|
Log-Analyse und Auswertung: Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.04.2014, 03:02 | #1 |
| Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert Sehr geehrtes Malwareteam, vor zwei Tagen wollte ich per online-banking eine Überweisung tätigen und war überrascht das ich nach dem Einloggen via web interface nicht direkt zur Startseite des online-bankings kam. Statt dessen erschien ein Ladebalken und kurz darauf die Aufforderung die mir per SMS zugesandte TAN-Nummer einzugeben um auf mein online-banking zugreifen zu können (ich erhielt tatsächlich eine SMS wie ich es vom mTAN-Verfahren gewohnt bin, allerdings mit einer spanischen IBAN-Nummer und einem ziemlich hohen Betrag). Ich gab nichts ein, schloss den Tab und meldete mich erneut an, mit gleichem Ergebnis. Auch die SMS erhielt ich ein zweites Mal. Ich gab wiederholt nichts ein und wartete auf den nächsten Tag um mit meiner Bank zu sprechen. Diese empfahl mir mein Antivirenprogramm durchlaufen zu lassen da sie Malware vermuteten. Die Avast-Überprüfung hatte einen Eintrag als Ergebnis, ich klickte auf 'Löschen'. Avast empfahl mir eine Startüberprüfung durchlaufen zu lassen, was ich dann heute machen wollte. Nach dem Neustart begann allerdings nicht wie gewohnt die Überprüfung sondern Windows fuhr einfach ganz normal hoch. Nachdem ich mich angemeldet hatte stellte ich fest das Avast nicht automatisch gestartet war. Beim Versuch es aus dem Startmenü zu starten erhielt ich dann die Meldung das Avast durch Gruppenrichtlinien blockiert ist und ich den Administrator kontaktieren soll. Durch kurze Suche bei google stieß ich dann auf Euer Forum in dem kürzlich ein ähnliches Problem behandelt wurde (http://www.trojaner-board.de/151511-...ockiert-2.html). Ich habe defogger, FRST und GMER wie von Euch beschrieben durchlaufen lassen. Gmer verursachte bei ersten Versuch einen Bluescreen, nachdem ich das Häckchen bei 'Devices' entfernt hatte lief es problemlos durch. Ein Logfile von Avast hätte ich gerne mitgeschickt, aber leider lässt sich das Programm nicht öffnen... Das von GMER habe ich gezippt, da es mit 100kb zu groß war. Ich hoffe das ist in Ordnung. Ich würde mich freuen wenn Ihr auch mir weiterhelfen könntet. Mit besten Grüßen, Andreas |
26.04.2014, 06:51 | #2 |
/// the machine /// TB-Ausbilder | Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
26.04.2014, 14:50 | #3 |
| Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert Ok schrauber, kein Problem.
__________________Ich hatte bedenken die Logs auf zwei Posts aufzuteilen weil in den Richtlinien steht das man nicht auf seinen eigenen Thread antworten soll, weil andere sonst glauben dass das Problem schon von jemandem bearbeitet wird. ^^ defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 00:51 on 26/04/2014 (An-D) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-04-2014 Ran by An-D (administrator) on NBAB on 26-04-2014 00:58:43 Running from C:\Users\An-D\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 7 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Syntek America Inc.) C:\Windows\System32\StkCSrv.exe () C:\Program Files\Verbindungsassistent\WTGService.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Dropbox, Inc.) C:\Users\An-D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Spotify Ltd) C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe () C:\Users\An-D\Desktop\Defogger.exe (Microsoft Corporation) C:\Windows\system32\conime.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-07-22] (Intel Corporation) HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC) HKLM\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4858968 2014-01-22] (AVAST Software) HKLM\...\Run: [pdfFactory Pro Dispatcher v3] => C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe [614400 2009-12-15] (FinePrint Software, LLC) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1641896 2013-06-07] (Valve Corporation) HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [HumanizedEnso] => C:\Users\An-D\AppData\Local\HumanizedEnso\Enso.exe [117232 2008-01-14] () HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify Web Helper] => C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-26] (Spotify Ltd) HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Google Update] => C:\Users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-10] (Google Inc.) HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify] => C:\Users\An-D\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-26] (Spotify Ltd) HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [pmsqql] => regsvr32.exe "C:\ProgramData\pmsqql.dat" HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: G - G:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {09e26436-1893-11de-923a-002269c9ea11} - p.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {14c6265b-2de9-11df-93f1-002269c9ea11} - F:\LaunchU3.exe -a HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {1eb03993-d1b4-11e2-9b9d-00059a3c7800} - G:\Menu.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {3a67534b-4d29-11df-aba7-00059a3c7800} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sandisk.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {5c904384-c91e-11df-80c1-00059a3c7800} - H:\LaunchU3.exe -a HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {6a97e9da-dfd2-11de-92ca-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\usb_tools.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {6a97ea13-dfd2-11de-92ca-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\sandisk.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {6a97ea16-dfd2-11de-92ca-002269c9ea11} - G:\LaunchU3.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {6a97eb62-dfd2-11de-92ca-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sandisk.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {6c6a0691-dcb2-11dd-a6a8-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\RECYCLER\S-0-2-53-100022423-100008186-100022374-7694.com l:\ HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {745e0bc4-f936-11de-9b78-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\u3_sandisk.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {745e0bd0-f936-11de-9b78-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {745e0bed-f936-11de-9b78-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\usb_tools.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {745e0c2e-f936-11de-9b78-00059a3c7800} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\kingston.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {75e83d7f-159f-11e0-a2a0-002269c9ea11} - G:\PCStart.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {9001cf89-e01a-11e2-90d0-002269c9ea11} - G:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {ab65ec01-7b36-11e3-b8b6-002269c9ea11} - G:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {add2cce4-0a76-11df-a970-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_tools.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {b2fda7ce-699a-11df-989d-002269c9ea11} - F:\LaunchU3.exe -a HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {d9791e4f-d3e8-11de-abba-002269c9ea11} - F:\Menu.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {d9791e62-d3e8-11de-abba-002269c9ea11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\kingston.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {e8a498c1-3d76-11df-a605-002269c9ea11} - F:\AutoRun.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {e8a498db-3d76-11df-a605-002269c9ea11} - F:\AutoRun.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {eb0ad2d0-aaee-11e0-a24a-002269c9ea11} - F:\RunClubSanDisk.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {f854b1d6-4efa-11de-8c8a-00059a3c7800} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL serivces.exe HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\MountPoints2: {f8ffd9ee-cf00-11de-a39c-00059a3c7800} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\sandisk.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk ShortcutTarget: Inhaltsmanager-Assistent für PlayStation(R).lnk -> C:\Program Files\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.) Startup: C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\An-D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir= HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir= URLSearchHook: HKLM - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.) URLSearchHook: HKCU - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.) SearchScopes: HKLM - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir= SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir= SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir= SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir= BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial) Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.) Toolbar: HKLM - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial) Toolbar: HKCU - Vuze Remote Toolbar - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default FF user.js: detected! => C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\user.js FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir= FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*'))%20%7B%20return%20'PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF Plugin: @3dvia.com/3DVIAStudioPlayer - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes) FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\searchplugins\Mysearchdial.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Move Media Player - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\moveplayer@movenetworks.com [2009-04-04] FF Extension: No Name - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\staged [2014-04-25] FF Extension: FoxyTunes - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2012-03-27] FF Extension: DownloadHelper - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26] FF Extension: Add-on Compatibility Reporter - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\compatibility@addons.mozilla.org.xpi [2011-04-14] FF Extension: ProxMate - Proxy on steroids! - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-03-01] FF Extension: Session Manager - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-08-04] FF Extension: FlashGot - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-04-09] FF Extension: NoScript - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-04] FF Extension: Adblock Plus - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27] FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-12-20] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-20] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-31] FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (3DVIA Player) - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Google Update) - C:\Users\An-D\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (YouTube) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-10] CHR Extension: (Google-Suche) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-10] CHR Extension: (Google Wallet) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28] CHR Extension: (Google Mail) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-10] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-04] CHR StartMenuInternet: Google Chrome - C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2014-01-22] (AVAST Software) S3 CoordinatorServiceHost; C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [79144 2008-09-09] (Dassault Systèmes SolidWorks Corp.) R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584 2007-04-03] (Cisco Systems, Inc.) R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [181544 2009-05-01] (Seagate Technology LLC) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-13] (Microsoft Corporation) S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2009-01-28] (SolidWorks) R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [31248 2008-01-16] (Syntek America Inc.) R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] () ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2014-01-22] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2014-01-22] (AVAST Software) R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [49760 2014-01-22] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2014-01-22] () R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2014-01-22] (AVAST Software) R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2014-01-22] (AVAST Software) R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2014-01-22] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2014-01-22] () S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306295 2007-04-03] (Cisco Systems, Inc.) R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.) R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-06-25] (SAMSUNG ELECTRONICS CO., LTD.) R3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1363088 2008-03-28] (Syntek) S3 ADDMEM; \??\C:\Users\An-D\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-26 00:58 - 2014-04-26 00:59 - 00033437 _____ () C:\Users\An-D\Desktop\FRST.txt 2014-04-26 00:57 - 2014-04-26 00:58 - 00000000 ____D () C:\FRST 2014-04-26 00:54 - 2014-04-26 00:55 - 01049088 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe 2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log 2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable 2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe 2014-04-23 15:02 - 2014-04-23 15:02 - 00298624 _____ (Microsoft Corporation) C:\ProgramData\pmsqql.dat 2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird 2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird 2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-04-22 14:49 - 2014-04-22 14:49 - 00000000 ____D () C:\Users\An-D\Desktop\PERRARO Shooting Schloss Wasserburg 2014-04-22 14:47 - 2014-04-22 14:49 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe 2014-04-13 00:24 - 2014-04-13 00:25 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner 2014-04-09 12:32 - 2014-04-25 23:24 - 00003194 _____ () C:\Users\An-D\Desktop\Meeting 140408 Shooting.txt 2014-04-04 03:57 - 2014-04-04 03:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-04-04 03:56 - 2014-04-04 03:56 - 00000000 ____D () C:\Program Files\iPod 2014-04-04 03:55 - 2014-04-04 03:57 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-04-04 03:45 - 2014-04-04 03:45 - 00000000 ____D () C:\Users\An-D\Documents\Optimizer Pro 2014-04-04 03:40 - 2014-04-04 03:40 - 00002107 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2014-04-04 03:39 - 2014-04-04 03:40 - 00000000 ____D () C:\Program Files\DVDVideoSoft 2014-04-04 03:16 - 2014-04-04 03:16 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\mysearchdial 2014-04-04 03:16 - 2014-04-04 03:16 - 00000000 ____D () C:\Program Files\Mysearchdial 2014-04-04 03:14 - 2014-04-04 03:14 - 00634240 _____ () C:\Users\An-D\Downloads\FreeYouTubeToMP3Converter.exe 2014-04-01 01:58 - 2014-04-01 01:58 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\DropboxMaster ==================== One Month Modified Files and Folders ======= 2014-04-26 00:59 - 2014-04-26 00:58 - 00033437 _____ () C:\Users\An-D\Desktop\FRST.txt 2014-04-26 00:58 - 2014-04-26 00:57 - 00000000 ____D () C:\FRST 2014-04-26 00:55 - 2014-04-26 00:54 - 01049088 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe 2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log 2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable 2014-04-26 00:51 - 2013-05-31 15:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-26 00:51 - 2008-11-15 16:35 - 00000000 ____D () C:\Users\An-D 2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe 2014-04-26 00:35 - 2012-06-10 23:05 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA.job 2014-04-26 00:16 - 2008-12-27 17:11 