| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avast hat eine infizierte Webseite blockiert!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.03.2013, 05:47
| #1 |
 |  Avast hat eine infizierte Webseite blockiert! Schönen guten Morgen liebe Forenmitglieder, ich bedanke mich schon mal im Vorraus für eure Hilfe und ähnliches. Ich hatte in der Vergangenheit schon einige Probleme mit Viren / Trojanern etc. (BKA Trojaner.... .__.) Naja, wie auch immer, ich hab mir dann ein paar Sachen durchgelesen und reingezogen. Auf meinem Pc läuft das Virenschutzprogramm Avast. Beim Surfen heute morgen (ich muss dazu sagen auf grundsätzlich unsicheren und nicht jugendfreien Seiten o.o) hat Avast mir dann ausgespucht: Meldung: Infizierte Website blockiert. Über Avast selbst hab ich dann rausgefunden übers programmeigene Fenster in den Informationen zum Problem innerhalb des Webschutzes: Url: http.xxxx. (zensiert) Schweregrad: Hoch Status: Bedrohung: TTF:CVE-2011-3402 [Expl] (steht wahrscheinlich für Exploit?!) Aktion: Blockiert Ergebnis: (nichts eingetragen) Ich frage mich halt jetzt, ob ich mir da großartig Gedanken machen muss...also ggf ne Infektion vorliegt und ob ich jetzt Malwarebytes, defrogger, OTT, Gmer oder so runterladen muss, um zu sehen das mein System sauber ist? Ich meine, grundsätzlich sind solche Programme ja auch nicht immer zu 100 % dicht und können alles abhalten. Oder hat Avast die Infektion durch blockieren der Seite abgewendet? Das sind eben die Sachen die ich mich so frage. Falls es dann doch zum Ergebnis kommt, das ich Bytes etc hochladen soll (auf eure Emphelung) werde ich mir die benötigten Programme natürlich sofort ziehen.  Danke schon mal im Vorraus für die Hilfe. |
|
02.03.2013, 12:39
| #2 |
| /// TB-Ausbilder   | Avast hat eine infizierte Webseite blockiert! Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Alleine nur aufgrund der geposteten Informationen kann ich dir nicht sagen, ob dein Rechner nun infiziert ist. Letztendlich liegt es bei dir, ob du deinen Rechner einer genaueren Analyse unterziehen möchtest oder nicht.  Gib mir einfach kurz Bescheid, wie du dich entschieden hast. |
|
02.03.2013, 13:28
| #3 |
| | Avast hat eine infizierte Webseite blockiert! Ich wäre dankbar, wenn die gesamte Arbeit bis Sonntag durch wäre, da ich durch Auswärtstätigkeit ab Sonntag Abend bis Freitag Nachmittag nicht mehr da sein werde am HeimPc
__________________Daher wäre ich zu einer Arbeit ab sofort bereit und im Stande. Illegale Software habe ich eh nicht auf dem Pc installiert. Gehört sich nicht ^^ |
|
02.03.2013, 13:32
| #4 |
| /// TB-Ausbilder | Avast hat eine infizierte Webseite blockiert! Servus, Schritt 1 Downloade dir bitte DDS ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.exe
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Bitte
Bitte poste mit deiner nächsten Antwort
Geändert von M-K-D-B (02.03.2013 um 13:49 Uhr) |
|
02.03.2013, 13:41
| #5 |
| | Avast hat eine infizierte Webseite blockiert! Ich bin jetzt soweit mit den ersten beiden Scans fertig, also fehlt nur noch der GMER Scan. Ich kann den Hyperlink nicht anklicken. Da kommt so etwas frei nach dem Motto: You dont have access to...files.php Edit: Muss ich auch die Windows interne Firewall ausschalten? ^^ |
|
02.03.2013, 15:06
| #7 |
| | Avast hat eine infizierte Webseite blockiert! So. Habe alle Scans stumpf nach Anleitung durchgeführt. Anmerkung: Beim GMER Scan schmiss er am Ende des Scans aus: Warning!!! Gmer found system modifications caused by Rootkit Activity. Hat das was zu bedeuten? Weitere Anmerkung: Habe meinen eigenen Namen der meinem Pc Nutzernamen entspricht durch [Mein Name] unkenntlich gemacht. Wenn das ganze so funktioniert, wäre es dann möglich, dass mein Laptop noch einmal überprüft wird? Des weiteren die Scans eingefügt: Attach Scan aus DDS: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS Logfile: DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01)
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 04.02.2013 19:48:15
System Uptime: 02.03.2013 09:39:55 (4 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A78 PRO
Processor: AMD Phenom(tm) 9950 Quad-Core Processor | AM2 | 1300/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 194,182 GiB free.
