytes  JMP 00280600 
.text     C:\Windows\RtHDVCpl.exe[4040] USER32.dll!UnhookWindowsHookEx                                                                 764508BE 5 Bytes  JMP 00280A08 
.text     C:\Windows\RtHDVCpl.exe[4040] CRYPT32.dll!PFXImportCertStore                                                                 7537914C 5 Bytes  JMP 02AD7410 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ntdll.dll!LdrLoadDll                                            77197933 5 Bytes  JMP 001601F8 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ntdll.dll!LdrUnloadDll                                          771AE89C 5 Bytes  JMP 001603FC 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] KERNEL32.dll!CreateProcessW                                     764C1C01 5 Bytes  JMP 04078840 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] KERNEL32.dll!CreateProcessA                                     764C1C36 5 Bytes  JMP 040788E9 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] KERNEL32.dll!GetBinaryTypeW + 70                                76511AE8 1 Byte  [62]
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!CreateProcessAsUserW                               75BEA8F5 5 Bytes  JMP 0407898E 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!CreateServiceW                                     75C138FF 5 Bytes  JMP 001803FC 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!DeleteService                                      75C13BEE 5 Bytes  JMP 00180600 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!CreateProcessAsUserA                               75C348A6 5 Bytes  JMP 04078A3A 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!SetServiceObjectSecurity                           75C566A9 5 Bytes  JMP 00181014 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!ChangeServiceConfigA                               75C567A9 5 Bytes  JMP 00180804 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!ChangeServiceConfigW                               75C56951 5 Bytes  JMP 00180A08 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!ChangeServiceConfig2A                              75C56A69 5 Bytes  JMP 00180C0C 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!ChangeServiceConfig2W                              75C56BB1 5 Bytes  JMP 00180E10 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!CreateServiceA                                     75C56C71 5 Bytes  JMP 001801F8 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] USER32.dll!SetWindowsHookExW                                    76427B69 5 Bytes  JMP 00190804 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] USER32.dll!SetWinEventHook                                      7642915C 5 Bytes  JMP 001901F8 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] USER32.dll!UnhookWinEvent                                       7642B702 5 Bytes  JMP 001903FC 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] USER32.dll!SetWindowsHookExA                                    7644BB0E 5 Bytes  JMP 00190600 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] USER32.dll!UnhookWindowsHookEx                                  764508BE 5 Bytes  JMP 00190A08 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] CRYPT32.dll!PFXImportCertStore                                  7537914C 5 Bytes  JMP 04077410 
.text     C:\Windows\system32\svchost.exe[4428] ntdll.dll!LdrLoadDll                                                                   77197933 5 Bytes  JMP 000601F8 
.text     C:\Windows\system32\svchost.exe[4428] ntdll.dll!LdrUnloadDll                                                                 771AE89C 5 Bytes  JMP 000603FC 
.text     C:\Windows\system32\svchost.exe[4428] KERNEL32.dll!GetBinaryTypeW + 70                                                       76511AE8 1 Byte  [62]
.text     C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!CreateServiceW                                                            75C138FF 5 Bytes  JMP 000703FC 
.text     C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!DeleteService                                                             75C13BEE 5 Bytes  JMP 00070600 
.text     C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!SetServiceObjectSecurity                                                  75C566A9 5 Bytes  JMP 00071014 
.text     C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!ChangeServiceConfigA                                                      75C567A9 5 Bytes  JMP 00070804 
.text     C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!ChangeServiceConfigW                                                      75C56951 5 Bytes  JMP 00070A08 
.text     C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!ChangeServiceConfig2A                                                     75C56A69 5 Bytes  JMP 00070C0C 
.text     C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!ChangeServiceConfig2W                                                     75C56BB1 5 Bytes  JMP 00070E10 
.text     C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!CreateServiceA                                                            75C56C71 5 Bytes  JMP 000701F8 
.text     C:\Windows\system32\svchost.exe[4428] USER32.dll!SetWindowsHookExW                                                           76427B69 5 Bytes  JMP 00080804 
.text     C:\Windows\system32\svchost.exe[4428] USER32.dll!SetWinEventHook                                                             7642915C 5 Bytes  JMP 000801F8 
.text     C:\Windows\system32\svchost.exe[4428] USER32.dll!UnhookWinEvent                                                              7642B702 5 Bytes  JMP 000803FC 
.text     C:\Windows\system32\svchost.exe[4428] USER32.dll!SetWindowsHookExA                                                           7644BB0E 5 Bytes  JMP 00080600 
.text     C:\Windows\system32\svchost.exe[4428] USER32.dll!UnhookWindowsHookEx                                                         764508BE 5 Bytes  JMP 00080A08 
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ntdll.dll!LdrLoadDll                                                  77197933 5 Bytes  JMP 001701F8 
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ntdll.dll!LdrUnloadDll                                                771AE89C 5 Bytes  JMP 001703FC 
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] KERNEL32.dll!GetBinaryTypeW + 70                                      76511AE8 1 Byte  [62]
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] USER32.dll!SetWindowsHookExW                                          76427B69 5 Bytes  JMP 00280804 
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] USER32.dll!SetWinEventHook                                            7642915C 5 Bytes  JMP 002801F8 
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] USER32.dll!UnhookWinEvent                                             7642B702 5 Bytes  JMP 002803FC 
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] USER32.dll!SetWindowsHookExA                                          7644BB0E 5 Bytes  JMP 00280600 
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] USER32.dll!UnhookWindowsHookEx                                        764508BE 5 Bytes  JMP 00280A08 
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!CreateServiceW                                           75C138FF 5 Bytes  JMP 002903FC 
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!DeleteService                                            75C13BEE 5 Bytes  JMP 00290600 
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!SetServiceObjectSecurity                                 75C566A9 5 Bytes  JMP 00291014 
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!ChangeServiceConfigA                                     75C567A9 5 Bytes  JMP 00290804 
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!ChangeServiceConfigW                                     75C56951 5 Bytes  JMP 00290A08 
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!ChangeServiceConfig2A                                    75C56A69 5 Bytes  JMP 00290C0C 
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!ChangeServiceConfig2W                                    75C56BB1 5 Bytes  JMP 00290E10 
.text     C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!CreateServiceA                                           75C56C71 5 Bytes  JMP 002901F8 
.text     C:\Program Files\iPod\bin\iPodService.exe[5128] ntdll.dll!LdrLoadDll                                                         77197933 5 Bytes  JMP 000601F8 
.text     C:\Program Files\iPod\bin\iPodService.exe[5128] ntdll.dll!LdrUnloadDll                                                       771AE89C 5 Bytes  JMP 000603FC 
.text     C:\Program Files\iPod\bin\iPodService.exe[5128] KERNEL32.dll!GetBinaryTypeW + 70                                             76511AE8 1 Byte  [62]
.text     C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!CreateServiceW                                                  75C138FF 5 Bytes  JMP 000703FC 
.text     C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!DeleteService                                                   75C13BEE 5 Bytes  JMP 00070600 
.text     C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!SetServiceObjectSecurity                                        75C566A9 5 Bytes  JMP 00071014 
.text     C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!ChangeServiceConfigA                                            75C567A9 5 Bytes  JMP 00070804 
