tool öffnet sich wenn ich etwas falsches oder unvollständiges in die Leiste eingebe http://search.incredibar.com/

MIJ

Hallo, ich habe mir irgenwann mal my start bei einem Download eingefangen, ich dachte ich hätte es entfernt aber das scheint nicht so. Der Rechner ist manchmal langsam, schaltet sich von alleine aus und fährt wieder hoch.


Ich bin schon Schritt für Schritt eure Hilfe durchgegangen. OTL.txt und GMer.txt kann ich liefern aber den anderen Text, der zu OTL gehört nicht, hat sich nicht geöffnet.

OTL logfile created on: 05.03.2013 14:09:55 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Mirja\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 69,57% Memory free
3,72 Gb Paging File | 3,33 Gb Available in Paging File | 89,35% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 405,49 Gb Free Space | 87,06% Space Free | Partition Type: NTFS

Computer Name: MIRJA-3DFCAD55E | User Name: Mirja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.05 11:05:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mirja\Eigene Dateien\Downloads\OTL.exe
PRC - [2013.02.27 15:46:10 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.03.10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
PRC - [2009.03.24 03:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.02.10 17:01:49 | 000,116,104 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe
PRC - [2008.04.14 12:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013.03.05 09:12:19 | 002,064,384 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\13030500\algo.dll
MOD - [2013.02.27 21:06:15 | 014,718,320 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll
MOD - [2013.02.27 15:46:09 | 003,067,288 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.12.18 15:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2009.02.10 17:01:49 | 000,116,104 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe
MOD - [2008.04.14 12:00:00 | 000,380,416 | ---- | M] () -- C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll
MOD - [2008.04.14 12:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2013.02.27 21:06:16 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.27 15:46:10 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.03.10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.02.10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.03.09 18:09:24 | 002,116,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.06.30 17:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2009.06.26 15:29:34 | 001,656,960 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (AMBFilt)
DRV - [2009.06.18 03:07:37 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2008.12.02 14:56:00 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (MonFilt)
DRV - [2008.08.01 11:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.08.01 11:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=6PQPpW7JTu&&i=26&search="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.11.13 17:34:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Programme\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.02.27 15:46:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\addlyrics@addlyrics.net: C:\Programme\AddLyrics\FF\

[2011.12.27 16:31:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mirja\Anwendungsdaten\Mozilla\Extensions
[2012.11.11 18:28:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mirja\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcmo68w.default\extensions
[2012.11.11 18:22:26 | 000,002,203 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirja\Anwendungsdaten\Mozilla\Firefox\Profiles\wkcmo68w.default\searchplugins\MyStart Search.xml
[2013.02.27 15:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.13 17:34:18 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMME\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.02.27 15:46:10 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.06.18 22:52:59 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 02:41:21 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.18 22:52:59 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 22:52:59 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 22:52:59 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 22:52:59 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Programme\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - Extension: Docs = C:\Dokumente und Einstellungen\Mirja\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Dokumente und Einstellungen\Mirja\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Mirja\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Mirja\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Mirja\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008.04.14 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Mirja\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 83.169.184.33 83.169.184.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9DE193D-B6D3-4AFD-83A4-01492E91796E}: DhcpNameServer = 192.168.10.1 83.169.184.33 83.169.184.97
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Mirja\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mirja\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.27 16:10:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{987a9e10-4b38-11e1-9964-00306779b278}\Shell\AutoRun\command - "" = I:\RunClubSanDisk.exe
O33 - MountPoints2\{b17c0c30-3096-11e1-9ce1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b17c0c30-3096-11e1-9ce1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b17c0c30-3096-11e1-9ce1-806d6172696f}\Shell\AutoRun\command - "" = H:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.02.27 15:45:56 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.03.05 14:06:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.03.05 14:05:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.03.05 13:58:49 | 000,000,356 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.03.05 13:58:01 | 000,236,466 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2013.03.05 13:57:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.03.05 09:49:13 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirja\defogger_reenable
[2013.02.25 20:31:44 | 000,010,459 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirja\ESt2012_Rothe_Mirja.elfo
[2013.02.25 19:14:27 | 000,000,307 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013.02.24 17:19:33 | 000,356,268 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.02.24 17:19:33 | 000,344,720 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.02.24 17:19:33 | 000,064,736 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.02.24 17:19:33 | 000,053,176 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.03.05 09:49:13 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirja\defogger_reenable
[2013.02.24 17:25:41 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.22 21:14:56 | 000,010,459 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirja\ESt2012_Rothe_Mirja.elfo
[2012.12.30 13:06:23 | 000,000,307 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012.12.10 20:50:33 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2012.09.08 13:14:44 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2012.06.24 09:04:38 | 000,040,160 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012.01.03 19:32:01 | 000,009,728 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirja\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.27 16:19:02 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011.12.27 16:12:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.12.27 16:07:54 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.12.27 16:01:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.12.27 15:59:48 | 000,193,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012.01.11 06:21:25 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 12:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008.04.14 12:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.03.20 10:51:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV
[2011.12.27 16:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.12.18 12:09:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2012.03.29 09:40:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Boss Media
[2012.04.09 09:16:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2012.06.24 08:03:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJ
[2012.05.17 16:48:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEGV
[2012.04.10 17:58:30 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX
[2012.04.09 09:20:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMyPrinter
[2013.02.03 12:23:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM
[2012.06.24 08:03:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2012.04.09 09:20:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJSolutionMenu
[2013.01.13 08:55:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2012.06.09 16:57:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2012.06.04 15:20:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2012.12.30 12:39:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2012.07.09 19:09:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2012.01.31 20:18:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2013.01.19 17:31:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mirja\Anwendungsdaten\bwincom
[2012.06.24 08:03:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mirja\Anwendungsdaten\Canon
[2012.06.09 16:33:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mirja\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.06.04 14:14:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mirja\Anwendungsdaten\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.01.11 06:22:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mirja\Anwendungsdaten\DVDVideoSoft
[2012.01.11 06:22:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mirja\Anwendungsdaten\DVDVideoSoftIEHelpers
[2013.01.13 08:56:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mirja\Anwendungsdaten\elsterformular
[2012.06.09 16:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mirja\Anwendungsdaten\MAGIX
[2012.06.09 16:50:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mirja\Anwendungsdaten\No Company Name
[2012.06.24 09:04:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mirja\Anwendungsdaten\SaalDesignSoftware
[2012.12.10 21:33:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mirja\Anwendungsdaten\TrojanHunter
[2012.06.09 17:18:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mirja\Anwendungsdaten\Ulead Systems