D: is FIXED (NTFS) - 77 GiB total, 9,265 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: D-Link DWA-547 RangeBooster N650 Desktop Adapter
Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_3A6B1186&REV_01\4&2966AB86&0&38A4
Manufacturer: D-Link Corporation
Name: D-Link DWA-547 RangeBooster N650 Desktop Adapter
PNP Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_3A6B1186&REV_01\4&2966AB86&0&38A4
Service: athr
.
==== System Restore Points ===================
.
RP21: 15.02.2013 13:52:56 - Windows Update
RP22: 16.02.2013 00:01:48 - Windows Live Essentials
RP23: 16.02.2013 00:03:39 - WLSetup
RP24: 16.02.2013 02:50:57 - Windows Update
RP25: 22.02.2013 13:04:45 - Windows Update
RP26: 22.02.2013 20:45:57 - Installed Java 7 Update 15
RP27: 01.03.2013 13:34:16 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02) - Deutsch
Adobe Shockwave Player 12.0
AMD OverDrive
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
Auslogics Disk Defrag
avast! Free Antivirus
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Google Chrome
Google Update Helper
HydraVision
Java 7 Update 15
Java 7 Update 15 (64-bit)
Java Auto Updater
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 32-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 19.0.1 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
OpenOffice.org 3.4.1
Photo Common
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
Skype™ 6.2
swMSM
TeamSpeak 3 Client
TurboV
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== End Of File ===========================
Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2
Run by [Mein Name] at 13:36:14 on 2013-03-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3839.2239 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\KMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Microsoft-Konto-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe" -b
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\[Mein Name]\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: An OneNote s&enden - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{9674CBAF-6D39-479D-9BDA-7ECCDB552EF6} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\[Mein Name]\AppData\Roaming\Mozilla\Firefox\Profiles\hf2irw73.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-04 20:15; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-1 65408]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-1 177672]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-4 1025880]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-2-4 377992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-2-7 203264]
R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-5-21 136616]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2013-2-4 96896]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-2-4 33472]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-4 80888]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-1 45248]
R2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
R3 AODDriver2;AODDriver2;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-5-21 52352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-5 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-2-5 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-5 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-5 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
.
=============== Created Last 30 ================
.
2013-03-02 03:48:13 -------- d-----r- C:\Program Files (x86)\Skype
2013-03-01 22:08:52 177672 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-03-01 22:08:51 65408 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-03-01 20:05:19 263064 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2013-03-01 12:34:45 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{842C4280-7059-4BC9-BF1B-BC77835D539D}\mpengine.dll
2013-02-23 15:04:33 -------- d-----w- C:\Users\[Mein Name]\AppData\Roaming\TS3Client
2013-02-23 15:04:06 -------- d-----w- C:\Users\[Mein Name]\AppData\Local\TeamSpeak 3 Client
2013-02-23 14:31:16 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-02-22 19:46:35 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-16 19:27:56 -------- d-----w- C:\Users\[Mein Name]\AppData\Roaming\OpenOffice.org
2013-02-16 01:53:27 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-16 01:53:27 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 23:05:42 -------- d-----w- C:\Users\[Mein Name]\Tracing
2013-02-15 23:01:59 -------- d-----w- C:\Users\[Mein Name]\AppData\Local\Microsoft Games
2013-02-15 23:01:48 -------- d-----w- C:\Users\[Mein Name]\AppData\Local\Windows Live
2013-02-15 23:01:30 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2013-02-15 12:57:09 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-15 12:57:08 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-15 12:57:07 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-15 12:57:02 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-15 12:57:00 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-15 12:56:59 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-15 12:56:59 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-15 12:56:59 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-15 12:56:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-15 12:56:59 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-15 12:56:57 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-15 12:56:57 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-09 19:12:38 -------- d-----w- C:\Users\[Mein Name]\AppData\Local\Google
2013-02-08 12:46:20 -------- d-----w- C:\Users\[Mein Name]\AppData\Local\Macromedia
2013-02-08 12:45:54 -------- d-----w- C:\Users\[Mein Name]\AppData\Local\Mozilla
2013-02-08 12:11:43 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2013-02-08 12:09:03 -------- d-----w- C:\Program Files (x86)\Auslogics
2013-02-08 12:08:45 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-02-08 12:07:22 -------- d-----w- C:\Windows\SysWow64\Adobe
2013-02-08 12:07:17 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-02-08 12:07:17 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-02-08 12:06:40 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-02-08 12:06:40 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-07 19:56:57 -------- d-----w- C:\Users\[Mein Name]\AppData\Local\ATI
2013-02-07 18:49:32 96768 ----a-w- C:\Windows\System32\fsutil.exe
2013-02-07 18:49:32 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2013-02-07 18:49:32 2565632 ----a-w- C:\Windows\System32\esent.dll
2013-02-07 18:49:31 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2013-02-07 18:49:31 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2013-02-07 18:49:31 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-02-07 18:49:31 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2013-02-07 18:49:31 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2013-02-07 18:49:31 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2013-02-07 18:49:31 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2013-02-07 18:35:39 -------- d-----w- C:\Users\[Mein Name]\AppData\Local\Adobe