.text     C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!ChangeServiceConfigW                                            75C56951 5 Bytes  JMP 00070A08 
.text     C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!ChangeServiceConfig2A                                           75C56A69 5 Bytes  JMP 00070C0C 
.text     C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!ChangeServiceConfig2W                                           75C56BB1 5 Bytes  JMP 00070E10 
.text     C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!CreateServiceA                                                  75C56C71 5 Bytes  JMP 000701F8 
.text     C:\Program Files\iPod\bin\iPodService.exe[5128] USER32.dll!SetWindowsHookExW                                                 76427B69 5 Bytes  JMP 00080804 
.text     C:\Program Files\iPod\bin\iPodService.exe[5128] USER32.dll!SetWinEventHook                                                   7642915C 5 Bytes  JMP 000801F8 
.text     C:\Program Files\iPod\bin\iPodService.exe[5128] USER32.dll!UnhookWinEvent                                                    7642B702 5 Bytes  JMP 000803FC 
.text     C:\Program Files\iPod\bin\iPodService.exe[5128] USER32.dll!SetWindowsHookExA                                                 7644BB0E 5 Bytes  JMP 00080600 
.text     C:\Program Files\iPod\bin\iPodService.exe[5128] USER32.dll!UnhookWindowsHookEx                                               764508BE 5 Bytes  JMP 00080A08 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ntdll.dll!LdrLoadDll                                     77197933 5 Bytes  JMP 001601F8 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ntdll.dll!LdrUnloadDll                                   771AE89C 5 Bytes  JMP 001603FC 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] KERNEL32.dll!GetBinaryTypeW + 70                         76511AE8 1 Byte  [62]
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!CreateServiceW                              75C138FF 5 Bytes  JMP 001803FC 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!DeleteService                               75C13BEE 5 Bytes  JMP 00180600 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!SetServiceObjectSecurity                    75C566A9 5 Bytes  JMP 00181014 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!ChangeServiceConfigA                        75C567A9 5 Bytes  JMP 00180804 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!ChangeServiceConfigW                        75C56951 5 Bytes  JMP 00180A08 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!ChangeServiceConfig2A                       75C56A69 5 Bytes  JMP 00180C0C 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!ChangeServiceConfig2W                       75C56BB1 5 Bytes  JMP 00180E10 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!CreateServiceA                              75C56C71 5 Bytes  JMP 001801F8 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] USER32.dll!SetWindowsHookExW                             76427B69 5 Bytes  JMP 00190804 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] USER32.dll!SetWinEventHook                               7642915C 5 Bytes  JMP 001901F8 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] USER32.dll!UnhookWinEvent                                7642B702 5 Bytes  JMP 001903FC 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] USER32.dll!SetWindowsHookExA                             7644BB0E 5 Bytes  JMP 00190600 
.text     C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] USER32.dll!UnhookWindowsHookEx                           764508BE 5 Bytes  JMP 00190A08 
.text     C:\Windows\system32\svchost.exe[5444] ntdll.dll!LdrLoadDll                                                                   77197933 5 Bytes  JMP 000601F8 
.text     C:\Windows\system32\svchost.exe[5444] ntdll.dll!LdrUnloadDll                                                                 771AE89C 5 Bytes  JMP 000603FC 
.text     C:\Windows\system32\svchost.exe[5444] KERNEL32.dll!GetBinaryTypeW + 70                                                       76511AE8 1 Byte  [62]
.text     C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!CreateServiceW                                                            75C138FF 5 Bytes  JMP 000703FC 
.text     C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!DeleteService                                                             75C13BEE 5 Bytes  JMP 00070600 
.text     C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!SetServiceObjectSecurity                                                  75C566A9 5 Bytes  JMP 00071014 
.text     C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!ChangeServiceConfigA                                                      75C567A9 5 Bytes  JMP 00070804 
.text     C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!ChangeServiceConfigW                                                      75C56951 5 Bytes  JMP 00070A08 
.text     C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!ChangeServiceConfig2A                                                     75C56A69 5 Bytes  JMP 00070C0C 
.text     C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!ChangeServiceConfig2W                                                     75C56BB1 5 Bytes  JMP 00070E10 
.text     C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!CreateServiceA                                                            75C56C71 5 Bytes  JMP 000701F8 
.text     C:\Windows\system32\svchost.exe[5444] USER32.dll!SetWindowsHookExW                                                           76427B69 5 Bytes  JMP 00080804 
.text     C:\Windows\system32\svchost.exe[5444] USER32.dll!SetWinEventHook                                                             7642915C 5 Bytes  JMP 000801F8 
.text     C:\Windows\system32\svchost.exe[5444] USER32.dll!UnhookWinEvent                                                              7642B702 5 Bytes  JMP 000803FC 
.text     C:\Windows\system32\svchost.exe[5444] USER32.dll!SetWindowsHookExA                                                           7644BB0E 5 Bytes  JMP 00080600 
.text     C:\Windows\system32\svchost.exe[5444] USER32.dll!UnhookWindowsHookEx                                                         764508BE 5 Bytes  JMP 00080A08 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ntdll.dll!LdrLoadDll                                                              77197933 5 Bytes  JMP 001601F8 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ntdll.dll!LdrUnloadDll                                                            771AE89C 5 Bytes  JMP 001603FC 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] KERNEL32.dll!CreateProcessW                                                       764C1C01 5 Bytes  JMP 00378840 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] KERNEL32.dll!CreateProcessA                                                       764C1C36 5 Bytes  JMP 003788E9 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] KERNEL32.dll!GetBinaryTypeW + 70                                                  76511AE8 1 Byte  [62]
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!CreateProcessAsUserW                                                 75BEA8F5 5 Bytes  JMP 0037898E 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!CreateServiceW                                                       75C138FF 5 Bytes  JMP 001C03FC 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!DeleteService                                                        75C13BEE 5 Bytes  JMP 001C0600 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!CreateProcessAsUserA                                                 75C348A6 5 Bytes  JMP 00378A3A 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!SetServiceObjectSecurity                                             75C566A9 5 Bytes  JMP 001C1014 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!ChangeServiceConfigA                                                 75C567A9 5 Bytes  JMP 001C0804 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!ChangeServiceConfigW                                                 75C56951 5 Bytes  JMP 001C0A08 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!ChangeServiceConfig2A                                                75C56A69 5 Bytes  JMP 001C0C0C 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!ChangeServiceConfig2W                                                75C56BB1 5 Bytes  JMP 001C0E10 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!CreateServiceA                                                       75C56C71 5 Bytes  JMP 001C01F8 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] USER32.dll!SetWindowsHookExW                                                      76427B69 5 Bytes  JMP 001D0804 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] USER32.dll!SetWinEventHook                                                        7642915C 5 Bytes  JMP 001D01F8 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] USER32.dll!UnhookWinEvent                                                         7642B702 5 Bytes  JMP 001D03FC 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] USER32.dll!SetWindowsHookExA                                                      7644BB0E 5 Bytes  JMP 001D0600 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] USER32.dll!UnhookWindowsHookEx                                                    764508BE 5 Bytes  JMP 001D0A08 
.text     C:\Users\An-D\Desktop\Gmer-19357.exe[6044] Crypt32.dll!PFXImportCertStore                                                    7537914C 5 Bytes  JMP 00377410 