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job 2014-04-26 00:04 - 2012-06-04 01:20 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Spotify 2014-04-26 00:02 - 2012-06-04 01:21 - 00000000 ____D () C:\Users\An-D\AppData\Local\Spotify 2014-04-26 00:02 - 2006-11-02 12:33 - 00824910 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-26 00:01 - 2012-02-14 17:49 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Dropbox 2014-04-26 00:01 - 2010-04-06 23:58 - 00000000 ____D () C:\Program Files\Steam 2014-04-26 00:00 - 2009-02-25 19:38 - 00264787 _____ () C:\ProgramData\nvModes.001 2014-04-26 00:00 - 2009-02-25 18:51 - 00264787 _____ () C:\ProgramData\nvModes.dat 2014-04-26 00:00 - 2008-10-24 02:04 - 01277665 _____ () C:\Windows\WindowsUpdate.log 2014-04-25 23:56 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-25 23:56 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-25 23:56 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-25 23:55 - 2008-06-25 23:08 - 00000836 _____ () C:\Windows\bthservsdp.dat 2014-04-25 23:55 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-25 23:27 - 2012-04-25 22:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-04-25 23:24 - 2014-04-09 12:32 - 00003194 _____ () C:\Users\An-D\Desktop\Meeting 140408 Shooting.txt 2014-04-23 16:41 - 2012-12-09 21:33 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-23 15:02 - 2014-04-23 15:02 - 00298624 _____ (Microsoft Corporation) C:\ProgramData\pmsqql.dat 2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird 2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird 2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-04-22 14:49 - 2014-04-22 14:49 - 00000000 ____D () C:\Users\An-D\Desktop\PERRARO Shooting Schloss Wasserburg 2014-04-22 14:49 - 2014-04-22 14:47 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe 2014-04-19 03:35 - 2012-06-10 23:04 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core.job 2014-04-13 00:25 - 2014-04-13 00:24 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner 2014-04-04 03:57 - 2014-04-04 03:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-04-04 03:57 - 2014-04-04 03:55 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-04-04 03:57 - 2008-12-21 00:18 - 00000000 ____D () C:\Program Files\iTunes 2014-04-04 03:56 - 2014-04-04 03:56 - 00000000 ____D () C:\Program Files\iPod 2014-04-04 03:56 - 2008-11-15 18:16 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-04-04 03:45 - 2014-04-04 03:45 - 00000000 ____D () C:\Users\An-D\Documents\Optimizer Pro 2014-04-04 03:40 - 2014-04-04 03:40 - 00002107 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2014-04-04 03:40 - 2014-04-04 03:39 - 00000000 ____D () C:\Program Files\DVDVideoSoft 2014-04-04 03:40 - 2013-07-22 01:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-04-04 03:39 - 2013-07-22 01:38 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\DVDVideoSoft 2014-04-04 03:39 - 2013-07-22 01:38 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2014-04-04 03:31 - 2013-12-20 09:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-04 03:31 - 2009-02-08 10:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-04 03:28 - 2013-08-31 20:23 - 00001870 _____ () C:\Users\An-D\Desktop\Games.txt 2014-04-04 03:16 - 2014-04-04 03:16 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\mysearchdial 2014-04-04 03:16 - 2014-04-04 03:16 - 00000000 ____D () C:\Program Files\Mysearchdial 2014-04-04 03:14 - 2014-04-04 03:14 - 00634240 _____ () C:\Users\An-D\Downloads\FreeYouTubeToMP3Converter.exe 2014-04-01 01:58 - 2014-04-01 01:58 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\DropboxMaster Files to move or delete: ==================== C:\ProgramData\pmsqql.dat Some content of TEMP: ==================== C:\Users\An-D\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf3qxe1.dll C:\Users\An-D\AppData\Local\Temp\ICReinstall_FreeYouTubeToMP3Converter.exe C:\Users\An-D\AppData\Local\Temp\MySearchDial.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-26 00:05 ==================== End Of Log ============================ --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-04-2014 Ran by An-D at 2014-04-26 00:59:24 Running from C:\Users\An-D\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Out of date) {2B2D1395-420B-D5C9-657E-930FE358FC3C} AS: avast! Antivirus (Enabled - Out of date) {904CF271-6431-DA47-5FCE-A87D98DFB681} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.4518.1014 - Microsoft Corporation) 3DVIA Player (HKLM\...\{1DB0BD6C-F04A-4DB1-A931-F677F5C1F91D}) (Version: 2.6.57 - Dassault Systemes) Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated) Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Adobe After Effects CS4 (Version: 9 - Adobe Systems Incorporated) Hidden Adobe After Effects CS4 Presets (Version: 9 - Adobe Systems Incorporated) Hidden Adobe After Effects CS4 Third Party Content (Version: 9 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.) Adobe AIR (Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Asset Services CS4 (Version: 4 - Adobe Systems Incorporated) Hidden Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color EU Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color NA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color Video Profiles AE CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Contribute CS4 (Version: 5.0 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_697a06b96d8bcbe2d77b88e7d5448d0) (Version: 4.0 - Adobe Systems Incorporated) Adobe Creative Suite 4 Master Collection (Version: 4.0 - Adobe Systems Incorporated) Hidden Adobe CS4 American English Speech Analysis Models (Version: 1 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Device Central CS4 (Version: 2 - Adobe Systems Incorporated) Hidden Adobe Dreamweaver CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden Adobe Drive CS4 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Dynamiclink Support (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Encore CS4 (Version: 4 - Adobe Systems Incorporated) Hidden Adobe Encore CS4 Codecs (Version: 4 - Adobe Systems Incorporated) Hidden Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Fireworks CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden Adobe Flash CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden Adobe Flash CS4 Extension - Flash Lite STI others (Version: 3.0 - Adobe Systems Incorporated) Hidden Adobe Flash CS4 STI-other (Version: 10.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Illustrator CS4 (Version: 14.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 (Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 Common Base Files (Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 Icon Handler (Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe kuler (HKLM\...\com.adobe.kuler.Desktop.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1 - Adobe Systems Incorporated) Adobe kuler (Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 Additional Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 Dolby (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 Importer (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated) Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe MotionPicture Color Files CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe OnLocation CS4 (Version: 4 - Adobe Systems Incorporated) Hidden Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Premiere Pro CS4 (Version: 4 - Adobe Systems Incorporated) Hidden Adobe Premiere Pro CS4 Functional Content (Version: 4 - Adobe Systems Incorporated) Hidden Adobe Premiere Pro CS4 Third Party Content (Version: 4 - Adobe Systems Incorporated) Hidden Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe SGM CS4 (Version: 3.0 - Adobe Systems Incorporated) Hidden Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.) Adobe SING CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Soundbooth CS4 (Version: 2 - Adobe Systems Incorporated) Hidden Adobe Soundbooth CS4 Codecs (Version: 2 - Adobe Systems Incorporated) Hidden Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden Adobe Version Cue CS4 Server (Version: 4.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems) Amazon MP3-Downloader 1.0.9 (HKLM\...\Amazon MP3-Downloader) (Version: - ) Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - ) avast! Free Antivirus (HKLM\...\avast) (Version: 8.0.1506.0 - AVAST Software) AviSynth 2.5 (HKLM\...\AviSynth) (Version: - ) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Braid (HKLM\...\Steam App 26800) (Version: - Number None, Inc.) Business Contact Manager für Outlook 2007 (HKLM\...\Business Contact Manager für Outlook 2007) (Version: 3.0.5828.0 - Microsoft Corporation) Business Contact Manager für Outlook 2007 (Version: 3.0.5828.0 - Microsoft Corporation) Hidden Cisco Systems VPN Client 5.0.00.0340 (HKLM\...\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}) (Version: 5.0.0 - Cisco Systems, Inc.) Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper) dBpoweramp m4a Codec (HKLM\...\dBpoweramp m4a Codec) (Version: Release 14 - Illustrate) dBpoweramp Music Converter (HKLM\...\dBpoweramp Music Converter) (Version: Release 13.1 - Illustrate) DEFCON (HKLM\...\Steam App 1520) (Version: - Introversion Software) Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.) Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - ) Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung) Easy Network Manager 3.0 (HKLM\...\InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Ihr Firmenname) Easy Network Manager 3.0 (Version: 3.0.0.0 - Ihr Firmenname) Hidden Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.1.0 - ) EDGE (HKLM\...\Steam App 38740) (Version: - Two Tribes) FoxyTunes for Firefox (HKLM\...\FoxyTunesForFirefox) (Version: - ) Free YouTube to MP3 Converter version 3.12.32.327 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.) GetFLV Pro 9.0.4.0 (HKLM\...\GetFLV Pro_is1) (Version: - GetFLV, Inc.) Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.) Google SketchUp Pro 8 (HKLM\...\{E0A160F1-127B-43AC-AF96-EBB6319B01C7}) (Version: 3.0.4811 - Google, Inc.) Half-Life 2: Episode Two (HKLM\...\Steam App 420) (Version: - Valve) Humanized Enso (HKCU\...\HumanizedEnso) (Version: - ) imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD) Inhaltsmanager-Assistent für PlayStation(R) (HKLM\...\{E500DF84-3A0A-4989-93C2-D33B935008C1}) (Version: 2.00.5976.25 - Sony Computer Entertainment Inc.) Intel PROSet Wireless (Version: - ) Hidden Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}) (Version: 12.00.2000 - Intel(R) Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) IrfanView (remove only) (HKLM\...\IrfanView) (Version: - ) iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.) Japanese Fonts Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5760-0000-800000000003}) (Version: 8.0 - Adobe Systems) Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle) Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden Last.fm 1.5.4.27091 (HKLM\...\LastFM_is1) (Version: - Last.fm) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Professional Hybrid 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation) Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.1.2047.00 - Microsoft Corporation) Hidden Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Miranda ProZ Black Edition (HKLM\...\Miranda ProZ Black Edition) (Version: 1.5.0.0 - T!tr0) MobileMe Control Panel (HKLM\...\{A71D5E81-B967-43DB-93D7-FD31BFB95748}) (Version: 3.1.5.0 - Apple Inc.) Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla) Mozilla Thunderbird 24.4.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla) Mp3tag v2.42 (HKLM\...\Mp3tag) (Version: v2.42 - Florian Heidenreich) MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) Multiwinia (HKLM\...\Steam App 1530) (Version: - Introversion Software) neroxml (Version: 1.0.0 - Nero AG) Hidden Nokia Connectivity Cable Driver (HKLM\...\{2D99A593-C841-43A7-B7C9-D6F3AE70B756}) (Version: 7.1.45.0 - Nokia) Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.62.1 - Nokia) Nokia PC Suite (Version: 7.1.62.1 - Nokia) Hidden NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA PhysX (HKLM\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation) OpenAL (HKLM\...\OpenAL) (Version: - ) PC Connectivity Solution (HKLM\...\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.19.0 - Nokia) PDF Editor 3 (HKLM\...\PDF Editor 3) (Version: - ) PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden pdfFactory Pro (HKLM\...\pdfFactory Pro) (Version: - ) pdfsam (HKCU\...\pdfsam) (Version: 2.2.0 - ) Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden Play AVStation (HKLM\...\InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.50 - Ihr Firmenname) Play AVStation (Version: 4.1.20.50 - Ihr Firmenname) Hidden Play Camera (HKLM\...\InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}) (Version: 2.0.0.13 - Ihr Firmenname) Play Camera (Version: 2.0.0.13 - Ihr Firmenname) Hidden PlayStation(R)Network Downloader (HKLM\...\{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}) (Version: 1.01.00018 - Sony Computer Entertainment Inc.) PlayStation(R)Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 1.0.0.11252 - Sony Computer Entertainment Inc.) PowerArchiver 2009 German (HKLM\...\{80F23E47-2A00-4C56-B916-354FF332059F}) (Version: 11.03.04 - ConeXware, Inc.) QIP 2005 8095 Jeak-Edition (HKLM\...\QIP 2005 8095 Jeak-Edition) (Version: 8095 - Jeak) QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.) Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD) Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.5 - Samsung) Samsung Update Plus (HKLM\...\InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}) (Version: 2.0 - Samsung Electronics Co., LTD) Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., LTD) Hidden Seagate Manager Installer (HKLM\...\InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}) (Version: 2.01.0109 - Seagate) Seagate Manager Installer (Version: 2.01.0109 - Seagate) Hidden Shadowgrounds Editor (HKLM\...\Steam App 2505) (Version: - Frozenbyte) SIW version 2008-10-28 (HKLM\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2008.10.28 - Topala Software Solutions) Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.) Skype™ 4.2 (HKLM\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.155 - Skype Technologies S.A.) SolidWorks 2009 SP0 (HKLM\...\{85C71366-4610-4180-8C23-7B3BB98F3C30}) (Version: 17.1.0003 - SolidWorks) Sony Media Manager for PSP 3.0 (HKLM\...\{21C6344A-918B-4D35-ADB6-7614F97B78EA}) (Version: 3.0.892 - Sony) SpeedCommander 12 (HKLM\...\SpeedCommander 12) (Version: 12 - SpeedProject) Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Swords and Soldiers HD (HKLM\...\Steam App 63500) (Version: - Ronimo Games) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics) Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH) Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Office 2007 (KB934528) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version: - ) Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version: - ) USB2.0 UVC WebCam (HKLM\...\{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}) (Version: 6.11.706.012 - D-MAX) User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - ) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden Verbindungsassistent (HKLM\...\Verbindungsassistent) (Version: 2.1 - Verbindungsassistent) VLC media player 0.9.6 (HKLM\...\VLC media player) (Version: 0.9.6 - VideoLAN Team) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 4.8.1.2 - Azureus Software, Inc.) Vuze Remote Toolbar (HKLM\...\Vuze_Remote Toolbar) (Version: 6.3.3.3 - Vuze Remote) <==== ATTENTION VVVVVV (HKLM\...