========== Purity Check ==========



< End of report >


GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-05 15:08:31
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 ST350041 rev.CC46 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\DOKUME~1\Mirja\LOKALE~1\Temp\kxpdafow.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xADAC14BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xADB6EC22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xADAC1ED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xADB03811]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xADACCFA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xADACCFF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xADACD176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xADB031C5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xADACCF16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xADACD038]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xADACCF5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xADAC211C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xADACD130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xADAC293E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xADAC1508]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xADB03ED7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xADB0418D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xADAC61C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xADB03D42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xADB03BAD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xADB6ECEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xADAC1170]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xADAC1556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xADAC6534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xADAC33A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xADACCFD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xADACD016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xADACD19A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xADB03521]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xADACCF3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xADAC5C3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xADACD0BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xADACCF86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xADAC5F14]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xADACD154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xADB6EE4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xADB03A28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xADAC3272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xADB0387A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xADAC2DD4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xADB7B7D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xADB02838]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xADAC15A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xADAC15F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xADAC27BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xADAC11FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xADAC13AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xADB03FDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xADAC1350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xADAC2AF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xADAC2C54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xADAC141A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xADAC24D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xADAC2636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xADB6D41C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xADAC1640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xADAC1F1A]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xADB87E56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D10 8050459C 4 Bytes [EA, EC, B6, AD]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F10 8050479C 12 Bytes [A4, 15, AC, AD, F2, 15, AC, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504844 12 Bytes [F8, 2A, AC, AD, 54, 2C, AC, ...] {CLC ; SUB CH, [EBP+EBP*4-0x5253d3ac]; SBB DL, [ESP+EBP*4]; LODSD }
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A648C 4 Bytes CALL ADAC3A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC512 5 Bytes JMP ADB84CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F96 5 Bytes JMP ADB86810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1136 7 Bytes JMP ADB87E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB0699360, 0x3CDCE5, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF809FDF 5 Bytes JMP ADAC7B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 3625 BF80CF90 5 Bytes JMP ADAC7A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138FE 5 Bytes JMP ADAC79F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP ADAC6688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 199A BF820E6C 5 Bytes JMP ADAC70A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 7657 BF82868B 5 Bytes JMP ADAC67C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 698 BF838560 5 Bytes JMP ADAC7CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + BB6 BF838A7E 5 Bytes JMP ADAC78FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 3605 BF83B4CD 5 Bytes JMP ADAC7EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP ADAC6834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 113C6 BF84928E 5 Bytes JMP ADAC7090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 2E60 BF852720 5 Bytes JMP ADAC716A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP ADAC6670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 84B4 BF857D74 5 Bytes JMP ADAC7E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 23AD BF873983 5 Bytes JMP ADAC7BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 37BB BF87882D 5 Bytes JMP ADAC7A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 3617 BF88FFB6 5 Bytes JMP ADAC6CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 413A BF890AD9 5 Bytes JMP ADAC6E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF8ADD61 5 Bytes JMP ADAC7182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4B52 BF8B3770 5 Bytes JMP ADAC6C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4BDD BF8B37FB 5 Bytes JMP ADAC6EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP ADAC6944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP ADAC656A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 9006 BF8F4FC9 5 Bytes JMP ADAC70C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP ADAC6A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP ADAC6B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP ADAC6760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP ADAC68F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F29 BF915BA7 5 Bytes JMP ADAC6FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1931 BF9438F8 5 Bytes JMP ADAC7D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 2.1 ----