---- Processes - GMER 2.1 ----

Process    (*** hidden *** )                                                                                                           [4] 8526DA90                                                                                                           

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6                                                  
Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd65b4f                                                  
Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd6642e                                                  
Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269c9ea11                                                  
Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269c9ea11@c8979f6daf40                                     0xAB 0xDB 0x6A 0xCA ...
Reg       HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6 (not active ControlSet)                              
Reg       HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e4cd65b4f (not active ControlSet)                              
Reg       HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e4cd6642e (not active ControlSet)                              
Reg       HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002269c9ea11 (not active ControlSet)                              
Reg       HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002269c9ea11@c8979f6daf40                                         0xAB 0xDB 0x6A 0xCA ...
Reg       HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version                                                   
Reg       HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version                                           0x5D 0x3B 0x90 0xB3 ...

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                        unknown MBR code

---- EOF - GMER 2.1 ----
         

Alt 26.04.2014, 19:42   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert - Standard

Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.04.2014, 12:25   #6
Karl_Andreas
 
Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert - Standard

Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert



Hallo schrauber,

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-04-2014
Ran by An-D at 2014-04-26 20:51:04 Run:1
Running from C:\Users\An-D\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
         
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====
         
Bei Revo wurden Kaspersky und McAffee leider nicht angezeigt, Alwil/AVAST habe ich moderat entfernt. Allerdings tauchte dabei folgende Fehlermeldung auf

'Error
A setiface error has occured: 2
Try to reinstall or contact support, please'

Habe dann den Computer neu gestartet. Nach der Anmeldung tauchte diese Fehlermeldung auf:

'RegSvr32
Das Modul "C:\ProgramData\pmsqql.dat" konnte nicht geladen werden.

Vergewissern Sie sich, dass die Binärdatei am angegebenen Pfad gespeichert ist, oder debuggen Sie die Datei, um Probleme mit der binären Datei oder abhängigen DLL-Dateien auszuschließen.

Das angegebene Modul wurde nicht gefunden.'

Nach erneutem Neustart tauchte der Fehler nicht mehr auf.

Habe dann Combofix durchlaufen lassen:
Code:
ATTFilter
ComboFix 14-04-26.01 - An-D 27.04.2014  20:33:21.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.44.1031.18.3066.2181 [GMT 2:00]
Running from: c:\users\An-D\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
---- Previous Run -------
.
C:\END
c:\programdata\pmsqql.dat
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\An-D\AppData\Roaming\Start
c:\users\An-D\AppData\Roaming\Start\temp_BB40E0B5\flash.9.0.115.0.ocx
c:\users\An-D\AppData\Roaming\Start\temp_BB40E0B5\flash.9.0.159.0.ocx
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
F:\autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-27 to 2014-04-27  )))))))))))))))))))))))))))))))
.
.
2014-04-27 18:47 . 2014-04-27 18:47	--------	d-----w-	c:\users\An-D\AppData\Local\temp
2014-04-27 18:47 . 2014-04-27 18:47	--------	d-----w-	c:\users\Mcx1\AppData\Local\temp
2014-04-27 18:47 . 2014-04-27 18:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-04-27 16:57 . 2014-04-27 16:57	--------	d-----w-	c:\program files\VS Revo Group
2014-04-25 22:57 . 2014-04-26 18:51	--------	d-----w-	C:\FRST
2014-04-22 12:53 . 2014-04-22 12:53	--------	d-----w-	c:\users\An-D\AppData\Roaming\Thunderbird
2014-04-22 12:53 . 2014-04-22 12:53	--------	d-----w-	c:\users\An-D\AppData\Local\Thunderbird
2014-04-22 12:53 . 2014-04-22 12:53	--------	d-----w-	c:\program files\Mozilla Thunderbird
2014-04-04 01:56 . 2014-04-04 01:56	--------	d-----w-	c:\program files\iPod
2014-04-04 01:55 . 2014-04-04 01:57	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-04 01:39 . 2014-04-04 01:40	--------	d-----w-	c:\program files\DVDVideoSoft
2014-04-04 01:16 . 2014-04-04 01:16	--------	d-----w-	c:\users\An-D\AppData\Roaming\mysearchdial
2014-04-04 01:16 . 2014-04-04 01:16	--------	d-----w-	c:\program files\Mysearchdial
2014-03-31 23:58 . 2014-03-31 23:58	--------	d-----w-	c:\users\An-D\AppData\Roaming\DropboxMaster
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 21:51 . 2012-03-31 09:03	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-03-11 21:51 . 2011-05-21 18:08	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-27 18:29	297128	----a-w-	c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\An-D\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\An-D\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\An-D\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\An-D\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Steam"="c:\program files\Steam\Steam.exe" [2013-06-06 1641896]
"HumanizedEnso"="c:\users\An-D\AppData\Local\HumanizedEnso\Enso.exe" [2008-01-14 117232]
"Spotify Web Helper"="c:\users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-04-25 1171000]
"Spotify"="c:\users\An-D\AppData\Roaming\Spotify\Spotify.exe" [2014-04-25 6087224]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"pmsqql"="c:\programdata\pmsqql.dat" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-22 178712]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-12-15 614400]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\An-D\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-4-18 33604728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
Inhaltsmanager-Assistent für PlayStation(R).lnk - c:\program files\Sony\Content Manager Assistant\CMA.exe [2012-11-13 3359712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58	611712	----a-w-	c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 15:24	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 08:02	26100520	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
c:\program files\uTorrent\uTorrent.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 ADDMEM;ADDMEM;c:\users\An-D\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 21:51]
.
2014-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core.job
- c:\users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10 21:04]
.
2014-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA.job
- c:\users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10 21:04]
.
2014-04-27 c:\windows\Tasks\SupBackGroundTask.job
- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-10-27 12:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
FF - prefs.js: network.proxy.type - 2
FF - user.js: extensions.irmysearch.aflt - dvd_14_14_ff
FF - user.js: extensions.irmysearch.instlRef - 140305_a
FF - user.js: extensions.irmysearch.cr - 415182659
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=&q=
FF - user.js: extensions.mysearchdial.id - 002269C9EA118D32
FF - user.js: extensions.mysearchdial.instlDay - 16164
FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.03:28
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dvd_14_14_ff
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 140305_a
FF - user.js: extensions.mysearchdial.dfltLng - 
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial.cr - 415182659
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q
FF - user.js: extensions.mysearchdial.AL - 2
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-04-27 20:47
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3115540864-2871994801-2538804916-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"="0 0.1443 0.2474 0.5285 0.7387 0.8275 0.8296 "
"Increment"=".009434"
"FRT"="5vnfaWSAJnKs4FtkI2L8Qy4cOgB1XTOg3I5Neu1xdG1K9WYAadxc9g=="
"PLCK"="rq7wuQhyeA7wxO+SO4UIGgMluvhHRnNF"
"PHSH"=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:5d,3b,90,b3,59,60,83,e8,b4,2d,b1,05,ae,0c,3a,a0,04,a6,dd,76,f7,
   c3,49,dd,fa,21,e0,59,fa,ec,7f,f2,88,3a,cc,81,c9,bd,40,2a,a8,72,be,05,90,47,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3480)
c:\windows\system32\btmmhook.dll
.
Completion time: 2014-04-27  21:22:52
ComboFix-quarantined-files.txt  2014-04-27 19:22
.
Pre-Run: 5.040.078.848 Bytes frei
Post-Run: 4.894.347.264 Bytes frei
.
- - End Of File - - D8CF4364E258F774D67E7ECC0A684689
61A349592C4728853F4A90FF78F7628E
         