\Steam App 70300) (Version: - ) WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - WIDCOMM, Inc.) Windows 7 Upgrade Advisor (HKLM\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows Mobile-Gerätecenter (HKLM\...\{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}) (Version: 6.0.6783.0 - Microsoft Corporation) Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{CB8CA439-DA83-419C-A4CF-5A0A50025144}) (Version: 6.0.6783.0 - Microsoft Corporation) Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5) (HKLM\...\3F930CC3EE841B82D6D463716B5F67BD240BBD46) (Version: 09/17/2009 3.0.0.5 - Apple Inc.) Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia) Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia) Wise Disk Cleaner 7.33 (HKLM\...\Wise Disk Cleaner_is1) (Version: - WiseCleaner.com, Inc.) Wise Registry Cleaner 7.25 (HKLM\...\Wise Registry Cleaner_is1) (Version: - WiseCleaner.com, Inc.) Yahoo! Detect (HKLM\...\YTdetect) (Version: - ) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2008-12-23 18:36 - 2008-12-23 18:36 - 00001239 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com ==================== Scheduled Tasks (whitelisted) ============= Task: {0AA60ADE-1999-4F56-A1B9-EF09CA2714C6} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-05] (Samsung Electronics Co., Ltd.) Task: {14E96646-B1B8-4385-9E73-72681E0DC0DC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA => C:\Users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {2789001F-47B6-4652-841F-4674F8B404D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core => C:\Users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.) Task: {28AEB676-1078-4713-90F5-8D99EB6214F8} - System32\Tasks\SupBackGroundTask => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe [2010-04-20] () Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {43DFD917-C210-4C9F-90EB-64F6025C5CD7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {49F3B6FC-9BEE-4734-82C4-FAA606100F0A} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-05-22] (SAMSUNG Electronics) Task: {53403752-F29A-45E1-97AD-465D3F834308} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.) Task: {5FC395FB-E1D8-4566-91D2-4585565871B0} - System32\Tasks\{0928E92B-0230-4D30-B123-B9529A88739C} => C:\Program Files\Skype\\Phone\Skype.exe [2010-03-09] (Skype Technologies S.A.) Task: {941FD8D6-59AD-4980-AC39-88DA8A84FC45} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2008-04-25] (Samsung Electronics Co., Ltd.) Task: {CD4314D0-71BB-4ED0-ABB6-4D82AB1577CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated) Task: {D0788E40-8320-4501-80BC-C2550CB0E9CB} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-01-22] (AVAST Software) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core.job => C:\Users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA.job => C:\Users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SupBackGroundTask.job => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-05 05:05 - 2014-03-04 21:16 - 02275840 _____ () C:\Program Files\Alwil Software\Avast5\defs\14030401\algo.dll 2008-05-23 06:46 - 2008-05-23 06:46 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL 2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2007-04-03 17:18 - 2007-04-03 17:18 - 00197672 _____ () C:\Windows\system32\vpnapi.dll 2010-04-14 10:35 - 2009-03-03 12:45 - 00296400 ____N () C:\Program Files\Verbindungsassistent\WTGService.exe 2008-06-25 07:30 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll 2008-06-25 07:30 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll 2008-06-25 07:30 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll 2014-04-26 00:00 - 2014-04-26 00:00 - 00041984 _____ () c:\users\an-d\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf3qxe1.dll 2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\An-D\AppData\Roaming\Dropbox\bin\libcef.dll 2014-04-25 22:43 - 2014-04-24 02:33 - 00065352 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll 2014-04-25 22:43 - 2014-04-24 02:33 - 04081480 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll 2014-04-25 22:43 - 2014-04-24 02:33 - 00390472 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll 2014-04-25 22:43 - 2014-04-24 02:33 - 01647432 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll 2014-04-12 15:55 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll 2014-04-12 15:55 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll 2014-04-25 22:43 - 2014-04-24 02:33 - 13692232 _____ () C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll 2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Windows:EA5DE28FA39D1DB8 ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk => C:\Windows\pss\VPN Client.lnk.CommonStartup MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: Adobe_ID0ENQBO => C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 MSCONFIG\startupreg: NBKeyScan => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized MSCONFIG\startupreg: uTorrent => "C:\Program Files\uTorrent\uTorrent.exe" ==================== Faulty Device Manager Devices ============= Name: Microsoft-6zu4-Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Cisco Systems VPN Adapter Description: Cisco Systems VPN Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (04/26/2014 00:02:58 AM) (Source: LoadPerf) (User: ) Description: WMI-Objekte16 Error: (04/26/2014 00:02:58 AM) (Source: LoadPerf) (User: ) Description: 775216 Error: (04/25/2014 11:56:52 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/25/2014 11:56:47 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (04/25/2014 11:34:25 PM) (Source: LoadPerf) (User: ) Description: WMI-Objekte16 Error: (04/25/2014 11:34:25 PM) (Source: LoadPerf) (User: ) Description: 775216 Error: (04/25/2014 11:29:27 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/25/2014 11:28:09 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (04/25/2014 08:27:42 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15616 Error: (04/25/2014 08:27:42 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15616 System errors: ============= Error: (04/26/2014 00:00:24 AM) (Source: Service Control Manager) (User: ) Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058 Error: (04/25/2014 11:57:15 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT) Description: 0x80070032 Error: (04/25/2014 11:56:52 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (04/25/2014 11:56:29 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (04/25/2014 11:36:39 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (04/25/2014 11:31:27 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT) Description: 0x80070032 Error: (04/25/2014 11:29:28 PM) (Source: Service Control Manager) (User: ) Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058 Error: (04/25/2014 11:29:28 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (04/25/2014 11:29:28 PM) (Source: Service Control Manager) (User: ) Description: Automatische WLAN-KonfigurationExtensible Authentication-Protokoll%%16389 Error: (04/25/2014 11:29:28 PM) (Source: Service Control Manager) (User: ) Description: Extensible Authentication-Protokoll%%16389 Microsoft Office Sessions: ========================= Error: (05/12/2012 03:48:45 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 58 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/17/2012 04:18:26 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. Error: (10/19/2011 09:54:51 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 53 seconds with 0 seconds of active time. This session ended with a crash. Error: (09/04/2011 05:02:51 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 220 seconds with 60 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-04-26 00:59:10.010 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-26 00:59:09.979 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-26 00:59:09.948 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-26 00:59:09.916 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-26 00:59:09.854 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-26 00:59:09.823 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-26 00:59:09.792 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-26 00:59:09.745 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2011-09-12 00:14:11.328 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Alwil Software\Avast5\Setup\INF\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2011-09-12 00:14:11.210 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Alwil Software\Avast5\Setup\INF\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 48% Total physical RAM: 3065.88 MB Available physical RAM: 1588.7 MB Total Pagefile: 6334.89 MB Available Pagefile: 4679.17 MB Total Virtual: 2047.88 MB Available Virtual: 1894.13 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:80.09 GB) (Free:5.69 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: () (Fixed) (Total:208 GB) (Free:16.8 GB) NTFS Drive f: (Elements) (Fixed) (Total:931.51 GB) (Free:608.81 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 3A21C8C8) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=80 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=208 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 00021631) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
26.04.2014, 14:51 | #4 |
| Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert Gmer Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-04-26 02:23:30 Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB Running: Gmer-19357.exe; Driver: C:\Users\An-D\AppData\Local\Temp\pxldqpog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x91A78610] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x91E7A5FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x91A790E6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x91A84F18] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x91A84F64] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x91A850FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x91A84E86] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x91E7A992] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x91A84ECE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x91A795E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x91A850B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x91A79E9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x91A78676] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x91A7D596] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x91E7A6C2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x91E78C12] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x91A786DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x91A7D98C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x91A7A92C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x91A84F42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x91A84F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x91A85122] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x91A84EAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x91A7CE78] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x91A85036] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x91A84EF6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x91A7D26E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x91A850DC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x91E7A822] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x91A7A7F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x91A7A34E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x91A78742] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x91A787A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x91A79D16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x91A782F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x91A784CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x91A7845C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x91A7A066] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x91A7A1C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x91A78556] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x91E7A8EA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x91A79CF6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x91E78C42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x91A7880E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x91E7A76E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x91A79800] INT 0x61 ? 914157D0 INT 0x71 ? 91415A50 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x91E93E00] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!KeInsertQueue + 2FD 830768F4 4 Bytes [10, 86, A7, 91] .text ntoskrnl.exe!KeInsertQueue + 321 83076918 4 Bytes [FA, A5, E7, 91] {CLI ; MOVSD ; OUT 0x91, EAX} .text ntoskrnl.exe!KeInsertQueue + 381 83076978 4 Bytes [E6, 90, A7, 91] {OUT 0x90, AL; CMPSD ; XCHG ECX, EAX} .text ntoskrnl.exe!KeInsertQueue + 3C1 830769B8 8 Bytes [18, 4F, A8, 91, 64, 4F, A8, ...] {SBB [EDI-0x58], CL; XCHG ECX, EAX; DEC EDI; TEST AL, 0x91} .text ntoskrnl.exe!KeInsertQueue + 3CD 830769C4 4 Bytes [FE, 50, A8, 91] .text ... PAGE ntoskrnl.exe!ObMakeTemporaryObject 831ACF3A 5 Bytes JMP 91E90C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 110 831F6213 4 Bytes CALL 91A7AFEF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ObInsertObject 831FA68B 5 Bytes JMP 91E927B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 121 83223A9D 4 Bytes CALL 91A7B005 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 832912F4 7 Bytes JMP 91E93E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngCreateRectRgn + 51BE 9CCB4126 5 Bytes JMP 91A7E628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPaint + 2029 9CCC7348 5 Bytes JMP 91A7DAD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 3DF2 9CCD2CB7 5 Bytes JMP 91A7E6CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + B45 9CCDAC31 5 Bytes JMP 91A7D9C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F1C 9CCDB008 5 Bytes JMP 91A7F1B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 1EA3 9CCDBF8F 5 Bytes JMP 91A7E88C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCombineRgn + 3A1 9CCDCB6D 5 Bytes JMP 91A7E7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCombineRgn + 3161 9CCDF92D 5 Bytes JMP 91A7DF24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetRectRgn + 1939 9CCE25FD 5 Bytes JMP 91A7DD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 65D3 9CCEC7AD 5 Bytes JMP 91A7E4DC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 8746 9CCEE920 5 Bytes JMP 91A7F56C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + A393 9CCF056D 5 Bytes JMP 91A7E7E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + B91D 9CCF1AF7 5 Bytes JMP 91A7E2F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + C738 9CD0BF57 5 Bytes JMP 91A7E22C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + C80B 9CD0C02A 5 Bytes JMP 91A7E508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 3FB5 9CD2E0EF 5 Bytes JMP 91A7F060 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 7E1D 9CD31F57 5 Bytes JMP 91A7DDF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 9165 9CD3B854 5 Bytes JMP 91A7E6EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 442A 9CD44354 5 Bytes JMP 91A7DBF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 9061 9CD48F8B 5 Bytes JMP 91A7F33C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 92BD 9CD491E7 5 Bytes JMP 91A7F3FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLpkInstalled + 17 9CD4D280 5 Bytes JMP 91A7F162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 3838 9CD5D548 5 Bytes JMP 91A7F614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 4D22 9CD65C96 5 Bytes JMP 91A7F116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 17BC 9CD6F7BE 5 Bytes JMP 91A7F284 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!STROBJ_vEnumStart + 478A 9CD7624D 5 Bytes JMP 91A7DCDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 