2013-02-07 18:32:56 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-02-07 18:32:56 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-02-07 18:32:55 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-02-07 18:32:55 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-02-07 18:32:55 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-02-07 18:32:55 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-02-07 18:32:55 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-02-05 18:33:14 902656 ----a-w- C:\Windows\System32\d2d1.dll
2013-02-05 18:33:14 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2013-02-05 18:33:13 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-02-05 18:18:27 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
2013-02-05 18:18:26 -------- d-----w- C:\Windows\System32\wbem\en-US
2013-02-05 17:39:23 2560 ----a-w- C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
2013-02-05 17:39:22 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-02-05 17:39:22 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-02-05 17:39:22 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-02-05 17:18:26 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2013-02-05 17:10:57 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-02-05 17:10:57 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-02-05 17:10:57 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-02-05 17:10:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-02-05 17:10:57 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-02-05 17:10:56 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-02-05 17:10:55 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-02-05 17:09:54 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-02-05 17:09:54 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-02-05 17:09:53 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-02-05 17:09:53 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-02-05 17:09:52 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-02-05 17:09:51 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-02-05 17:09:51 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-02-05 17:07:11 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-02-05 17:07:11 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-02-05 17:07:11 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-02-05 17:07:11 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-02-05 17:07:11 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-02-05 16:50:50 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-02-05 16:50:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-02-05 16:48:59 51712 ----a-w- C:\Windows\SysWow64\esrb.rs
2013-02-05 16:47:58 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-02-05 16:46:58 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2013-02-05 16:45:52 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2013-02-05 16:41:22 723456 ----a-w- C:\Windows\System32\EncDec.dll
2013-02-05 16:41:22 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2013-02-05 16:38:39 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-02-05 16:38:39 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-02-05 16:38:39 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-02-05 16:38:38 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-02-05 16:38:38 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-02-05 16:37:58 67072 ----a-w- C:\Windows\splwow64.exe
2013-02-05 16:37:58 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-02-05 16:34:11 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-02-05 16:34:10 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2013-02-05 16:32:14 77312 ----a-w- C:\Windows\System32\packager.dll
2013-02-05 16:32:14 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-02-05 16:31:58 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-02-05 16:31:57 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-02-05 16:31:57 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-02-05 16:20:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-02-05 16:20:05 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-02-05 16:19:58 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-02-05 16:19:58 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-02-05 16:17:53 8192 ----a-w- C:\Windows\SysWow64\srvany.exe
2013-02-05 16:17:53 77824 ----a-w- C:\Windows\KMService.exe
2013-02-05 16:08:27 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2013-02-05 16:08:03 -------- d-----w- C:\Windows\PCHEALTH
2013-02-05 16:08:03 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2013-02-05 16:06:59 -------- d-----w- C:\IDE
2013-02-05 16:06:50 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-02-05 16:06:04 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2013-02-05 16:06:04 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-02-05 16:05:35 -------- d-----w- C:\Users\[Mein Name]\AppData\Local\Microsoft Help
2013-02-04 19:42:39 -------- d-----w- C:\Windows\SysWow64\Atheros_L1e
2013-02-04 19:41:40 24576 ----a-w- C:\Windows\SysWow64\AsIO.dll
2013-02-04 19:41:40 13440 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys
2013-02-04 19:41:37 -------- d-----w- C:\Program Files (x86)\ASUS
2013-02-04 19:41:25 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-02-04 19:41:25 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-02-04 19:41:25 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-02-04 19:41:24 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-02-04 19:41:23 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-02-04 19:38:53 -------- d-----w- C:\Program Files (x86)\AMD
2013-02-04 19:38:09 -------- d-----w- C:\Users\[Mein Name]\AppData\Local\Downloaded Installations
2013-02-04 19:37:39 -------- d-----w- C:\Windows\AMD_Chipset_V307320_Windows7
2013-02-04 19:37:38 15872 ----a-w- C:\Windows\AsTaskSched.dll
2013-02-04 19:23:13 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-04 19:23:13 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-04 19:10:10 71064 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-02-04 19:10:09 1025880 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-02-04 19:10:07 80888 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-02-04 19:09:46 -------- d-sh--w- C:\Windows\Installer
2013-02-04 19:09:34 41664 ----a-w- C:\Windows\avastSS.scr
2013-02-04 19:09:22 -------- d-----w- C:\ProgramData\AVAST Software
2013-02-04 19:09:22 -------- d-----w- C:\Program Files\AVAST Software
2013-02-04 18:43:04 0 ----a-w- C:\Windows\ativpsrm.bin
2013-02-04 18:39:39 -------- d-----w- C:\Windows\Panther
.