Grüße,
Andreas

Alt 28.04.2014, 20:32   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert - Standard

Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.05.2014, 17:09   #8
Karl_Andreas
 
Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert - Standard

Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert



Hallo Schrauber,

ich war ein paar Tage geschäftlich unterwegs, habe in der Zeit meinen Computer aberauch nicht wirklich benutzt.

Hier sind die Logs:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 08.05.2014 14:57:28, SYSTEM, NBAB, Protection, Malware Protection, Starting, 
Protection, 08.05.2014 14:57:28, SYSTEM, NBAB, Protection, Malware Protection, Started, 
Protection, 08.05.2014 14:57:28, SYSTEM, NBAB, Protection, Malicious Website Protection, Starting, 
Protection, 08.05.2014 14:57:38, SYSTEM, NBAB, Protection, Malicious Website Protection, Started, 
Update, 08.05.2014 14:57:53, SYSTEM, NBAB, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1, 
Update, 08.05.2014 14:58:54, SYSTEM, NBAB, Manual, Malware Database, 2014.3.4.9, 2014.5.8.4, 
Protection, 08.05.2014 14:59:04, SYSTEM, NBAB, Protection, Refresh, Starting, 
Protection, 08.05.2014 14:59:04, SYSTEM, NBAB, Protection, Malicious Website Protection, Stopping, 
Protection, 08.05.2014 14:59:04, SYSTEM, NBAB, Protection, Malicious Website Protection, Stopped, 
Protection, 08.05.2014 14:59:10, SYSTEM, NBAB, Protection, Refresh, Success, 
Protection, 08.05.2014 14:59:10, SYSTEM, NBAB, Protection, Malicious Website Protection, Starting, 
Protection, 08.05.2014 14:59:11, SYSTEM, NBAB, Protection, Malicious Website Protection, Started, 

(end)
         
Code:
ATTFilter
# AdwCleaner v3.207 - Bericht erstellt am 08/05/2014 um 16:31:58
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzername : An-D - NBAB
# Gestartet von : C:\Users\An-D\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Vuze
Ordner Gelöscht : C:\Users\An-D\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\An-D\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\An-D\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\An-D\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\An-D\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\An-D\AppData\LocalLow\Vuze_Remote
Ordner Gelöscht : C:\Users\An-D\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\An-D\Documents\Optimizer Pro
Datei Gelöscht : C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69091116-E0CD-48F6-8037-B5579FD9D326}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

***** [ Browser ] *****

-\\ Internet Explorer v7.0.6001.18319


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\prefs.js ]

Zeile gelöscht : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Zeile gelöscht : user_pref("surfcanyon.last_checked_ts", "1266877330766");