.text C:\Programme\Canon\IJPLM\IJPLMSVC.EXE[480] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 003801F8
.text C:\Programme\Canon\IJPLM\IJPLMSVC.EXE[480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Canon\IJPLM\IJPLMSVC.EXE[480] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 003803FC
.text C:\Programme\Canon\IJPLM\IJPLMSVC.EXE[480] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[604] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[664] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[664] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[688] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[688] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[916] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[916] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text c:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe[1120] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 003801F8
.text c:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe[1120] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text c:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe[1120] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 003803FC
.text c:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe[1120] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1128] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1128] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[1484] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[1484] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[1484] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1628] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1628] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1688] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1688] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[1852] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[1868] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe[1868] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\avastUI.exe[1896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\avastUI.exe[1896] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[1916] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Canon\MyPrinter\BJMyPrt.exe[1916] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1924] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!SetServiceObjectSecurity 77E06D59 5 Bytes JMP 00A71014
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!ChangeServiceConfigA 77E06E41 5 Bytes JMP 00A70804
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!ChangeServiceConfigW 77E06FD9 5 Bytes JMP 00A70A08
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!ChangeServiceConfig2A 77E070D9 5 Bytes JMP 00A70C0C
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!ChangeServiceConfig2W 77E07161 5 Bytes JMP 00A70E10
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!CreateServiceA 77E071E9 5 Bytes JMP 00A701F8
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!CreateServiceW 77E07381 5 Bytes JMP 00A703FC
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!DeleteService 77E07489 5 Bytes JMP 00A70600
.text C:\WINDOWS\system32\ctfmon.exe[1964] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1964] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Messenger\msmsgs.exe[1972] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Messenger\msmsgs.exe[1972] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2852] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[2852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2852] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[2852] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3508] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3508] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Dokumente und Einstellungen\Mirja\Desktop\gmer_2.1.19155.exe[3548] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Dokumente und Einstellungen\Mirja\Desktop\gmer_2.1.19155.exe[3548] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3724] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wuauclt.exe[3724] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3724] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\wuauclt.exe[3724] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3724] ADVAPI32.dll!SetServiceObjectSecurity 77E06D59 5 Bytes JMP 00371014
.text C:\WINDOWS\system32\wuauclt.exe[3724] ADVAPI32.dll!ChangeServiceConfigA 77E06E41 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\wuauclt.exe[3724] ADVAPI32.dll!ChangeServiceConfigW 77E06FD9 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\wuauclt.exe[3724] ADVAPI32.dll!ChangeServiceConfig2A 77E070D9 5 Bytes JMP 00370C0C
.text C:\WINDOWS\system32\wuauclt.exe[3724] ADVAPI32.dll!ChangeServiceConfig2W 77E07161 5 Bytes JMP 00370E10
.text C:\WINDOWS\system32\wuauclt.exe[3724] ADVAPI32.dll!CreateServiceA 77E071E9 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\wuauclt.exe[3724] ADVAPI32.dll!CreateServiceW 77E07381 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\wuauclt.exe[3724] ADVAPI32.dll!DeleteService 77E07489 5 Bytes JMP 00370600
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 01598BF0 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 002D03FC
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] KERNEL32.dll!lstrlenW + 43 7C809ADC 7 Bytes JMP 018E7FF0 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B990 7 Bytes JMP 018E7FCD C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] KERNEL32.dll!ValidateLocale + B1E8 7C8449F8 7 Bytes JMP 015AF1AD C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 025A0804
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 025A0A08
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 025A0600
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 025A01F8
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 025A03FC
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] GDI32.dll!SetDIBitsToDevice + 209 77EF9E04 7 Bytes JMP 018E7F4E C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] ADVAPI32.dll!SetServiceObjectSecurity 77E06D59 5 Bytes JMP 048F1014
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] ADVAPI32.dll!ChangeServiceConfigA 77E06E41 5 Bytes JMP 048F0804
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] ADVAPI32.dll!ChangeServiceConfigW 77E06FD9 5 Bytes JMP 048F0A08
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] ADVAPI32.dll!ChangeServiceConfig2A 77E070D9 5 Bytes JMP 048F0C0C
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] ADVAPI32.dll!ChangeServiceConfig2W 77E07161 5 Bytes JMP 048F0E10
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] ADVAPI32.dll!CreateServiceA 77E071E9 5 Bytes JMP 048F01F8
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] ADVAPI32.dll!CreateServiceW 77E07381 5 Bytes JMP 048F03FC
.text C:\Programme\Mozilla Firefox\firefox.exe[3896] ADVAPI32.dll!DeleteService 77E07489 5 Bytes JMP 048F0600

---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 2.1 ----