==================== Find3M ====================
.
2013-02-07 18:12:49 1488896 ----a-w- C:\Windows\System32\drivers\athrx.sys
2013-01-17 00:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
.
============= FINISH: 13:36:41,17 ===============
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- Defrogger Scan: defogger_disable by jpshortstuff (23.02.10.1) Log created at 13:40 on 02/03/2013 ([Mein Name]) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Gmer Scan: GMER Logfile: Code:
ATTFilter GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-02 14:56:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SP2504C rev.VT100-50 232,89GB
Running: 2971thvg.exe; Driver: C:\Users\[Mein Name]\AppData\Local\Temp\uwddipob.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d9eecd 1 byte [62]
.text C:\Windows\system32\services.exe[572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d9eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d9eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d9eecd 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[916] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d9eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d9eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d9eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[280] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d9eecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[456] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076d9eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[424] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d9eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d9eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[1480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d9eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d9eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076d9eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1684] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007676a30a 1 byte [62]
.text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[1708] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007676a30a 1 byte [62]
.text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b11465 2 bytes [B1, 76]
.text C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b114bb 2 bytes [B1, 76]
.text ... * 2
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077443ae0 5 bytes JMP 000000010046075c
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077447a90 5 bytes JMP 00000001004603a4
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077471490 5 bytes JMP 0000000100460b14
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774714f0 5 bytes JMP 0000000100460ecc
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774715d0 5 bytes JMP 000000010046163c
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077471810 5 bytes JMP 0000000100461284
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077472840 5 bytes JMP 00000001004619f4
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d9eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff676e00 5 bytes JMP 000007ff7f691dac
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff676f2c 5 bytes JMP 000007ff7f690ecc
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff677220 5 bytes JMP 000007ff7f691284
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff67739c 5 bytes JMP 000007ff7f69163c
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff677538 5 bytes JMP 000007ff7f6919f4
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6775e8 5 bytes JMP 000007ff7f6903a4
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff67790c 5 bytes JMP 000007ff7f69075c
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff677ab4 5 bytes JMP 000007ff7f690b14
.text C:\Windows\system32\taskeng.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077443ae0 5 bytes JMP 00000001001b075c
.text C:\Windows\system32\taskeng.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077447a90 5 bytes JMP 00000001001b03a4
.text C:\Windows\system32\taskeng.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077471490 5 bytes JMP 00000001001b0b14
.text C:\Windows\system32\taskeng.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774714f0 5 bytes JMP 00000001001b0ecc
.text C:\Windows\system32\taskeng.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774715d0 5 bytes JMP 00000001001b163c
.text C:\Windows\system32\taskeng.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077471810 5 bytes JMP 00000001001b1284
.text C:\Windows\system32\taskeng.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077472840 5 bytes JMP 00000001001b19f4
.text C:\Windows\system32\taskeng.exe[1952] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff676e00 5 bytes JMP 000007ff7f691dac
.text C:\Windows\system32\taskeng.exe[1952] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff676f2c 5 bytes JMP 000007ff7f690ecc
.text C:\Windows\system32\taskeng.exe[1952] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff677220 5 bytes JMP 000007ff7f691284
.text C:\Windows\system32\taskeng.exe[1952] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff67739c 5 bytes JMP 000007ff7f69163c
.text C:\Windows\system32\taskeng.exe[1952] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff677538 5 bytes JMP 000007ff7f6919f4
.text C:\Windows\system32\taskeng.exe[1952] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6775e8 5 bytes JMP 000007ff7f6903a4
.text C:\Windows\system32\taskeng.exe[1952] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff67790c 5 bytes JMP 000007ff7f69075c
.text C:\Windows\system32\taskeng.exe[1952] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff677ab4 5 bytes JMP 000007ff7f690b14
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007761faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007761fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007761fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077620018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077621900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007763c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077641217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007676a30a 1 byte [62]
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000755c5181 5 bytes JMP 0000000100241014
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000755c5254 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000755c53d5 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000755c54c2 5 bytes JMP 0000000100240c0c