40E 9CD92951 5 Bytes JMP 91A7E008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + CE1 9CD9C786 5 Bytes JMP 91A7DEBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 26D9 9CDA02BE 5 Bytes JMP 91A7F4BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 45C5 9CDA21AA 5 Bytes JMP 91A7E70A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 309B 9CDBAF37 5 Bytes JMP 91A7E150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 6C71 9CDBEB0D 5 Bytes JMP 91A7E0AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE spsys.sys!?SPVersion@@3PADA + 1A67 93B5503F 240 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...] PAGE spsys.sys!?SPVersion@@3PADA + 1B58 93B55130 6 Bytes [0E, 83, 78, 14, 01, 75] PAGE spsys.sys!?SPVersion@@3PADA + 1B5F 93B55137 167 Bytes [83, 78, 18, 37, 75, 02, B3, ...] PAGE spsys.sys!?SPVersion@@3PADA + 1C07 93B551DF 2046 Bytes [8B, 51, 08, 50, 6A, 00, 6A, ...] PAGE spsys.sys!?SPVersion@@3PADA + 2406 93B559DE 47 Bytes [04, BB, A8, 01, 00, 00, 8D, ...] PAGE ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[12] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[580] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\system32\csrss.exe[600] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\system32\wininit.exe[652] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\system32\csrss.exe[664] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text ... .text C:\Windows\servicing\TrustedInstaller.exe[772] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000501F8 .text C:\Windows\servicing\TrustedInstaller.exe[772] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000503FC .text C:\Windows\servicing\TrustedInstaller.exe[772] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000603FC .text C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00060600 .text C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00061014 .text C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00060804 .text C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00060A08 .text C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00060C0C .text C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00060E10 .text C:\Windows\servicing\TrustedInstaller.exe[772] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000601F8 .text C:\Windows\servicing\TrustedInstaller.exe[772] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 000B0804 .text C:\Windows\servicing\TrustedInstaller.exe[772] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 000B01F8 .text C:\Windows\servicing\TrustedInstaller.exe[772] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 000B03FC .text C:\Windows\servicing\TrustedInstaller.exe[772] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 000B0600 .text C:\Windows\servicing\TrustedInstaller.exe[772] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 000B0A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[860] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[864] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text ... .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 01B58840 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 01B588E9 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00170804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001701F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001703FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00170600 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00170A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 01B5898E .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001803FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00180600 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 01B58A3A .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00181014 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00180804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00180A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00180C0C .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00180E10 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001801F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1512] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 01B57410 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1652] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1748] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\system32\WLANExt.exe[1772] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1916] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text ... .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001501F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001503FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 01C68840 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 01C688E9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00160804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00160600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00160A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 01C6898E .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00170600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 01C68A3A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00171014 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00170804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00170A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00170C0C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00170E10 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2088] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 01C67410 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2124] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[2276] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8 .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 01BB8840 .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 01BB88E9 .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 01BB898E .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 002703FC .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00270600 .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 01BB8A3A .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00271014 .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00270804 .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00270A08 .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00270C0C .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00270E10 .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 002701F8 .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00280804 .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 002801F8 .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 002803FC .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00280600 .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00280A08 .text C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe[2336] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 01BB7410 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2392] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\iTunes\iTunesHelper.exe[2416] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000601F8 .text C:\Program Files\iTunes\iTunesHelper.exe[2416] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000603FC .text C:\Program Files\iTunes\iTunesHelper.exe[2416] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 010B8840 .text C:\Program Files\iTunes\iTunesHelper.exe[2416] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 010B88E9 .text C:\Program Files\iTunes\iTunesHelper.exe[2416] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 010B898E .text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000703FC .text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00070600 .text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 010B8A3A .text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00071014 .text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00070804 .text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00070A08 .text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00070C0C .text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00070E10 .text C:\Program Files\iTunes\iTunesHelper.exe[2416] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000701F8 .text C:\Program Files\iTunes\iTunesHelper.exe[2416] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00080804 .text C:\Program Files\iTunes\iTunesHelper.exe[2416] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 000801F8 .text C:\Program Files\iTunes\iTunesHelper.exe[2416] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 000803FC .text C:\Program Files\iTunes\iTunesHelper.exe[2416] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00080600 .text C:\Program Files\iTunes\iTunesHelper.exe[2416] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00080A08 .text C:\Program Files\iTunes\iTunesHelper.exe[2416] CRYPT32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 010B7410 .text C:\Windows\system32\svchost.exe[2452] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000A01F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000A03FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 01AA8840 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 01AA88E9 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 01AA898E .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000B03FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 000B0600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 01AA8A3A .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 000B1014 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 000B0804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 000B0A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 000B0C0C .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 000B0E10 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000B01F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 000C0804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 000C01F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 000C03FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 000C0600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 000C0A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2464] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 01AA7410 .text C:\Windows\System32\StkCSrv.exe[2488] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\ehome\ehmsas.exe[2644] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000501F8 .text C:\Windows\ehome\ehmsas.exe[2644] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000503FC .text C:\Windows\ehome\ehmsas.exe[2644] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 021C8840 .text C:\Windows\ehome\ehmsas.exe[2644] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 021C88E9 .text C:\Windows\ehome\ehmsas.exe[2644] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 021C898E .text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000703FC .text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00070600 .text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 021C8A3A .text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00071014 .text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00070804 .text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00070A08 .text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00070C0C .text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00070E10 .text C:\Windows\ehome\ehmsas.exe[2644] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000701F8 .text C:\Windows\ehome\ehmsas.exe[2644] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00080804 .text C:\Windows\ehome\ehmsas.exe[2644] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 000801F8 .text C:\Windows\ehome\ehmsas.exe[2644] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 000803FC .text C:\Windows\ehome\ehmsas.exe[2644] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00080600 .text C:\Windows\ehome\ehmsas.exe[2644] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00080A08 .text C:\Windows\ehome\ehmsas.exe[2644] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 021C7410 .text C:\Windows\system32\Dwm.exe[2772] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\Explorer.EXE[2796] kernel32.dll!CreateProcessW 764C1C01 5 Bytes JMP 062D8840 .text C:\Windows\Explorer.EXE[2796] kernel32.dll!CreateProcessA 764C1C36 5 Bytes JMP 062D88E9 .text C:\Windows\Explorer.EXE[2796] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\Explorer.EXE[2796] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 062D898E .text C:\Windows\Explorer.EXE[2796] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 062D8A3A .text C:\Windows\Explorer.EXE[2796] CRYPT32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 062D7410 .text C:\Windows\system32\SearchIndexer.exe[2900] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\Verbindungsassistent\WTGService.exe[2960] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3056] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\system32\taskeng.exe[3500] kernel32.dll!CreateProcessW 764C1C01 5 Bytes JMP 03298840 .text C:\Windows\system32\taskeng.exe[3500] kernel32.dll!CreateProcessA 764C1C36 5 Bytes JMP 032988E9 .text C:\Windows\system32\taskeng.exe[3500] kernel32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\system32\taskeng.exe[3500] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 0329898E .text C:\Windows\system32\taskeng.exe[3500] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 03298A3A .text C:\Windows\system32\taskeng.exe[3500] CRYPT32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 03297410 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 016B8840 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 016B88E9 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00170804 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001701F8 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001703FC .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00170600 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00170A08 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 016B898E .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001803FC .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00180600 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 016B8A3A .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00181014 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00180804 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00180A08 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00180C0C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00180E10 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001801F8 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[3664] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 016B7410 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 02408840 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 024088E9 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00180804 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001801F8 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001803FC .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00180600 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00180A08 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 0240898E .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001903FC .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00190600 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 02408A3A .