-\\ Google Chrome v

[ Datei : C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=

*************************

AdwCleaner[R0].txt - [5042 octets] - [08/05/2014 16:25:53]
AdwCleaner[S0].txt - [4963 octets] - [08/05/2014 16:31:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5023 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by An-D on 08.05.2014 at 16:50:53,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\An-D\appdata\locallow\boost_interprocess"



~~~ FireFox

Emptied folder: C:\Users\An-D\AppData\Roaming\mozilla\firefox\profiles\xp78hkst.default\minidumps [22 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.05.2014 at 16:55:33,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-05-2014
Ran by An-D (administrator) on NBAB on 08-05-2014 17:02:04
Running from C:\Users\An-D\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Syntek America Inc.) C:\Windows\System32\StkCSrv.exe
() C:\Program Files\Verbindungsassistent\WTGService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Spotify Ltd) C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-07-22] (Intel Corporation)
HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC)
HKLM\...\Run: [pdfFactory Pro Dispatcher v3] => C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe [614400 2009-12-15] (FinePrint Software, LLC)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1641896 2013-06-07] (Valve Corporation)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [HumanizedEnso] => C:\Users\An-D\AppData\Local\HumanizedEnso\Enso.exe [117232 2008-01-14] ()
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify Web Helper] => C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-26] (Spotify Ltd)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify] => C:\Users\An-D\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-26] (Spotify Ltd)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk
ShortcutTarget: Inhaltsmanager-Assistent für PlayStation(R).lnk -> C:\Program Files\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\An-D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @3dvia.com/3DVIAStudioPlayer - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes)
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Move Media Player - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\moveplayer@movenetworks.com [2009-04-04]
FF Extension: FoxyTunes - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2012-03-27]
FF Extension: DownloadHelper - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26]
FF Extension: Add-on Compatibility Reporter - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\compatibility@addons.mozilla.org.xpi [2011-04-14]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-03-01]
FF Extension: Session Manager - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-08-04]
FF Extension: FlashGot - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-04-09]
FF Extension: NoScript - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-04]
FF Extension: Adblock Plus - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-31]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (3DVIA Player) - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\An-D\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-10]
CHR Extension: (Google-Suche) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-10]
CHR Extension: (Google Wallet) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]
CHR Extension: (Google Mail) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-10]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-04]
CHR StartMenuInternet: Google Chrome - C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2014-01-22] (AVAST Software)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [79144 2008-09-09] (Dassault Systèmes SolidWorks Corp.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584 2007-04-03] (Cisco Systems, Inc.)
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [181544 2009-05-01] (Seagate Technology LLC)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-13] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2009-01-28] (SolidWorks)
R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [31248 2008-01-16] (Syntek America Inc.)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2014-01-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2014-01-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [49760 2014-01-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2014-01-22] ()
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2014-01-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2014-01-22] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2014-01-22] ()
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306295 2007-04-03] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-06-25] (SAMSUNG ELECTRONICS CO., LTD.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1363088 2008-03-28] (Syntek)
S3 ADDMEM; \??\C:\Users\An-D\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\An-D\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-08 17:02 - 2014-05-08 17:02 - 00024301 _____ () C:\Users\An-D\Desktop\FRST.txt
2014-05-08 17:01 - 2014-05-08 17:01 - 00000000 ____D () C:\Users\An-D\Desktop\FRST-OlderVersion
2014-05-08 16:55 - 2014-05-08 16:55 - 00001166 _____ () C:\Users\An-D\Desktop\JRT.txt
2014-05-08 16:50 - 2014-05-08 16:50 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 16:49 - 2014-05-08 16:50 - 01016261 _____ (Thisisu) C:\Users\An-D\Downloads\JRT.exe
2014-05-08 16:42 - 2014-05-08 16:33 - 00005103 _____ () C:\Users\An-D\Desktop\AdwCleaner[S0].txt
2014-05-08 16:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-08 16:25 - 2014-05-08 16:33 - 00000000 ____D () C:\AdwCleaner
2014-05-08 15:34 - 2014-05-08 15:34 - 00001195 _____ () C:\Users\An-D\Desktop\mbam.txt
2014-05-08 14:57 - 2014-05-08 16:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 14:56 - 2014-05-08 14:56 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-08 14:56 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-08 14:56 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-08 14:56 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-08 14:54 - 2014-05-08 14:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\An-D\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-08 13:43 - 2014-05-08 13:46 - 00069010 _____ () C:\Users\An-D\Desktop\JRT.exe
2014-05-08 13:43 - 2014-05-08 13:43 - 01316991 _____ () C:\Users\An-D\Desktop\adwcleaner.exe
2014-05-08 13:42 - 2014-05-08 13:45 - 14269225 _____ (Malwarebytes Corporation ) C:\Users\An-D\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-30 20:52 - 2014-05-07 13:02 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-28 17:10 - 2014-05-08 16:34 - 00008086 _____ () C:\Windows\PFRO.log
2014-04-27 21:22 - 2014-04-27 21:22 - 00019121 _____ () C:\Users\An-D\Desktop\ComboFix.txt
2014-04-27 20:32 - 2014-04-27 21:23 - 00000000 ____D () C:\ComboFix
2014-04-27 19:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-27 19:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-27 19:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-27 19:09 - 2014-04-27 21:23 - 00000000 ____D () C:\Qoobox
2014-04-27 19:09 - 2014-04-27 19:51 - 00000000 ____D () C:\Windows\erdnt
2014-04-27 18:57 - 2014-04-27 18:57 - 00001057 _____ () C:\Users\An-D\Desktop\Revo Uninstaller.lnk
2014-04-27 18:57 - 2014-04-27 18:57 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-27 18:54 - 2014-04-27 18:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\An-D\Desktop\revosetup95.exe
2014-04-26 20:53 - 2014-04-26 20:54 - 05196309 ____R (Swearware) C:\Users\An-D\Desktop\ComboFix.exe
2014-04-26 03:59 - 2014-04-26 03:59 - 00008153 _____ () C:\Users\An-D\Desktop\Gmer.zip
2014-04-26 02:23 - 2014-04-26 02:23 - 00103056 _____ () C:\Users\An-D\Desktop\Gmer.txt
2014-04-26 01:29 - 2014-04-26 01:29 - 00149176 _____ () C:\Windows\Minidump\Mini042614-01.dmp
2014-04-26 01:04 - 2014-04-26 01:05 - 00380416 _____ () C:\Users\An-D\Desktop\Gmer-19357.exe
2014-04-26 00:59 - 2014-04-26 00:59 - 00040832 _____ () C:\Users\An-D\Desktop\Addition.txt
2014-04-26 00:58 - 2014-04-26 00:59 - 00042375 _____ () C:\Users\An-D\Desktop\FRST old.txt
2014-04-26 00:57 - 2014-05-08 17:02 - 00000000 ____D () C:\FRST
2014-04-26 00:54 - 2014-05-08 17:01 - 01053184 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe
2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log