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000755c55e2 5 bytes JMP 0000000100240e10
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000755c567c 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000755c589f 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000755c5a22 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c5ee09 5 bytes JMP 00000001002601f8
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c63982 5 bytes JMP 00000001002603fc
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c67603 5 bytes JMP 0000000100260804
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c6835c 5 bytes JMP 0000000100260600
.text C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe[388] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c7f52b 5 bytes JMP 0000000100260a08
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007761faa0 5 bytes JMP 0000000100030600
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007761fb38 5 bytes JMP 0000000100030804
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007761fc90 5 bytes JMP 0000000100030c0c
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077620018 5 bytes JMP 0000000100030a08
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077621900 5 bytes JMP 0000000100030e10
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007763c45a 5 bytes JMP 00000001000301f8
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077641217 5 bytes JMP 00000001000303fc
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007676a30a 1 byte [62]
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c5ee09 5 bytes JMP 00000001001701f8
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c63982 5 bytes JMP 00000001001703fc
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c67603 5 bytes JMP 0000000100170804
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c6835c 5 bytes JMP 0000000100170600
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c7f52b 5 bytes JMP 0000000100170a08
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000755c5181 5 bytes JMP 0000000100181014
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000755c5254 5 bytes JMP 0000000100180804
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000755c53d5 5 bytes JMP 0000000100180a08
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000755c54c2 5 bytes JMP 0000000100180c0c
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000755c55e2 5 bytes JMP 0000000100180e10
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000755c567c 5 bytes JMP 00000001001801f8
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000755c589f 5 bytes JMP 00000001001803fc
.text C:\Windows\SysWOW64\srvany.exe[1384] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000755c5a22 5 bytes JMP 0000000100180600
.text C:\Windows\KMService.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007761faa0 5 bytes JMP 00000001001c0600
.text C:\Windows\KMService.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007761fb38 5 bytes JMP 00000001001c0804
.text C:\Windows\KMService.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007761fc90 5 bytes JMP 00000001001c0c0c
.text C:\Windows\KMService.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077620018 5 bytes JMP 00000001001c0a08
.text C:\Windows\KMService.exe[1968] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077621900 5 bytes JMP 00000001001c0e10
.text C:\Windows\KMService.exe[1968] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007763c45a 5 bytes JMP 00000001001c01f8
.text C:\Windows\KMService.exe[1968] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077641217 5 bytes JMP 00000001001c03fc
.text C:\Windows\KMService.exe[1968] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007676a30a 1 byte [62]
.text C:\Windows\KMService.exe[1968] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000755c5181 5 bytes JMP 00000001001d1014
.text C:\Windows\KMService.exe[1968] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000755c5254 5 bytes JMP 00000001001d0804
.text C:\Windows\KMService.exe[1968] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000755c53d5 5 bytes JMP 00000001001d0a08
.text C:\Windows\KMService.exe[1968] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000755c54c2 5 bytes JMP 00000001001d0c0c
.text C:\Windows\KMService.exe[1968] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000755c55e2 5 bytes JMP 00000001001d0e10
.text C:\Windows\KMService.exe[1968] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000755c567c 5 bytes JMP 00000001001d01f8
.text C:\Windows\KMService.exe[1968] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000755c589f 5 bytes JMP 00000001001d03fc
.text C:\Windows\KMService.exe[1968] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000755c5a22 3 bytes JMP 00000001001d0600
.text C:\Windows\KMService.exe[1968] C:\Windows\SysWOW64\sechost.dll!DeleteService + 4 00000000755c5a26 1 byte [8A]
.text C:\Windows\KMService.exe[1968] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c5ee09 5 bytes JMP 00000001001e01f8
.text C:\Windows\KMService.exe[1968] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c63982 5 bytes JMP 00000001001e03fc
.text C:\Windows\KMService.exe[1968] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c67603 5 bytes JMP 00000001001e0804
.text C:\Windows\KMService.exe[1968] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c6835c 5 bytes JMP 00000001001e0600
.text C:\Windows\KMService.exe[1968] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c7f52b 5 bytes JMP 00000001001e0a08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2260] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077443ae0 5 bytes JMP 000000010048075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2260] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077447a90 5 bytes JMP 00000001004803a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077471490 5 bytes JMP 0000000100480b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2260] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774714f0 5 bytes JMP 0000000100480ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774715d0 5 bytes JMP 000000010048163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2260] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077471810 5 bytes JMP 0000000100481284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077472840 5 bytes JMP 00000001004819f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2260] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d9eecd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2260] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff676e00 5 bytes JMP 000007ff7f691dac