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00191014 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00190804 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00190A08 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00190C0C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00190E10 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001901F8 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3680] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 02407410 .text C:\Windows\System32\mobsync.exe[3736] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000601F8 .text C:\Windows\System32\mobsync.exe[3736] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000603FC .text C:\Windows\System32\mobsync.exe[3736] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000703FC .text C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00070600 .text C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00071014 .text C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00070804 .text C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00070A08 .text C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00070C0C .text C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00070E10 .text C:\Windows\System32\mobsync.exe[3736] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000701F8 .text C:\Windows\System32\mobsync.exe[3736] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00180804 .text C:\Windows\System32\mobsync.exe[3736] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001801F8 .text C:\Windows\System32\mobsync.exe[3736] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001803FC .text C:\Windows\System32\mobsync.exe[3736] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00180600 .text C:\Windows\System32\mobsync.exe[3736] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00180A08 .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8 .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 016D8840 .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 016D88E9 .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00170804 .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001701F8 .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001703FC .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00170600 .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00170A08 .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 016D898E .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001803FC .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00180600 .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 016D8A3A .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00181014 .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00180804 .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00180A08 .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00180C0C .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00180E10 .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001801F8 .text C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3760] CRYPT32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 016D7410 .text C:\Windows\system32\wbem\wmiprvse.exe[3800] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000601F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3800] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000603FC .text C:\Windows\system32\wbem\wmiprvse.exe[3800] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\wmiprvse.exe[3800] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3800] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\wmiprvse.exe[3800] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3800] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 000803FC .text C:\Windows\system32\wbem\wmiprvse.exe[3800] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\wmiprvse.exe[3800] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00080A08 .text C:\Windows\ehome\ehtray.exe[3992] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000601F8 .text C:\Windows\ehome\ehtray.exe[3992] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000603FC .text C:\Windows\ehome\ehtray.exe[3992] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 009A8840 .text C:\Windows\ehome\ehtray.exe[3992] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 009A88E9 .text C:\Windows\ehome\ehtray.exe[3992] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 009A898E .text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000703FC .text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00070600 .text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 009A8A3A .text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00071014 .text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00070804 .text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00070A08 .text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00070C0C .text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00070E10 .text C:\Windows\ehome\ehtray.exe[3992] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000701F8 .text C:\Windows\ehome\ehtray.exe[3992] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00080804 .text C:\Windows\ehome\ehtray.exe[3992] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 000801F8 .text C:\Windows\ehome\ehtray.exe[3992] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 000803FC .text C:\Windows\ehome\ehtray.exe[3992] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00080600 .text C:\Windows\ehome\ehtray.exe[3992] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00080A08 .text C:\Windows\ehome\ehtray.exe[3992] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 009A7410 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 01E78840 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 01E788E9 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 01E7898E .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001803FC .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00180600 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 01E78A3A .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00181014 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00180804 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00180A08 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00180C0C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00180E10 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001801F8 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00190804 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001901F8 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001903FC .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00190600 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00190A08 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[4008] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 01E77410 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001501F8 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001503FC .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 01CC8840 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 01CC88E9 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00160804 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001601F8 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001603FC .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00160600 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00160A08 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 01CC898E .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001703FC .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00170600 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 01CC8A3A .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00171014 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00170804 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00170A08 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00170C0C .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00170E10 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001701F8 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[4016] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 01CC7410 .text C:\Windows\RtHDVCpl.exe[4040] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8 .text C:\Windows\RtHDVCpl.exe[4040] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC .text C:\Windows\RtHDVCpl.exe[4040] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 02AD8840 .text C:\Windows\RtHDVCpl.exe[4040] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 02AD88E9 .text C:\Windows\RtHDVCpl.exe[4040] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 02AD898E .text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 002703FC .text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00270600 .text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 02AD8A3A .text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00271014 .text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00270804 .text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00270A08 .text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00270C0C .text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00270E10 .text C:\Windows\RtHDVCpl.exe[4040] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 002701F8 .text C:\Windows\RtHDVCpl.exe[4040] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00280804 .text C:\Windows\RtHDVCpl.exe[4040] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 002801F8 .text C:\Windows\RtHDVCpl.exe[4040] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 002803FC .text C:\Windows\RtHDVCpl.exe[4040] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00280600 .text C:\Windows\RtHDVCpl.exe[4040] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00280A08 .text C:\Windows\RtHDVCpl.exe[4040] CRYPT32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 02AD7410 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 04078840 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 040788E9 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 0407898E .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001803FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00180600 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 04078A3A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00181014 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00180804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00180A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00180C0C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00180E10 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001801F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00190804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001901F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001903FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00190600 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00190A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4204] CRYPT32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 04077410 .text C:\Windows\system32\svchost.exe[4428] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[4428] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[4428] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[4428] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[4428] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[4428] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[4428] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[4428] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[4428] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00080A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00280804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 002801F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 002803FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00280600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00280A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 002903FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00290600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00291014 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00290804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00290A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00290C0C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00290E10 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4940] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 002901F8 .text C:\Program Files\iPod\bin\iPodService.exe[5128] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000601F8 .text C:\Program Files\iPod\bin\iPodService.exe[5128] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000603FC .text C:\Program Files\iPod\bin\iPodService.exe[5128] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000703FC .text C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00070600 .text C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00071014 .text C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00070804 .text C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00070A08 .text C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00070C0C .text C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00070E10 .text C:\Program Files\iPod\bin\iPodService.exe[5128] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000701F8 .text C:\Program Files\iPod\bin\iPodService.exe[5128] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00080804 .text C:\Program Files\iPod\bin\iPodService.exe[5128] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 000801F8 .text C:\Program Files\iPod\bin\iPodService.exe[5128] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 000803FC .text C:\Program Files\iPod\bin\iPodService.exe[5128] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00080600 .text C:\Program Files\iPod\bin\iPodService.exe[5128] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00080A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001803FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00180600 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00181014 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00180804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00180A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00180C0C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00180E10 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001801F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00190804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001901F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001903FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00190600 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[5428] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00190A08 .text C:\Windows\system32\svchost.exe[5444] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[5444] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[5444] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[5444] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[5444] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[5444] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[5444] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[5444] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[5444] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 00080A08 .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ntdll.dll!LdrLoadDll 77197933 5 Bytes JMP 001601F8 .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ntdll.dll!LdrUnloadDll 771AE89C 5 Bytes JMP 001603FC .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] KERNEL32.dll!CreateProcessW 764C1C01 5 Bytes JMP 00378840 .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] KERNEL32.dll!CreateProcessA 764C1C36 5 Bytes JMP 003788E9 .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] KERNEL32.dll!GetBinaryTypeW + 70 76511AE8 1 Byte [62] .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!CreateProcessAsUserW 75BEA8F5 5 Bytes JMP 0037898E .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!CreateServiceW 75C138FF 5 Bytes JMP 001C03FC .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!DeleteService 75C13BEE 5 Bytes JMP 001C0600 .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!CreateProcessAsUserA 75C348A6 5 Bytes JMP 00378A3A .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!SetServiceObjectSecurity 75C566A9 5 Bytes JMP 001C1014 .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!ChangeServiceConfigA 75C567A9 5 Bytes JMP 001C0804 .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!ChangeServiceConfigW 75C56951 5 Bytes JMP 001C0A08 .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!ChangeServiceConfig2A 75C56A69 5 Bytes JMP 001C0C0C .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!ChangeServiceConfig2W 75C56BB1 5 Bytes JMP 001C0E10 .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] ADVAPI32.dll!CreateServiceA 75C56C71 5 Bytes JMP 001C01F8 .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] USER32.dll!SetWindowsHookExW 76427B69 5 Bytes JMP 001D0804 .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] USER32.dll!SetWinEventHook 7642915C 5 Bytes JMP 001D01F8 .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] USER32.dll!UnhookWinEvent 7642B702 5 Bytes JMP 001D03FC .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] USER32.dll!SetWindowsHookExA 7644BB0E 5 Bytes JMP 001D0600 .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] USER32.dll!UnhookWindowsHookEx 764508BE 5 Bytes JMP 001D0A08 .text C:\Users\An-D\Desktop\Gmer-19357.exe[6044] Crypt32.dll!PFXImportCertStore 7537914C 5 Bytes JMP 00377410 ---- Processes - GMER 2.1 ---- Process (*** hidden *** ) [4] 8526DA90 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd65b4f Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd6642e Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269c9ea11 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269c9ea11@c8979f6daf40 0xAB 0xDB 0x6A 0xCA ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e4cd65b4f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e4cd6642e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002269c9ea11 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002269c9ea11@c8979f6daf40 0xAB 0xDB 0x6A 0xCA ... Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x5D 0x3B 0x90 0xB3 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