2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable
2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe
2014-04-22 14:53 - 2014-04-30 07:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird
2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird
2014-04-22 14:47 - 2014-04-22 14:49 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-13 00:24 - 2014-04-13 00:25 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner

==================== One Month Modified Files and Folders =======

2014-05-08 17:02 - 2014-05-08 17:02 - 00024301 _____ () C:\Users\An-D\Desktop\FRST.txt
2014-05-08 17:02 - 2014-04-26 00:57 - 00000000 ____D () C:\FRST
2014-05-08 17:01 - 2014-05-08 17:01 - 00000000 ____D () C:\Users\An-D\Desktop\FRST-OlderVersion
2014-05-08 17:01 - 2014-04-26 00:54 - 01053184 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe
2014-05-08 17:01 - 2008-12-27 17:11 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job
2014-05-08 16:55 - 2014-05-08 16:55 - 00001166 _____ () C:\Users\An-D\Desktop\JRT.txt
2014-05-08 16:51 - 2013-05-31 15:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-08 16:50 - 2014-05-08 16:50 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 16:50 - 2014-05-08 16:49 - 01016261 _____ (Thisisu) C:\Users\An-D\Downloads\JRT.exe
2014-05-08 16:42 - 2006-11-02 12:33 - 00824910 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-08 16:41 - 2012-06-04 01:20 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Spotify
2014-05-08 16:40 - 2010-04-06 23:58 - 00000000 ____D () C:\Program Files\Steam
2014-05-08 16:39 - 2008-10-24 02:04 - 01311057 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 16:38 - 2012-06-04 01:21 - 00000000 ____D () C:\Users\An-D\AppData\Local\Spotify
2014-05-08 16:38 - 2012-02-14 17:49 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Dropbox
2014-05-08 16:37 - 2014-05-08 14:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 16:37 - 2009-02-25 19:38 - 00264787 _____ () C:\ProgramData\nvModes.001
2014-05-08 16:37 - 2009-02-25 18:51 - 00264787 _____ () C:\ProgramData\nvModes.dat
2014-05-08 16:35 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-08 16:35 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-08 16:35 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-08 16:34 - 2014-04-28 17:10 - 00008086 _____ () C:\Windows\PFRO.log
2014-05-08 16:34 - 2012-04-25 22:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-08 16:33 - 2014-05-08 16:42 - 00005103 _____ () C:\Users\An-D\Desktop\AdwCleaner[S0].txt
2014-05-08 16:33 - 2014-05-08 16:25 - 00000000 ____D () C:\AdwCleaner
2014-05-08 16:33 - 2008-06-25 23:08 - 00000836 _____ () C:\Windows\bthservsdp.dat
2014-05-08 16:33 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-08 15:35 - 2012-06-10 23:05 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA.job
2014-05-08 15:34 - 2014-05-08 15:34 - 00001195 _____ () C:\Users\An-D\Desktop\mbam.txt
2014-05-08 14:56 - 2014-05-08 14:56 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-08 14:55 - 2014-05-08 14:54 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\An-D\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-08 13:46 - 2014-05-08 13:43 - 00069010 _____ () C:\Users\An-D\Desktop\JRT.exe
2014-05-08 13:45 - 2014-05-08 13:42 - 14269225 _____ (Malwarebytes Corporation ) C:\Users\An-D\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-08 13:43 - 2014-05-08 13:43 - 01316991 _____ () C:\Users\An-D\Desktop\adwcleaner.exe
2014-05-07 13:02 - 2014-04-30 20:52 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-05-03 03:35 - 2012-06-10 23:04 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core.job
2014-05-03 02:41 - 2013-12-20 09:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-30 07:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird
2014-04-30 07:51 - 2012-03-31 11:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-30 07:51 - 2011-05-21 20:08 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 16:18 - 2008-11-19 00:20 - 00116736 _____ () C:\Users\An-D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-27 21:23 - 2014-04-27 20:32 - 00000000 ____D () C:\ComboFix
2014-04-27 21:23 - 2014-04-27 19:09 - 00000000 ____D () C:\Qoobox
2014-04-27 21:22 - 2014-04-27 21:22 - 00019121 _____ () C:\Users\An-D\Desktop\ComboFix.txt
2014-04-27 21:22 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-04-27 21:22 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-04-27 20:47 - 2006-11-02 12:23 - 00000259 _____ () C:\Windows\system.ini
2014-04-27 19:51 - 2014-04-27 19:09 - 00000000 ____D () C:\Windows\erdnt
2014-04-27 18:57 - 2014-04-27 18:57 - 00001057 _____ () C:\Users\An-D\Desktop\Revo Uninstaller.lnk
2014-04-27 18:57 - 2014-04-27 18:57 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-27 18:54 - 2014-04-27 18:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\An-D\Desktop\revosetup95.exe
2014-04-26 20:54 - 2014-04-26 20:53 - 05196309 ____R (Swearware) C:\Users\An-D\Desktop\ComboFix.exe
2014-04-26 03:59 - 2014-04-26 03:59 - 00008153 _____ () C:\Users\An-D\Desktop\Gmer.zip
2014-04-26 03:59 - 2009-02-16 18:42 - 00000000 ____D () C:\Program Files\PowerArchiver
2014-04-26 02:23 - 2014-04-26 02:23 - 00103056 _____ () C:\Users\An-D\Desktop\Gmer.txt
2014-04-26 01:29 - 2014-04-26 01:29 - 00149176 _____ () C:\Windows\Minidump\Mini042614-01.dmp
2014-04-26 01:29 - 2008-12-21 00:04 - 444861160 _____ () C:\Windows\MEMORY.DMP
2014-04-26 01:29 - 2008-12-21 00:04 - 00000000 ____D () C:\Windows\Minidump
2014-04-26 01:05 - 2014-04-26 01:04 - 00380416 _____ () C:\Users\An-D\Desktop\Gmer-19357.exe
2014-04-26 00:59 - 2014-04-26 00:59 - 00040832 _____ () C:\Users\An-D\Desktop\Addition.txt
2014-04-26 00:59 - 2014-04-26 00:58 - 00042375 _____ () C:\Users\An-D\Desktop\FRST old.txt
2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log
2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable
2014-04-26 00:51 - 2008-11-15 16:35 - 00000000 ____D () C:\Users\An-D
2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe
2014-04-23 16:41 - 2012-12-09 21:33 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird
2014-04-22 14:49 - 2014-04-22 14:47 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-13 00:25 - 2014-04-13 00:24 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner

Some content of TEMP:
====================
C:\Users\An-D\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphwlyzf.dll
C:\Users\An-D\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-08 16:41

==================== End Of Log ============================
         
--- --- ---

Alt 09.05.2014, 12:27   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert - Standard

Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.05.2014, 19:01   #10
Karl_Andreas
 
Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert - Standard

Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=75b56f0cb58e8b42b110274619462bbd
# engine=18210
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-10 04:50:59
# local_time=2014-05-10 06:50:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776574 100 100 92882018 237273387 0 0
# scanned=421866
# found=2
# cleaned=0
# scan_time=10033
sh=04EC27C13D5660967EC96F334F3798695C64A942 ft=1 fh=82bf198cef546e38 vn="Win32/PSW.Papras.CX Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\pmsqql.dat.vir"
sh=B58B698C21ABDF1F1647914389FEF31B9F854EF0 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-0507.AH Trojaner" ac=I fn="C:\Users\An-D\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\5618bf91-62972101"
         
Nach dem Starten und dem drücken einer beliebigen Tast spuckt SecurityCheck nur
' UNSUPPORTED OPERATING SYSTEM! ABORTED!'
aus...


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-05-2014
Ran by An-D (administrator) on NBAB on 10-05-2014 18:59:57
Running from C:\Users\An-D\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Syntek America Inc.) C:\Windows\System32\StkCSrv.exe
() C:\Program Files\Verbindungsassistent\WTGService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Spotify Ltd) C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-07-22] (Intel Corporation)
HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC)
HKLM\...\Run: [pdfFactory Pro Dispatcher v3] => C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe [614400 2009-12-15] (FinePrint Software, LLC)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1641896 2013-06-07] (Valve Corporation)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [HumanizedEnso] => C:\Users\An-D\AppData\Local\HumanizedEnso\Enso.exe [117232 2008-01-14] ()