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2260] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff676f2c 5 bytes JMP 000007ff7f690ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2260] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff677220 5 bytes JMP 000007ff7f691284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2260] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff67739c 5 bytes JMP 000007ff7f69163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2260] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff677538 5 bytes JMP 000007ff7f6919f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2260] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6775e8 5 bytes JMP 000007ff7f6903a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2260] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff67790c 5 bytes JMP 000007ff7f69075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2260] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff677ab4 5 bytes JMP 000007ff7f690b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff676e00 5 bytes JMP 000007ff7f691dac
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff676f2c 5 bytes JMP 000007ff7f690ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff677220 5 bytes JMP 000007ff7f691284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff67739c 5 bytes JMP 000007ff7f69163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff677538 5 bytes JMP 000007ff7f6919f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6775e8 5 bytes JMP 000007ff7f6903a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff67790c 5 bytes JMP 000007ff7f69075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2500] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff677ab4 5 bytes JMP 000007ff7f690b14
.text C:\Windows\system32\SearchIndexer.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077443ae0 5 bytes JMP 00000001001d075c
.text C:\Windows\system32\SearchIndexer.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077447a90 5 bytes JMP 00000001001d03a4
.text C:\Windows\system32\SearchIndexer.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077471490 5 bytes JMP 00000001001d0b14
.text C:\Windows\system32\SearchIndexer.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774714f0 5 bytes JMP 00000001001d0ecc
.text C:\Windows\system32\SearchIndexer.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774715d0 5 bytes JMP 00000001001d163c
.text C:\Windows\system32\SearchIndexer.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077471810 5 bytes JMP 00000001001d1284
.text C:\Windows\system32\SearchIndexer.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077472840 5 bytes JMP 00000001001d19f4
.text C:\Windows\system32\SearchIndexer.exe[2748] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d9eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2748] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff676e00 5 bytes JMP 000007ff7f691dac
.text C:\Windows\system32\SearchIndexer.exe[2748] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff676f2c 5 bytes JMP 000007ff7f690ecc
.text C:\Windows\system32\SearchIndexer.exe[2748] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff677220 5 bytes JMP 000007ff7f691284
.text C:\Windows\system32\SearchIndexer.exe[2748] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff67739c 5 bytes JMP 000007ff7f69163c
.text C:\Windows\system32\SearchIndexer.exe[2748] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff677538 5 bytes JMP 000007ff7f6919f4
.text C:\Windows\system32\SearchIndexer.exe[2748] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6775e8 5 bytes JMP 000007ff7f6903a4
.text C:\Windows\system32\SearchIndexer.exe[2748] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff67790c 5 bytes JMP 000007ff7f69075c
.text C:\Windows\system32\SearchIndexer.exe[2748] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff677ab4 5 bytes JMP 000007ff7f690b14
.text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff676e00 5 bytes JMP 000007ff7f691dac
.text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff676f2c 5 bytes JMP 000007ff7f690ecc
.text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff677220 5 bytes JMP 000007ff7f691284
.text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff67739c 5 bytes JMP 000007ff7f69163c
.text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff677538 5 bytes JMP 000007ff7f6919f4
.text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6775e8 5 bytes JMP 000007ff7f6903a4
.text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff67790c 5 bytes JMP 000007ff7f69075c
.text C:\Windows\system32\svchost.exe[2944] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff677ab4 5 bytes JMP 000007ff7f690b14
.text C:\Windows\system32\wbem\wmiprvse.exe[3000] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff676e00 5 bytes JMP 000007ff7f691dac
.text C:\Windows\system32\wbem\wmiprvse.exe[3000] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff676f2c 5 bytes JMP 000007ff7f690ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[3000] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff677220 5 bytes JMP 000007ff7f691284
.text C:\Windows\system32\wbem\wmiprvse.exe[3000] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff67739c 5 bytes JMP 000007ff7f69163c
.text C:\Windows\system32\wbem\wmiprvse.exe[3000] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff677538 5 bytes JMP 000007ff7f6919f4
.text C:\Windows\system32\wbem\wmiprvse.exe[3000] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6775e8 5 bytes JMP 000007ff7f6903a4
.text C:\Windows\system32\wbem\wmiprvse.exe[3000] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff67790c 5 bytes JMP 000007ff7f69075c
.text C:\Windows\system32\wbem\wmiprvse.exe[3000] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff677ab4 5 bytes JMP 000007ff7f690b14
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2596] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007676a30a 1 byte [62]
.text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077443ae0 5 bytes JMP 00000001001a075c
.text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077447a90 5 bytes JMP 00000001001a03a4
.text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077471490 5 bytes JMP 00000001001a0b14