26.04.2014, 18:42 | #5 |
/// the machine /// TB-Ausbilder | Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
28.04.2014, 11:25 | #6 |
| Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert Hallo schrauber, Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-04-2014 Ran by An-D at 2014-04-26 20:51:04 Run:1 Running from C:\Users\An-D\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION ***************** HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. ==== End of Fixlog ==== 'Error A setiface error has occured: 2 Try to reinstall or contact support, please' Habe dann den Computer neu gestartet. Nach der Anmeldung tauchte diese Fehlermeldung auf: 'RegSvr32 Das Modul "C:\ProgramData\pmsqql.dat" konnte nicht geladen werden. Vergewissern Sie sich, dass die Binärdatei am angegebenen Pfad gespeichert ist, oder debuggen Sie die Datei, um Probleme mit der binären Datei oder abhängigen DLL-Dateien auszuschließen. Das angegebene Modul wurde nicht gefunden.' Nach erneutem Neustart tauchte der Fehler nicht mehr auf. Habe dann Combofix durchlaufen lassen: Code:
ATTFilter ComboFix 14-04-26.01 - An-D 27.04.2014 20:33:21.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1031.18.3066.2181 [GMT 2:00] Running from: c:\users\An-D\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\PFRO.log . ---- Previous Run ------- . C:\END c:\programdata\pmsqql.dat c:\programdata\Roaming c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini c:\users\An-D\AppData\Roaming\Start c:\users\An-D\AppData\Roaming\Start\temp_BB40E0B5\flash.9.0.115.0.ocx c:\users\An-D\AppData\Roaming\Start\temp_BB40E0B5\flash.9.0.159.0.ocx c:\windows\pkunzip.pif c:\windows\pkzip.pif F:\autorun.inf . . ((((((((((((((((((((((((( Files Created from 2014-03-27 to 2014-04-27 ))))))))))))))))))))))))))))))) . . 2014-04-27 18:47 . 2014-04-27 18:47 -------- d-----w- c:\users\An-D\AppData\Local\temp 2014-04-27 18:47 . 2014-04-27 18:47 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2014-04-27 18:47 . 2014-04-27 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-27 16:57 . 2014-04-27 16:57 -------- d-----w- c:\program files\VS Revo Group 2014-04-25 22:57 . 2014-04-26 18:51 -------- d-----w- C:\FRST 2014-04-22 12:53 . 2014-04-22 12:53 -------- d-----w- c:\users\An-D\AppData\Roaming\Thunderbird 2014-04-22 12:53 . 2014-04-22 12:53 -------- d-----w- c:\users\An-D\AppData\Local\Thunderbird 2014-04-22 12:53 . 2014-04-22 12:53 -------- d-----w- c:\program files\Mozilla Thunderbird 2014-04-04 01:56 . 2014-04-04 01:56 -------- d-----w- c:\program files\iPod 2014-04-04 01:55 . 2014-04-04 01:57 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-04-04 01:39 . 2014-04-04 01:40 -------- d-----w- c:\program files\DVDVideoSoft 2014-04-04 01:16 . 2014-04-04 01:16 -------- d-----w- c:\users\An-D\AppData\Roaming\mysearchdial 2014-04-04 01:16 . 2014-04-04 01:16 -------- d-----w- c:\program files\Mysearchdial 2014-03-31 23:58 . 2014-03-31 23:58 -------- d-----w- c:\users\An-D\AppData\Roaming\DropboxMaster . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-11 21:51 . 2012-03-31 09:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-03-11 21:51 . 2011-05-21 18:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2011-05-09 09:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] 2014-03-27 18:29 297128 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\An-D\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\An-D\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\An-D\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\An-D\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Steam"="c:\program files\Steam\Steam.exe" [2013-06-06 1641896] "HumanizedEnso"="c:\users\An-D\AppData\Local\HumanizedEnso\Enso.exe" [2008-01-14 117232] "Spotify Web Helper"="c:\users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-04-25 1171000] "Spotify"="c:\users\An-D\AppData\Roaming\Spotify\Spotify.exe" [2014-04-25 6087224] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "pmsqql"="c:\programdata\pmsqql.dat" [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-22 178712] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640] "pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-12-15 614400] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392] . c:\users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\An-D\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-4-18 33604728] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496] Inhaltsmanager-Assistent für PlayStation(R).lnk - c:\program files\Sony\Content Manager Assistant\CMA.exe [2012-11-13 3359712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk backup=c:\windows\pss\VPN Client.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2014-01-17 15:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-03-09 08:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] c:\program files\uTorrent\uTorrent.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R3 ADDMEM;ADDMEM;c:\users\An-D\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [x] R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Contents of the 'Scheduled Tasks' folder . 2014-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 21:51] . 2014-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core.job - c:\users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10 21:04] . 2014-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA.job - c:\users\An-D\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10 21:04] . 2014-04-27 c:\windows\Tasks\SupBackGroundTask.job - c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-10-27 12:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir= mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir= uInternet Settings,ProxyOverride = *.local IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\ FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir= FF - prefs.js: network.proxy.type - 2 FF - user.js: extensions.irmysearch.aflt - dvd_14_14_ff FF - user.js: extensions.irmysearch.instlRef - 140305_a FF - user.js: extensions.irmysearch.cr - 415182659 FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q FF - user.js: extensions.mysearchdial.hmpg - true FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir= FF - user.js: extensions.mysearchdial.dfltSrch - true FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial FF - user.js: extensions.mysearchdial.dnsErr - true FF - user.js: extensions.mysearchdial_i.newTab - false FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir= FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=&q= FF - user.js: extensions.mysearchdial.id - 002269C9EA118D32 FF - user.js: extensions.mysearchdial.instlDay - 16164 FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0 FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0 FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.03:28 FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial FF - user.js: extensions.mysearchdial.prdct - mysearchdial FF - user.js: extensions.mysearchdial.aflt - dvd_14_14_ff FF - user.js: extensions.mysearchdial_i.smplGrp - none FF - user.js: extensions.mysearchdial.tlbrId - base FF - user.js: extensions.mysearchdial.instlRef - 140305_a FF - user.js: extensions.mysearchdial.dfltLng - FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} FF - user.js: extensions.mysearchdial.excTlbr - false FF - user.js: extensions.mysearchdial.cr - 415182659 FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q FF - user.js: extensions.mysearchdial.AL - 2 . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2014-04-27 20:47 Windows 6.0.6001 Service Pack 1 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3115540864-2871994801-2538804916-1003\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0] "Percents"="0 0.1443 0.2474 0.5285 0.7387 0.8275 0.8296 " "Increment"=".009434" "FRT"="5vnfaWSAJnKs4FtkI2L8Qy4cOgB1XTOg3I5Neu1xdG1K9WYAadxc9g==" "PLCK"="rq7wuQhyeA7wxO+SO4UIGgMluvhHRnNF" "PHSH"="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:5d,3b,90,b3,59,60,83,e8,b4,2d,b1,05,ae,0c,3a,a0,04,a6,dd,76,f7, c3,49,dd,fa,21,e0,59,fa,ec,7f,f2,88,3a,cc,81,c9,bd,40,2a,a8,72,be,05,90,47,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3480) c:\windows\system32\btmmhook.dll . Completion time: 2014-04-27 21:22:52 ComboFix-quarantined-files.txt 2014-04-27 19:22 . Pre-Run: 5.040.078.848 Bytes frei Post-Run: 4.894.347.264 Bytes frei . - - End Of File - - D8CF4364E258F774D67E7ECC0A684689 61A349592C4728853F4A90FF78F7628E Andreas |
28.04.2014, 19:32 | #7 |
/// the machine /// TB-Ausbilder | Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.05.2014, 16:09 | #8 |
| Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert Hallo Schrauber, ich war ein paar Tage geschäftlich unterwegs, habe in der Zeit meinen Computer aberauch nicht wirklich benutzt. Hier sind die Logs: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 08.05.2014 14:57:28, SYSTEM, NBAB, Protection, Malware Protection, Starting, Protection, 08.05.2014 14:57:28, SYSTEM, NBAB, Protection, Malware Protection, Started, Protection, 08.05.2014 14:57:28, SYSTEM, NBAB, Protection, Malicious Website Protection, Starting, Protection, 08.05.2014 14:57:38, SYSTEM, NBAB, Protection, Malicious Website Protection, Started, Update, 08.05.2014 14:57:53, SYSTEM, NBAB, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1, Update, 08.05.2014 14:58:54, SYSTEM, NBAB, Manual, Malware Database, 2014.3.4.9, 2014.5.8.4, Protection, 08.05.2014 14:59:04, SYSTEM, NBAB, Protection, Refresh, Starting, Protection, 08.05.2014 14:59:04, SYSTEM, NBAB, Protection, Malicious Website Protection, Stopping, Protection, 08.05.2014 14:59:04, SYSTEM, NBAB, Protection, Malicious Website Protection, Stopped, Protection, 08.05.2014 14:59:10, SYSTEM, NBAB, Protection, Refresh, Success, Protection, 08.05.2014 14:59:10, SYSTEM, NBAB, Protection, Malicious Website Protection, Starting, Protection, 08.05.2014 14:59:11, SYSTEM, NBAB, Protection, Malicious Website Protection, Started, (end) Code:
ATTFilter # AdwCleaner v3.207 - Bericht erstellt am 08/05/2014 um 16:31:58 # Aktualisiert 05/05/2014 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits) # Benutzername : An-D - NBAB # Gestartet von : C:\Users\An-D\Desktop\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Program Files\Conduit Ordner Gelöscht : C:\Program Files\Vuze Ordner Gelöscht : C:\Users\An-D\AppData\Local\Conduit Ordner Gelöscht : C:\Users\An-D\AppData\Local\PackageAware Ordner Gelöscht : C:\Users\An-D\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\An-D\AppData\LocalLow\ConduitEngine Ordner Gelöscht : C:\Users\An-D\AppData\LocalLow\PriceGong Ordner Gelöscht : C:\Users\An-D\AppData\LocalLow\Vuze_Remote Ordner Gelöscht : C:\Users\An-D\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\An-D\Documents\Optimizer Pro Datei Gelöscht : C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\user.js ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69091116-E0CD-48F6-8037-B5579FD9D326} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\Uniblue Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine ***** [ Browser ] ***** -\\ Internet Explorer v7.0.6001.18319 -\\ Mozilla Firefox v28.0 (de) [ Datei : C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\prefs.js ] Zeile gelöscht : user_pref("surfcanyon.fractions", "0.0_0.0\r\n"); Zeile gelöscht : user_pref("surfcanyon.last_checked_ts", "1266877330766"); -\\ Google Chrome v [ Datei : C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir= ************************* AdwCleaner[R0].txt - [5042 octets] - [08/05/2014 16:25:53] AdwCleaner[S0].txt - [4963 octets] - [08/05/2014 16:31:58] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5023 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows Vista (TM) Home Premium x86 Ran by An-D on 08.05.2014 at 16:50:53,29 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\An-D\appdata\locallow\boost_interprocess" ~~~ FireFox Emptied folder: C:\Users\An-D\AppData\Roaming\mozilla\firefox\profiles\xp78hkst.default\minidumps [22 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08.05.2014 at 16:55:33,86 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-05-2014 Ran by An-D (administrator) on NBAB on 08-05-2014 17:02:04 Running from C:\Users\An-D\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 7 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Syntek America Inc.) C:\Windows\System32\StkCSrv.exe () C:\Program Files\Verbindungsassistent\WTGService.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Spotify Ltd) C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-07-22] (Intel Corporation) HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC) HKLM\...