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify Web Helper] => C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-26] (Spotify Ltd)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify] => C:\Users\An-D\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-26] (Spotify Ltd)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk
ShortcutTarget: Inhaltsmanager-Assistent für PlayStation(R).lnk -> C:\Program Files\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\An-D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @3dvia.com/3DVIAStudioPlayer - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes)
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Move Media Player - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\moveplayer@movenetworks.com [2009-04-04]
FF Extension: FoxyTunes - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2012-03-27]
FF Extension: DownloadHelper - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26]
FF Extension: Add-on Compatibility Reporter - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\compatibility@addons.mozilla.org.xpi [2011-04-14]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-03-01]
FF Extension: Session Manager - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-08-04]
FF Extension: FlashGot - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-04-09]
FF Extension: NoScript - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-04]
FF Extension: Adblock Plus - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-31]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (3DVIA Player) - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\An-D\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-10]
CHR Extension: (Google-Suche) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-10]
CHR Extension: (Google Wallet) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]
CHR Extension: (Google Mail) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-10]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-04]
CHR StartMenuInternet: Google Chrome - C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2014-01-22] (AVAST Software)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [79144 2008-09-09] (Dassault Systèmes SolidWorks Corp.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584 2007-04-03] (Cisco Systems, Inc.)
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [181544 2009-05-01] (Seagate Technology LLC)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-13] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2009-01-28] (SolidWorks)
R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [31248 2008-01-16] (Syntek America Inc.)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2014-01-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2014-01-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [49760 2014-01-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2014-01-22] ()
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2014-01-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2014-01-22] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2014-01-22] ()
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306295 2007-04-03] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-06-25] (SAMSUNG ELECTRONICS CO., LTD.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1363088 2008-03-28] (Syntek)
S3 ADDMEM; \??\C:\Users\An-D\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\An-D\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-10 18:59 - 2014-05-10 18:59 - 00024211 _____ () C:\Users\An-D\Desktop\FRST.txt
2014-05-10 18:58 - 2014-05-10 18:58 - 00855379 _____ () C:\Users\An-D\Downloads\SecurityCheck.exe
2014-05-10 15:55 - 2014-05-10 15:55 - 02347384 _____ (ESET) C:\Users\An-D\Downloads\esetsmartinstaller_deu.exe
2014-05-08 17:02 - 2014-05-08 17:02 - 00037591 _____ () C:\Users\An-D\Desktop\FRST old.txt
2014-05-08 17:01 - 2014-05-10 18:59 - 00000000 ____D () C:\Users\An-D\Desktop\FRST-OlderVersion
2014-05-08 16:55 - 2014-05-08 16:55 - 00001166 _____ () C:\Users\An-D\Desktop\JRT.txt
2014-05-08 16:50 - 2014-05-08 16:50 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 16:49 - 2014-05-08 16:50 - 01016261 _____ (Thisisu) C:\Users\An-D\Downloads\JRT.exe
2014-05-08 16:42 - 2014-05-08 16:33 - 00005103 _____ () C:\Users\An-D\Desktop\AdwCleaner[S0].txt
2014-05-08 16:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-08 16:25 - 2014-05-08 16:33 - 00000000 ____D () C:\AdwCleaner
2014-05-08 15:34 - 2014-05-08 15:34 - 00001195 _____ () C:\Users\An-D\Desktop\mbam.txt
2014-05-08 14:57 - 2014-05-08 16:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 14:56 - 2014-05-08 14:56 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-08 14:56 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-08 14:56 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-08 14:56 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-08 14:54 - 2014-05-08 14:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\An-D\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-08 13:43 - 2014-05-08 13:46 - 00069010 _____ () C:\Users\An-D\Desktop\JRT.exe
2014-05-08 13:43 - 2014-05-08 13:43 - 01316991 _____ () C:\Users\An-D\Desktop\adwcleaner.exe
2014-05-08 13:42 - 2014-05-08 13:45 - 14269225 _____ (Malwarebytes Corporation ) C:\Users\An-D\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-30 20:52 - 2014-05-07 13:02 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-28 17:10 - 2014-05-08 16:34 - 00008086 _____ () C:\Windows\PFRO.log
2014-04-27 21:22 - 2014-04-27 21:22 - 00019121 _____ () C:\Users\An-D\Desktop\ComboFix.txt
2014-04-27 20:32 - 2014-04-27 21:23 - 00000000 ____D () C:\ComboFix
2014-04-27 19:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-27 19:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-27 19:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-27 19:09 - 2014-04-27 21:23 - 00000000 ____D () C:\Qoobox
2014-04-27 19:09 - 2014-04-27 19:51 - 00000000 ____D () C:\Windows\erdnt
2014-04-27 18:57 - 2014-04-27 18:57 - 00001057 _____ () C:\Users\An-D\Desktop\Revo Uninstaller.lnk
2014-04-27 18:57 - 2014-04-27 18:57 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-27 18:54 - 2014-04-27 18:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\An-D\Desktop\revosetup95.exe
2014-04-26 20:53 - 2014-04-26 20:54 - 05196309 ____R (Swearware) C:\Users\An-D\Desktop\ComboFix.exe
2014-04-26 03:59 - 2014-04-26 03:59 - 00008153 _____ () C:\Users\An-D\Desktop\Gmer.zip
2014-04-26 02:23 - 2014-04-26 02:23 - 00103056 _____ () C:\Users\An-D\Desktop\Gmer.txt
2014-04-26 01:29 - 2014-04-26 01:29 - 00149176 _____ () C:\Windows\Minidump\Mini042614-01.dmp
2014-04-26 01:04 - 2014-04-26 01:05 - 00380416 _____ () C:\Users\An-D\Desktop\Gmer-19357.exe
2014-04-26 00:59 - 2014-04-26 00:59 - 00040832 _____ () C:\Users\An-D\Desktop\Addition.txt
2014-04-26 00:57 - 2014-05-10 18:59 - 00000000 ____D () C:\FRST
2014-04-26 00:54 - 2014-05-10 18:59 - 01054720 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe
2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log
2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable
2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe
2014-04-22 14:53 - 2014-04-30 07:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird
2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird
2014-04-22 14:47 - 2014-04-22 14:49 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-13 00:24 - 2014-04-13 00:25 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner

==================== One Month Modified Files and Folders =======

2014-05-10 19:00 - 2014-05-10 18:59 - 00024211 _____ () C:\Users\An-D\Desktop\FRST.txt
2014-05-10 18:59 - 2014-05-08 17:01 - 00000000 ____D () C:\Users\An-D\Desktop\FRST-OlderVersion
2014-05-10 18:59 - 2014-04-26 00:57 - 00000000 ____D () C:\FRST
2014-05-10 18:59 - 2014-04-26 00:54 - 01054720 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe
2014-05-10 18:58 - 2014-05-10 18:58 - 00855379 _____ () C:\Users\An-D\Downloads\SecurityCheck.exe
2014-05-10 18:52 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-10 18:52 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-10 18:51 - 2013-05-31 15:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-10 18:35 - 2012-06-10 23:05 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA.job