.text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774714f0 5 bytes JMP 00000001001a0ecc
.text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774715d0 5 bytes JMP 00000001001a163c
.text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077471810 5 bytes JMP 00000001001a1284
.text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077472840 5 bytes JMP 00000001001a19f4
.text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff676e00 5 bytes JMP 000007ff7f691dac
.text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff676f2c 5 bytes JMP 000007ff7f690ecc
.text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff677220 5 bytes JMP 000007ff7f691284
.text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff67739c 5 bytes JMP 000007ff7f69163c
.text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff677538 5 bytes JMP 000007ff7f6919f4
.text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6775e8 5 bytes JMP 000007ff7f6903a4
.text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff67790c 5 bytes JMP 000007ff7f69075c
.text C:\Windows\system32\svchost.exe[2308] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff677ab4 5 bytes JMP 000007ff7f690b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3460] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076d9eecd 1 byte [62]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007761faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007761fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007761fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077620018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077621900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007763c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077641217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007676a30a 1 byte [62]
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076c5ee09 5 bytes JMP 00000001001d01f8
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c63982 5 bytes JMP 00000001001d03fc
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c67603 5 bytes JMP 00000001001d0804
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c6835c 5 bytes JMP 00000001001d0600
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c7f52b 5 bytes JMP 00000001001d0a08
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000755c5181 5 bytes JMP 00000001001e1014
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000755c5254 5 bytes JMP 00000001001e0804
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000755c53d5 5 bytes JMP 00000001001e0a08
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000755c54c2 5 bytes JMP 00000001001e0c0c
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000755c55e2 5 bytes JMP 00000001001e0e10
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000755c567c 5 bytes JMP 00000001001e01f8
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000755c589f 5 bytes JMP 00000001001e03fc
.text C:\Program Files (x86)\ASUS\TurboV\TurboV.exe[3636] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000755c5a22 5 bytes JMP 00000001001e0600
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077443ae0 5 bytes JMP 000000010044075c
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077447a90 5 bytes JMP 00000001004403a4
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077471490 5 bytes JMP 0000000100440b14
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774714f0 5 bytes JMP 0000000100440ecc
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774715d0 5 bytes JMP 000000010044163c
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077471810 5 bytes JMP 0000000100441284
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077472840 5 bytes JMP 00000001004419f4
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077443ae0 5 bytes JMP 000000010038075c
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077447a90 5 bytes JMP 00000001003803a4
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077471490 5 bytes JMP 0000000100380b14
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774714f0 5 bytes JMP 0000000100380ecc
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774715d0 5 bytes JMP 000000010038163c
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077471810 5 bytes JMP 0000000100381284
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077472840 5 bytes JMP 00000001003819f4
.text C:\Windows\System32\svchost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077443ae0 5 bytes JMP 000000010016075c
.text C:\Windows\System32\svchost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077447a90 5 bytes JMP 00000001001603a4
.text C:\Windows\System32\svchost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077471490 5 bytes JMP 0000000100160b14
.text C:\Windows\System32\svchost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000774714f0 5 bytes JMP 0000000100160ecc
.text C:\Windows\System32\svchost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000774715d0 5 bytes JMP 000000010016163c
.text C:\Windows\System32\svchost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077471810 5 bytes JMP 0000000100161284
.text C:\Windows\System32\svchost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077472840 5 bytes JMP 00000001001619f4
.text C:\Windows\System32\svchost.exe[2784] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff676e00 5 bytes JMP 000007ff7f691dac
.text C:\Windows\System32\svchost.exe[2784] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff676f2c 5 bytes JMP 000007ff7f690ecc
.text C:\Windows\System32\svchost.exe[2784] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff677220 5 bytes JMP 000007ff7f691284
.text C:\Windows\System32\svchost.exe[2784] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff67739c 5 bytes JMP 000007ff7f69163c
.text C:\Windows\System32\svchost.exe[2784] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff677538 5 bytes JMP 000007ff7f6919f4
.text C:\Windows\System32\svchost.exe[2784] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6775e8 5 bytes JMP 000007ff7f6903a4
.text C:\Windows\System32\svchost.exe[2784] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff67790c 5 bytes JMP 000007ff7f69075c
.text C:\Windows\System32\svchost.exe[2784] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff677ab4 5 bytes JMP 000007ff7f690b14
.text C:\Users\[Mein Name]\Desktop\2971thvg.exe[2412] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007676a30a 1 byte [62]
---- Services - GMER 2.1 ----
Service C:\Windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!!