\Run: [pdfFactory Pro Dispatcher v3] => C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe [614400 2009-12-15] (FinePrint Software, LLC) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1641896 2013-06-07] (Valve Corporation) HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [HumanizedEnso] => C:\Users\An-D\AppData\Local\HumanizedEnso\Enso.exe [117232 2008-01-14] () HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify Web Helper] => C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-26] (Spotify Ltd) HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify] => C:\Users\An-D\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-26] (Spotify Ltd) HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk ShortcutTarget: Inhaltsmanager-Assistent für PlayStation(R).lnk -> C:\Program Files\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.) Startup: C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\An-D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.) Toolbar: HKLM - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2 FireFox: ======== FF ProfilePath: C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF Plugin: @3dvia.com/3DVIAStudioPlayer - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes) FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Move Media Player - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\moveplayer@movenetworks.com [2009-04-04] FF Extension: FoxyTunes - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2012-03-27] FF Extension: DownloadHelper - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26] FF Extension: Add-on Compatibility Reporter - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\compatibility@addons.mozilla.org.xpi [2011-04-14] FF Extension: ProxMate - Proxy on steroids! - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-03-01] FF Extension: Session Manager - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-08-04] FF Extension: FlashGot - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-04-09] FF Extension: NoScript - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-04] FF Extension: Adblock Plus - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27] FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-12-20] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-20] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-31] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (3DVIA Player) - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Google Update) - C:\Users\An-D\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (YouTube) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-10] CHR Extension: (Google-Suche) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-10] CHR Extension: (Google Wallet) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28] CHR Extension: (Google Mail) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-10] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-04] CHR StartMenuInternet: Google Chrome - C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2014-01-22] (AVAST Software) S3 CoordinatorServiceHost; C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [79144 2008-09-09] (Dassault Systèmes SolidWorks Corp.) R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584 2007-04-03] (Cisco Systems, Inc.) R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [181544 2009-05-01] (Seagate Technology LLC) S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-13] (Microsoft Corporation) S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2009-01-28] (SolidWorks) R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [31248 2008-01-16] (Syntek America Inc.) R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] () ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2014-01-22] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2014-01-22] (AVAST Software) R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [49760 2014-01-22] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2014-01-22] () R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2014-01-22] (AVAST Software) R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2014-01-22] (AVAST Software) R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2014-01-22] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2014-01-22] () S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306295 2007-04-03] (Cisco Systems, Inc.) R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.) R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-06-25] (SAMSUNG ELECTRONICS CO., LTD.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) R3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1363088 2008-03-28] (Syntek) S3 ADDMEM; \??\C:\Users\An-D\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [X] U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\Users\An-D\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-08 17:02 - 2014-05-08 17:02 - 00024301 _____ () C:\Users\An-D\Desktop\FRST.txt 2014-05-08 17:01 - 2014-05-08 17:01 - 00000000 ____D () C:\Users\An-D\Desktop\FRST-OlderVersion 2014-05-08 16:55 - 2014-05-08 16:55 - 00001166 _____ () C:\Users\An-D\Desktop\JRT.txt 2014-05-08 16:50 - 2014-05-08 16:50 - 00000000 ____D () C:\Windows\ERUNT 2014-05-08 16:49 - 2014-05-08 16:50 - 01016261 _____ (Thisisu) C:\Users\An-D\Downloads\JRT.exe 2014-05-08 16:42 - 2014-05-08 16:33 - 00005103 _____ () C:\Users\An-D\Desktop\AdwCleaner[S0].txt 2014-05-08 16:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-05-08 16:25 - 2014-05-08 16:33 - 00000000 ____D () C:\AdwCleaner 2014-05-08 15:34 - 2014-05-08 15:34 - 00001195 _____ () C:\Users\An-D\Desktop\mbam.txt 2014-05-08 14:57 - 2014-05-08 16:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-08 14:56 - 2014-05-08 14:56 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-08 14:56 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-08 14:56 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-08 14:56 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-08 14:54 - 2014-05-08 14:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\An-D\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-08 13:43 - 2014-05-08 13:46 - 00069010 _____ () C:\Users\An-D\Desktop\JRT.exe 2014-05-08 13:43 - 2014-05-08 13:43 - 01316991 _____ () C:\Users\An-D\Desktop\adwcleaner.exe 2014-05-08 13:42 - 2014-05-08 13:45 - 14269225 _____ (Malwarebytes Corporation ) C:\Users\An-D\Desktop\mbam-setup-2.0.1.1004.exe 2014-04-30 20:52 - 2014-05-07 13:02 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-04-28 17:10 - 2014-05-08 16:34 - 00008086 _____ () C:\Windows\PFRO.log 2014-04-27 21:22 - 2014-04-27 21:22 - 00019121 _____ () C:\Users\An-D\Desktop\ComboFix.txt 2014-04-27 20:32 - 2014-04-27 21:23 - 00000000 ____D () C:\ComboFix 2014-04-27 19:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-27 19:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-27 19:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-27 19:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-27 19:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-27 19:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-27 19:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-27 19:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-27 19:09 - 2014-04-27 21:23 - 00000000 ____D () C:\Qoobox 2014-04-27 19:09 - 2014-04-27 19:51 - 00000000 ____D () C:\Windows\erdnt 2014-04-27 18:57 - 2014-04-27 18:57 - 00001057 _____ () C:\Users\An-D\Desktop\Revo Uninstaller.lnk 2014-04-27 18:57 - 2014-04-27 18:57 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-04-27 18:54 - 2014-04-27 18:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\An-D\Desktop\revosetup95.exe 2014-04-26 20:53 - 2014-04-26 20:54 - 05196309 ____R (Swearware) C:\Users\An-D\Desktop\ComboFix.exe 2014-04-26 03:59 - 2014-04-26 03:59 - 00008153 _____ () C:\Users\An-D\Desktop\Gmer.zip 2014-04-26 02:23 - 2014-04-26 02:23 - 00103056 _____ () C:\Users\An-D\Desktop\Gmer.txt 2014-04-26 01:29 - 2014-04-26 01:29 - 00149176 _____ () C:\Windows\Minidump\Mini042614-01.dmp 2014-04-26 01:04 - 2014-04-26 01:05 - 00380416 _____ () C:\Users\An-D\Desktop\Gmer-19357.exe 2014-04-26 00:59 - 2014-04-26 00:59 - 00040832 _____ () C:\Users\An-D\Desktop\Addition.txt 2014-04-26 00:58 - 2014-04-26 00:59 - 00042375 _____ () C:\Users\An-D\Desktop\FRST old.txt 2014-04-26 00:57 - 2014-05-08 17:02 - 00000000 ____D () C:\FRST 2014-04-26 00:54 - 2014-05-08 17:01 - 01053184 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe 2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log 2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable 2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe 2014-04-22 14:53 - 2014-04-30 07:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird 2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird 2014-04-22 14:47 - 2014-04-22 14:49 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe 2014-04-13 00:24 - 2014-04-13 00:25 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner ==================== One Month Modified Files and Folders ======= 2014-05-08 17:02 - 2014-05-08 17:02 - 00024301 _____ () C:\Users\An-D\Desktop\FRST.txt 2014-05-08 17:02 - 2014-04-26 00:57 - 00000000 ____D () C:\FRST 2014-05-08 17:01 - 2014-05-08 17:01 - 00000000 ____D () C:\Users\An-D\Desktop\FRST-OlderVersion 2014-05-08 17:01 - 2014-04-26 00:54 - 01053184 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe 2014-05-08 17:01 - 2008-12-27 17:11 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job 2014-05-08 16:55 - 2014-05-08 16:55 - 00001166 _____ () C:\Users\An-D\Desktop\JRT.txt 2014-05-08 16:51 - 2013-05-31 15:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-08 16:50 - 2014-05-08 16:50 - 00000000 ____D () C:\Windows\ERUNT 2014-05-08 16:50 - 2014-05-08 16:49 - 01016261 _____ (Thisisu) C:\Users\An-D\Downloads\JRT.exe 2014-05-08 16:42 - 2006-11-02 12:33 - 00824910 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-08 16:41 - 2012-06-04 01:20 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Spotify 2014-05-08 16:40 - 2010-04-06 23:58 - 00000000 ____D () C:\Program Files\Steam 2014-05-08 16:39 - 2008-10-24 02:04 - 01311057 _____ () C:\Windows\WindowsUpdate.log 2014-05-08 16:38 - 2012-06-04 01:21 - 00000000 ____D () C:\Users\An-D\AppData\Local\Spotify 2014-05-08 16:38 - 2012-02-14 17:49 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Dropbox 2014-05-08 16:37 - 2014-05-08 14:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-08 16:37 - 2009-02-25 19:38 - 00264787 _____ () C:\ProgramData\nvModes.001 2014-05-08 16:37 - 2009-02-25 18:51 - 00264787 _____ () C:\ProgramData\nvModes.dat 2014-05-08 16:35 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-08 16:35 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-08 16:35 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-08 16:34 - 2014-04-28 17:10 - 00008086 _____ () C:\Windows\PFRO.log 2014-05-08 16:34 - 2012-04-25 22:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-08 16:33 - 2014-05-08 16:42 - 00005103 _____ () C:\Users\An-D\Desktop\AdwCleaner[S0].txt 2014-05-08 16:33 - 2014-05-08 16:25 - 00000000 ____D () C:\AdwCleaner 2014-05-08 16:33 - 2008-06-25 23:08 - 00000836 _____ () C:\Windows\bthservsdp.dat 2014-05-08 16:33 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-08 15:35 - 2012-06-10 23:05 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA.job 2014-05-08 15:34 - 2014-05-08 15:34 - 00001195 _____ () C:\Users\An-D\Desktop\mbam.txt 2014-05-08 14:56 - 2014-05-08 14:56 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-08 14:55 - 2014-05-08 14:54 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\An-D\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-08 13:46 - 2014-05-08 13:43 - 00069010 _____ () C:\Users\An-D\Desktop\JRT.exe 2014-05-08 13:45 - 2014-05-08 13:42 - 14269225 _____ (Malwarebytes Corporation ) C:\Users\An-D\Desktop\mbam-setup-2.0.1.1004.exe 2014-05-08 13:43 - 2014-05-08 13:43 - 01316991 _____ () C:\Users\An-D\Desktop\adwcleaner.exe 2014-05-07 13:02 - 2014-04-30 20:52 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-05-03 03:35 - 2012-06-10 23:04 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core.job 2014-05-03 02:41 - 2013-12-20 09:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-30 07:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird 2014-04-30 07:51 - 2012-03-31 11:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-04-30 07:51 - 2011-05-21 20:08 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-04-29 16:18 - 2008-11-19 00:20 - 00116736 _____ () C:\Users\An-D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-27 21:23 - 2014-04-27 20:32 - 00000000 ____D () C:\ComboFix 2014-04-27 21:23 - 2014-04-27 19:09 - 00000000 ____D () C:\Qoobox 2014-04-27 21:22 - 2014-04-27 21:22 - 00019121 _____ () C:\Users\An-D\Desktop\ComboFix.txt 2014-04-27 21:22 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default 2014-04-27 21:22 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public 2014-04-27 20:47 - 2006-11-02 12:23 - 00000259 _____ () C:\Windows\system.ini 2014-04-27 19:51 - 2014-04-27 19:09 - 00000000 ____D () C:\Windows\erdnt 2014-04-27 18:57 - 2014-04-27 18:57 - 00001057 _____ () C:\Users\An-D\Desktop\Revo Uninstaller.lnk 2014-04-27 18:57 - 2014-04-27 18:57 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-04-27 18:54 - 2014-04-27 18:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\An-D\Desktop\revosetup95.exe 2014-04-26 20:54 - 2014-04-26 20:53 - 05196309 ____R (Swearware) C:\Users\An-D\Desktop\ComboFix.exe 2014-04-26 03:59 - 2014-04-26 03:59 - 00008153 _____ () C:\Users\An-D\Desktop\Gmer.zip 2014-04-26 03:59 - 2009-02-16 18:42 - 00000000 ____D () C:\Program Files\PowerArchiver 2014-04-26 02:23 - 2014-04-26 02:23 - 00103056 _____ () C:\Users\An-D\Desktop\Gmer.txt 2014-04-26 01:29 - 2014-04-26 01:29 - 00149176 _____ () C:\Windows\Minidump\Mini042614-01.dmp 2014-04-26 01:29 - 2008-12-21 00:04 - 444861160 _____ () C:\Windows\MEMORY.DMP 2014-04-26 01:29 - 2008-12-21 00:04 - 00000000 ____D () C:\Windows\Minidump 2014-04-26 01:05 - 2014-04-26 01:04 - 00380416 _____ () C:\Users\An-D\Desktop\Gmer-19357.exe 2014-04-26 00:59 - 2014-04-26 00:59 - 00040832 _____ () C:\Users\An-D\Desktop\Addition.txt 2014-04-26 00:59 - 2014-04-26 00:58 - 00042375 _____ () C:\Users\An-D\Desktop\FRST old.txt 2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log 2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable 2014-04-26 00:51 - 2008-11-15 16:35 - 00000000 ____D () C:\Users\An-D 2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe 2014-04-23 16:41 - 2012-12-09 21:33 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird 2014-04-22 14:49 - 2014-04-22 14:47 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe 2014-04-13 00:25 - 2014-04-13 00:24 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner Some content of TEMP: ==================== C:\Users\An-D\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphwlyzf.dll C:\Users\An-D\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-08 16:41 ==================== End Of Log ============================ |
09.05.2014, 11:27 | #9 |
/// the machine /// TB-Ausbilder | Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiertESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
10.05.2014, 18:01 | #10 |
| Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiertCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=75b56f0cb58e8b42b110274619462bbd # engine=18210 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-05-10 04:50:59 # local_time=2014-05-10 06:50:59 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=5892 16776574 100 100 92882018 237273387 0 0 # scanned=421866 # found=2 # cleaned=0 # scan_time=10033 sh=04EC27C13D5660967EC96F334F3798695C64A942 ft=1 fh=82bf198cef546e38 vn="Win32/PSW.Papras.CX Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\pmsqql.dat.vir" sh=B58B698C21ABDF1F1647914389FEF31B9F854EF0 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-0507.AH Trojaner" ac=I fn="C:\Users\An-D\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\5618bf91-62972101" ' UNSUPPORTED OPERATING SYSTEM! ABORTED!' aus... FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-05-2014 Ran by An-D (administrator) on NBAB on 10-05-2014 18:59:57 Running from C:\Users\An-D\Desktop Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 7 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Syntek America Inc.) C:\Windows\System32\StkCSrv.exe () C:\Program Files\Verbindungsassistent\WTGService.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Spotify Ltd) C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-07-22] (Intel Corporation) HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC) HKLM\...\Run: [pdfFactory Pro Dispatcher v3] => C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe [614400 2009-12-15] (FinePrint Software, LLC) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1641896 2013-06-07] (Valve Corporation) HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [HumanizedEnso] => C:\Users\An-D\AppData\Local\HumanizedEnso\Enso.exe [117232 2008-01-14] () HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify Web Helper] => C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-26] (Spotify Ltd) HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify] => C:\Users\An-D\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-26] (Spotify Ltd) HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk ShortcutTarget: Inhaltsmanager-Assistent für PlayStation(R).lnk -> C:\Program Files\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.) Startup: C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\An-D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.) Toolbar: HKLM - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF Plugin: @3dvia.com/3DVIAStudioPlayer - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes) FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Move Media Player - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\moveplayer@movenetworks.com [2009-04-04] FF Extension: FoxyTunes - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2012-03-27] FF Extension: DownloadHelper - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26] FF Extension: Add-on Compatibility Reporter - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\compatibility@addons.mozilla.org.xpi [2011-04-14] FF Extension: ProxMate - Proxy on steroids! - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-03-01] FF Extension: Session Manager - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-08-04] FF Extension: FlashGot - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-04-09] FF Extension: NoScript - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-04] FF Extension: Adblock Plus - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27] FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-12-20] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-20] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-31] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (3DVIA Player) - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Google Update) - C:\Users\An-D\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (YouTube) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-10] CHR Extension: (Google-Suche) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-10] CHR Extension: (Google Wallet) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28] CHR Extension: (Google Mail) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-10] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-04] CHR StartMenuInternet: Google Chrome - C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2014-01-22] (AVAST Software) S3 CoordinatorServiceHost; C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [79144 2008-09-09] (Dassault Systèmes SolidWorks Corp.) R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584 2007-04-03] (Cisco Systems, Inc.) R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [181544 2009-05-01] (Seagate Technology LLC) S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-13] (Microsoft Corporation) S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2009-01-28] (SolidWorks) R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [31248 2008-01-16] (Syntek America Inc.) R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] () ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2014-01-22] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2014-01-22] (AVAST Software) R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [49760 2014-01-22] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2014-01-22] () R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2014-01-22] (AVAST Software) R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2014-01-22] (AVAST Software) R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2014-01-22] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2014-01-22] () S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306295 2007-04-03] (Cisco Systems, Inc.) R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.) R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-06-25] (SAMSUNG ELECTRONICS CO., LTD.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) R3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1363088 2008-03-28] (Syntek) S3 ADDMEM; \??\C:\Users\An-D\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [X] U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\Users\An-D\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-10 18:59 - 2014-05-10 18:59 - 00024211 _____ () C:\Users\An-D\Desktop\FRST.txt 2014-05-10 18:58 - 2014-05-10 18:58 - 00855379 _____ () C:\Users\An-D\Downloads\SecurityCheck.exe 2014-05-10 15:55 - 2014-05-10 15:55 - 02347384 _____ (ESET) C:\Users\An-D\Downloads\esetsmartinstaller_deu.exe 2014-05-08 17:02 - 2014-05-08 17:02 - 00037591 _____ () C:\Users\An-D\Desktop\FRST old.txt 2014-05-08 17:01 - 2014-05-10 18:59 - 00000000 ____D () C:\Users\An-D\Desktop\FRST-OlderVersion 2014-05-08 16:55 - 2014-05-08 16:55 - 00001166 _____ () C:\Users\An-D\Desktop\JRT.txt 2014-05-08 16:50 - 2014-05-08 16:50 - 00000000 ____D () C:\Windows\ERUNT 2014-05-08 16:49 - 2014-05-08 16:50 - 01016261 _____ (Thisisu) C:\Users\An-D\Downloads\JRT.exe 2014-05-08 16:42 - 2014-05-08 16:33 - 00005103 _____ () C:\Users\An-D\Desktop\AdwCleaner[S0].txt 2014-05-08 16:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-05-08 16:25 - 2014-05-08 16:33 - 00000000 ____D () C:\AdwCleaner 2014-05-08 15:34 - 2014-05-08 15:34 - 00001195 _____ () C:\Users\An-D\Desktop\mbam.txt 2014-05-08 14:57 - 2014-05-08 16:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-08 14:56 - 2014-05-08 14:56 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-08 14:56 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-08 14:56 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-08 14:56 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-08 14:54 - 2014-05-08 14:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\An-D\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-08 13:43 - 2014-05-08 13:46 - 00069010 _____ () C:\Users\An-D\Desktop\JRT.exe 2014-05-08 13:43 - 2014-05-08 13:43 - 01316991 _____ () C:\Users\An-D\Desktop\adwcleaner.exe 2014-05-08 13:42 - 2014-05-08 13:45 - 14269225 _____ (Malwarebytes Corporation ) C:\Users\An-D\Desktop\mbam-setup-2.0.1.1004.exe 2014-04-30 20:52 - 2014-05-07 13:02 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-04-28 17:10 - 2014-05-08 16:34 - 00008086 _____ () C:\Windows\PFRO.log 2014-04-27 21:22 - 2014-04-27 21:22 - 00019121 _____ () C:\Users\An-D\Desktop\ComboFix.txt 2014-04-27 20:32 - 2014-04-27 21:23 - 00000000 ____D () C:\ComboFix 2014-04-27 19:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-27 19:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-27 19:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-27 19:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-27 19:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-27 19:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-27 19:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-27 19:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-27 19:09 - 2014-04-27 21:23 - 00000000 ____D () C:\Qoobox 2014-04-27 19:09 - 2014-04-27 19:51 - 00000000 ____D () C:\Windows\erdnt 2014-04-27 18:57 - 2014-04-27 18:57 - 00001057 _____ () C:\Users\An-D\Desktop\Revo Uninstaller.lnk 2014-04-27 18:57 - 2014-04-27 18:57 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-04-27 18:54 - 2014-04-27 18:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\An-D\Desktop\revosetup95.exe 2014-04-26 20:53 - 2014-04-26 20:54 - 05196309 ____R (Swearware) C:\Users\An-D\Desktop\ComboFix.exe 2014-04-26 03:59 - 2014-04-26 03:59 - 00008153 _____ () C:\Users\An-D\Desktop\Gmer.zip 2014-04-26 02:23 - 2014-04-26 02:23 - 00103056 _____ () C:\Users\An-D\Desktop\Gmer.txt 2014-04-26 01:29 - 2014-04-26 01:29 - 00149176 _____ () C:\Windows\Minidump\Mini042614-01.dmp 2014-04-26 01:04 - 2014-04-26 01:05 - 00380416 _____ () C:\Users\An-D\Desktop\Gmer-19357.exe 2014-04-26 00:59 - 2014-04-26 00:59 - 00040832 _____ () C:\Users\An-D\Desktop\Addition.txt 2014-04-26 00:57 - 2014-05-10 18:59 - 00000000 ____D () C:\FRST 2014-04-26 00:54 - 2014-05-10 18:59 - 01054720 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe 2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log 2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable 2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe 2014-04-22 14:53 - 2014-04-30 07:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird 2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird 2014-04-22 14:47 - 2014-04-22 14:49 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe 2014-04-13 00:24 - 2014-04-13 00:25 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner ==================== One Month Modified Files and Folders ======= 2014-05-10 19:00 - 2014-05-10 18:59 - 00024211 _____ () C:\Users\An-D\Desktop\FRST.txt 2014-05-10 18:59 - 2014-05-08 17:01 - 00000000 ____D () C:\Users\An-D\Desktop\FRST-OlderVersion 2014-05-10 18:59 - 2014-04-26 00:57 - 00000000 ____D () C:\FRST 2014-05-10 18:59 - 2014-04-26 00:54 - 01054720 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe 2014-05-10 18:58 - 2014-05-10 18:58 - 00855379 _____ () C:\Users\An-D\Downloads\SecurityCheck.exe 2014-05-10 18:52 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-10 18:52 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-10 18:51 - 2013-05-31 15:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-10 18:35 - 2012-06-10 23:05 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA.job 2014-05-10 15:55 - 2014-05-10 15:55 - 02347384 _____ (ESET) C:\Users\An-D\Downloads\esetsmartinstaller_deu.exe 2014-05-10 15:54 - 2006-11-02 12:33 - 00824910 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-10 15:50 - 2009-02-25 19:38 - 00264787 _____ () C:\ProgramData\nvModes.001 2014-05-10 15:50 - 2009-02-25 18:51 - 00264787 _____ () C:\ProgramData\nvModes.dat 2014-05-10 15:50 - 2008-10-24 02:04 - 01311426 _____ () C:\Windows\WindowsUpdate.log 2014-05-08 17:02 - 2014-05-08 17:02 - 00037591 _____ () C:\Users\An-D\Desktop\FRST old.txt 2014-05-08 17:01 - 2008-12-27 17:11 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job 2014-05-08 16:55 - 2014-05-08 16:55 - 00001166 _____ () C:\Users\An-D\Desktop\JRT.txt 2014-05-08 16:50 - 2014-05-08 16:50 - 00000000 ____D () C:\Windows\ERUNT 2014-05-08 16:50 - 2014-05-08 16:49 - 01016261 _____ (Thisisu) C:\Users\An-D\Downloads\JRT.exe 2014-05-08 16:41 - 2012-06-04 01:20 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Spotify 2014-05-08 16:40 - 2010-04-06 23:58 - 00000000 ____D () C:\Program Files\Steam 2014-05-08 16:38 - 2012-06-04 01:21 - 00000000 ____D () C:\Users\An-D\AppData\Local\Spotify 2014-05-08 16:38 - 2012-02-14 17:49 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Dropbox 2014-05-08 16:37 - 2014-05-08 14:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-08 16:35 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-08 16:34 - 2014-04-28 17:10 - 00008086 _____ () C:\Windows\PFRO.log 2014-05-08 16:34 - 2012-04-25 22:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-08 16:33 - 2014-05-08 16:42 - 00005103 _____ () C:\Users\An-D\Desktop\AdwCleaner[S0].txt 2014-05-08 16:33 - 2014-05-08 16:25 - 00000000 ____D () C:\AdwCleaner 2014-05-08 16:33 - 2008-06-25 23:08 - 00000836 _____ () C:\Windows\bthservsdp.dat 2014-05-08 16:33 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-08 15:34 - 2014-05-08 15:34 - 00001195 _____ () C:\Users\An-D\Desktop\mbam.txt 2014-05-08 14:56 - 2014-05-08 14:56 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-05-08 14:55 - 2014-05-08 14:54 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\An-D\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-08 13:46 - 2014-05-08 13:43 - 00069010 _____ () C:\Users\An-D\Desktop\JRT.exe 2014-05-08 13:45 - 2014-05-08 13:42 - 14269225 _____ (Malwarebytes Corporation ) C:\Users\An-D\Desktop\mbam-setup-2.0.1.1004.exe 2014-05-08 13:43 - 2014-05-08 13:43 - 01316991 _____ () C:\Users\An-D\Desktop\adwcleaner.exe 2014-05-07 13:02 - 2014-04-30 20:52 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-05-03 03:35 - 2012-06-10 23:04 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core.job 2014-05-03 02:41 - 2013-12-20 09:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-30 07:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird 2014-04-30 07:51 - 2012-03-31 11:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-04-30 07:51 - 2011-05-21 20:08 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-04-29 16:18 - 2008-11-19 00:20 - 00116736 _____ () C:\Users\An-D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-27 21:23 - 2014-04-27 20:32 - 00000000 ____D () C:\ComboFix 2014-04-27 21:23 - 2014-04-27 19:09 - 00000000 ____D () C:\Qoobox 2014-04-27 21:22 - 2014-04-27 21:22 - 00019121 _____ () C:\Users\An-D\Desktop\ComboFix.txt 2014-04-27 21:22 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default 2014-04-27 21:22 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public 2014-04-27 20:47 - 2006-11-02 12:23 - 00000259 _____ () C:\Windows\system.ini 2014-04-27 19:51 - 2014-04-27 19:09 - 00000000 ____D () C:\Windows\erdnt 2014-04-27 18:57 - 2014-04-27 18:57 - 00001057 _____ () C:\Users\An-D\Desktop\Revo Uninstaller.lnk 2014-04-27 18:57 - 2014-04-27 18:57 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-04-27 18:54 - 2014-04-27 18:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\An-D\Desktop\revosetup95.exe 2014-04-26 20:54 - 2014-04-26 20:53 - 05196309 ____R (Swearware) C:\Users\An-D\Desktop\ComboFix.exe 2014-04-26 03:59 - 2014-04-26 03:59 - 00008153 _____ () C:\Users\An-D\Desktop\Gmer.zip 2014-04-26 03:59 - 2009-02-16 18:42 - 00000000 ____D () C:\Program Files\PowerArchiver 2014-04-26 02:23 - 2014-04-26 02:23 - 00103056 _____ () C:\Users\An-D\Desktop\Gmer.txt 2014-04-26 01:29 - 2014-04-26 01:29 - 00149176 _____ () C:\Windows\Minidump\Mini042614-01.dmp 2014-04-26 01:29 - 2008-12-21 00:04 - 444861160 _____ () C:\Windows\MEMORY.DMP 2014-04-26 01:29 - 2008-12-21 00:04 - 00000000 ____D () C:\Windows\Minidump 2014-04-26 01:05 - 2014-04-26 01:04 - 00380416 _____ () C:\Users\An-D\Desktop\Gmer-19357.exe 2014-04-26 00:59 - 2014-04-26 00:59 - 00040832 _____ () C:\Users\An-D\Desktop\Addition.txt 2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log 2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable 2014-04-26 00:51 - 2008-11-15 16:35 - 00000000 ____D () C:\Users\An-D 2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe 2014-04-23 16:41 - 2012-12-09 21:33 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird 2014-04-22 14:49 - 2014-04-22 14:47 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe 2014-04-13 00:25 - 2014-04-13 00:24 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner Some content of TEMP: ==================== C:\Users\An-D\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphwlyzf.dll C:\Users\An-D\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-08 16:41 ==================== End Of Log ============================ |
11.05.2014, 12:34 | #11 |
/// the machine /// TB-Ausbilder | Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows Vista Home Premium SP1: Avast durch Gruppenrichtlinie blockiert |
administrator, avast, blockiert, bluescreen, durch gruppenrichtlinie blockiert, e-banking, einloggen, forum, gmer, gruppenrichtlinie blockiert, home, logfile, löschen, malware, neustart, programm, seite, startseite, suche, vista, wiederholt, win32/psw.papras.cx, windows, windows vista, überprüfung |