2014-05-10 15:55 - 2014-05-10 15:55 - 02347384 _____ (ESET) C:\Users\An-D\Downloads\esetsmartinstaller_deu.exe
2014-05-10 15:54 - 2006-11-02 12:33 - 00824910 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-10 15:50 - 2009-02-25 19:38 - 00264787 _____ () C:\ProgramData\nvModes.001
2014-05-10 15:50 - 2009-02-25 18:51 - 00264787 _____ () C:\ProgramData\nvModes.dat
2014-05-10 15:50 - 2008-10-24 02:04 - 01311426 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 17:02 - 2014-05-08 17:02 - 00037591 _____ () C:\Users\An-D\Desktop\FRST old.txt
2014-05-08 17:01 - 2008-12-27 17:11 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job
2014-05-08 16:55 - 2014-05-08 16:55 - 00001166 _____ () C:\Users\An-D\Desktop\JRT.txt
2014-05-08 16:50 - 2014-05-08 16:50 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 16:50 - 2014-05-08 16:49 - 01016261 _____ (Thisisu) C:\Users\An-D\Downloads\JRT.exe
2014-05-08 16:41 - 2012-06-04 01:20 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Spotify
2014-05-08 16:40 - 2010-04-06 23:58 - 00000000 ____D () C:\Program Files\Steam
2014-05-08 16:38 - 2012-06-04 01:21 - 00000000 ____D () C:\Users\An-D\AppData\Local\Spotify
2014-05-08 16:38 - 2012-02-14 17:49 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Dropbox
2014-05-08 16:37 - 2014-05-08 14:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 16:35 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-08 16:34 - 2014-04-28 17:10 - 00008086 _____ () C:\Windows\PFRO.log
2014-05-08 16:34 - 2012-04-25 22:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-08 16:33 - 2014-05-08 16:42 - 00005103 _____ () C:\Users\An-D\Desktop\AdwCleaner[S0].txt
2014-05-08 16:33 - 2014-05-08 16:25 - 00000000 ____D () C:\AdwCleaner
2014-05-08 16:33 - 2008-06-25 23:08 - 00000836 _____ () C:\Windows\bthservsdp.dat
2014-05-08 16:33 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-08 15:34 - 2014-05-08 15:34 - 00001195 _____ () C:\Users\An-D\Desktop\mbam.txt
2014-05-08 14:56 - 2014-05-08 14:56 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-08 14:55 - 2014-05-08 14:54 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\An-D\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-08 13:46 - 2014-05-08 13:43 - 00069010 _____ () C:\Users\An-D\Desktop\JRT.exe
2014-05-08 13:45 - 2014-05-08 13:42 - 14269225 _____ (Malwarebytes Corporation ) C:\Users\An-D\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-08 13:43 - 2014-05-08 13:43 - 01316991 _____ () C:\Users\An-D\Desktop\adwcleaner.exe
2014-05-07 13:02 - 2014-04-30 20:52 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-05-03 03:35 - 2012-06-10 23:04 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core.job
2014-05-03 02:41 - 2013-12-20 09:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-30 07:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird
2014-04-30 07:51 - 2012-03-31 11:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-30 07:51 - 2011-05-21 20:08 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 16:18 - 2008-11-19 00:20 - 00116736 _____ () C:\Users\An-D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-27 21:23 - 2014-04-27 20:32 - 00000000 ____D () C:\ComboFix
2014-04-27 21:23 - 2014-04-27 19:09 - 00000000 ____D () C:\Qoobox
2014-04-27 21:22 - 2014-04-27 21:22 - 00019121 _____ () C:\Users\An-D\Desktop\ComboFix.txt
2014-04-27 21:22 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-04-27 21:22 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-04-27 20:47 - 2006-11-02 12:23 - 00000259 _____ () C:\Windows\system.ini
2014-04-27 19:51 - 2014-04-27 19:09 - 00000000 ____D () C:\Windows\erdnt
2014-04-27 18:57 - 2014-04-27 18:57 - 00001057 _____ () C:\Users\An-D\Desktop\Revo Uninstaller.lnk
2014-04-27 18:57 - 2014-04-27 18:57 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-27 18:54 - 2014-04-27 18:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\An-D\Desktop\revosetup95.exe
2014-04-26 20:54 - 2014-04-26 20:53 - 05196309 ____R (Swearware) C:\Users\An-D\Desktop\ComboFix.exe
2014-04-26 03:59 - 2014-04-26 03:59 - 00008153 _____ () C:\Users\An-D\Desktop\Gmer.zip
2014-04-26 03:59 - 2009-02-16 18:42 - 00000000 ____D () C:\Program Files\PowerArchiver
2014-04-26 02:23 - 2014-04-26 02:23 - 00103056 _____ () C:\Users\An-D\Desktop\Gmer.txt
2014-04-26 01:29 - 2014-04-26 01:29 - 00149176 _____ () C:\Windows\Minidump\Mini042614-01.dmp
2014-04-26 01:29 - 2008-12-21 00:04 - 444861160 _____ () C:\Windows\MEMORY.DMP
2014-04-26 01:29 - 2008-12-21 00:04 - 00000000 ____D () C:\Windows\Minidump
2014-04-26 01:05 - 2014-04-26 01:04 - 00380416 _____ () C:\Users\An-D\Desktop\Gmer-19357.exe
2014-04-26 00:59 - 2014-04-26 00:59 - 00040832 _____ () C:\Users\An-D\Desktop\Addition.txt
2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log
2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable
2014-04-26 00:51 - 2008-11-15 16:35 - 00000000 ____D () C:\Users\An-D
2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe
2014-04-23 16:41 - 2012-12-09 21:33 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird
2014-04-22 14:49 - 2014-04-22 14:47 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-13 00:25 - 2014-04-13 00:24 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner

Some content of TEMP:
====================
C:\Users\An-D\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphwlyzf.dll
C:\Users\An-D\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-08 16:41

==================== End Of Log ============================
         
--- --- ---

Alt 11.05.2014, 13:34   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert - Standard

Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert



Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.




Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert
administrator, avast, blockiert, bluescreen, durch gruppenrichtlinie blockiert, e-banking, einloggen, forum, gmer, gruppenrichtlinie blockiert, home, logfile, löschen, malware, neustart, programm, seite, startseite, suche, vista, wiederholt, win32/psw.papras.cx, windows, windows vista, überprüfung



Ähnliche Themen: Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert


  1. Avast durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 27.11.2014 (11)
  2. Windows 7 Home Premium - Avast - Gruppenrichtlinie
    Log-Analyse und Auswertung - 04.11.2014 (5)
  3. Avast durch Gruppenrichtlinie blockiert.
    Log-Analyse und Auswertung - 24.10.2014 (13)
  4. Avast-dieses Programm wurde durch eine Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 08.10.2014 (4)
  5. Avast wird durch Gruppenrichtlinie blockiert.
    Log-Analyse und Auswertung - 28.09.2014 (7)
  6. Avast durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 18.09.2014 (19)
  7. Avast - ....durch eine gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 22.08.2014 (12)
  8. WIndows Vista Home Premium: Avira lässt sich nicht deinstallieren (Gruppenrichtlinie)
    Log-Analyse und Auswertung - 17.08.2014 (9)
  9. Avast durch Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 31.07.2014 (8)
  10. Trojaner? Avast wurde durch eine Gruppenrichtlinie blockiert.
    Plagegeister aller Art und deren Bekämpfung - 25.06.2014 (25)
  11. Avast durch Gruppenrichtlinie blockiert
    Plagegeister aller Art und deren Bekämpfung - 02.06.2014 (13)
  12. Avast durch Gruppenrichtlinie blockiert.
    Plagegeister aller Art und deren Bekämpfung - 27.05.2014 (5)
  13. Avast durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 22.05.2014 (7)
  14. Windows 7 Home: Problem beim Starten des Virenscanners "dieses programm wurde durch die Gruppenrichtlinie blockiert "
    Log-Analyse und Auswertung - 05.05.2014 (9)
  15. Avast - Datei wurde durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 02.05.2014 (15)
  16. Avast durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 01.05.2014 (11)
  17. Avast durch Gruppenrichtlinie blockiert.
    Log-Analyse und Auswertung - 04.04.2014 (11)

Zum Thema Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert - Sehr geehrtes Malwareteam, vor zwei Tagen wollte ich per online-banking eine Überweisung tätigen und war überrascht das ich nach dem Einloggen via web interface nicht direkt zur Startseite des online-bankings - Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert...
Archiv
Du betrachtest: Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.