Service C:\Windows\System32\Drivers\aswrdr2.sys (*** hidden *** ) [SYSTEM] aswRdr <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [BOOT] aswRvrt <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswSnx.sys (*** hidden *** ) [SYSTEM] aswSnx <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswSP.sys (*** hidden *** ) [SYSTEM] aswSP <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswTdi.sys (*** hidden *** ) [SYSTEM] aswTdi <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswVmm.sys (*** hidden *** ) [BOOT] aswVmm <-- ROOTKIT !!!
Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!!
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 17876
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 2
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 17876
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
---- EOF - GMER 2.1 ----
Geändert von TheDeder (02.03.2013 um 15:30 Uhr) |
|
02.03.2013, 15:38
| #8 | |
| /// TB-Ausbilder | Avast hat eine infizierte Webseite blockiert! Servus, da war GMER mit seiner Meldung nur etwas übervorsichtig. Schritt 1 Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Schritt 2 Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
Code:
ATTFilter activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Bitte poste mit deiner nächsten Antwort
|
|
02.03.2013, 15:48
| #9 |
| | Avast hat eine infizierte Webseite blockiert! Für den OTL Scan wieder die Internetverbindung kappen und auch Avast ausschalten? |
|
02.03.2013, 15:48
| #10 |
| /// TB-Ausbilder | Avast hat eine infizierte Webseite blockiert! Nein, müsste so auch funktionieren. |
|
02.03.2013, 16:16
| #11 |
| | Avast hat eine infizierte Webseite blockiert! So, hier wie vorgegeben die Links / Scans 1. Virustotal - Link https://www.virustotal.com/de/file/abd4afd71b3c2bd3f741bbe3cec52c4fa63ac78d353101d2e7dc4de2725d1ca1/analysis/1362235392/ 2. OTL Scans: Im Anhang zu finden. |
|
02.03.2013, 16:17
| #12 |
| /// TB-Ausbilder | Avast hat eine infizierte Webseite blockiert! Servus, du musst den Link direkt hier einfügen, sonst sehe ich nichts. |
|
02.03.2013, 16:18
| #13 | |
| | Avast hat eine infizierte Webseite blockiert!Zitat:
 |
|
02.03.2013, 16:19
| #14 | |
| /// TB-Ausbilder | Avast hat eine infizierte Webseite blockiert! Servus, ok, danke. So geht es weiter: Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
|
|
02.03.2013, 16:24
| #15 |
| | Avast hat eine infizierte Webseite blockiert! In Ordnung, hier der Link, da scheint wohl mehr drin zu stecken, auch wenn ich nicht weiß was sich dort verbirgt Nach den Angaben soll das ja nen Keygen sein....auch wenn ich sowas nie runtergeladen habe o.O https://www.virustotal.com/de/file/f85cd6f93ba18e642d50bec7fc6aeb9d8751cc49b3be5650dd5c556628545524/analysis/1362237796/ Geändert von TheDeder (02.03.2013 um 16:52 Uhr) |
|
| Themen zu Avast hat eine infizierte Webseite blockiert! |
| avast, blockiert, exploit, fenster, frage, gmer, guten, heute, infektion, infizierte, malwarebytes, nichts, probleme, sachen, seite, seiten, sichere, surfen, system, trojaner, trojanern, viren, virenschutzprogramm, webseite, webseite blockiert |
Textbox.
Linear-Darstellung
