| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verdacht auf Virus ( Versucht ihn alleine los zu werden mit Combofix )Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.06.2013, 15:02
| #1 |
| |  Verdacht auf Virus ( Versucht ihn alleine los zu werden mit Combofix ) Hey, hatte den Verdacht auf einen Virus da mein Internet langsam wurde und Firefox immer öfter gehangen hat oder es einfach ewig brauchte um etwas zu öffnen. Habe mir dann Combofix gedownloadet und ausgeführt, es hat auch was gefunden und gelöscht, leider habe ich danach Combofix wieder deinstalliert und die Logs sind jetzt weg  1.Defogger-Log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:12 on 04/06/2013 (Denis)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
2.OTL-Log ( OTL.txt ) Code:
ATTFilter OTL logfile created on: 04.06.2013 15:18:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Denis\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,28% Memory free 8,00 Gb Paging File | 6,77 Gb Available in Paging File | 84,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,07 Gb Total Space | 300,03 Gb Free Space | 50,34% Space Free | Partition Type: NTFS Computer Name: DENIS-PC | User Name: Denis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.04 15:18:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Denis\Desktop\OTL.exe PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.05.16 16:38:28 | 001,213,216 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe PRC - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2013.04.19 10:49:42 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe PRC - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.09.24 17:56:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe ========== Modules (No Company Name) ========== MOD - [2012.11.22 18:57:06 | 000,056,424 | ---- | M] () -- C:\Windows\SysWOW64\PrxerNsp.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.06.03 15:20:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.03 13:57:36 | 000,034,528 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2013.05.24 01:47:25 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.19 10:49:42 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc) SRV - [2013.04.19 10:49:20 | 000,393,032 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.10.17 22:17:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.09.24 17:56:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2013.04.04 16:24:45 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2013.02.08 16:45:38 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2012.10.11 05:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam) DRV:64bit: - [2012.10.11 05:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.02.24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV:64bit: - [2006.11.10 15:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool) DRV - [2013.04.19 10:49:34 | 000,070,984 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.02.24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 2206731 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 7C 27 A8 90 C2 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{DCD039D7-0E3E-42A2-8370-E397BF16075A}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "eBay" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.33 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.http: "www-proxy.t-online.de" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.03.01 02:21:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.04 02:03:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.24 01:47:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.24 01:47:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.24 01:47:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.24 01:47:21 | 000,000,000 | ---D | M] [2012.09.14 00:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\Extensions [2013.06.02 20:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\Firefox\Profiles\2lofht7a.default\extensions [2013.06.02 20:04:14 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Denis\AppData\Roaming\mozilla\Firefox\Profiles\2lofht7a.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2012.10.13 01:46:30 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Denis\AppData\Roaming\mozilla\Firefox\Profiles\2lofht7a.default\extensions\de-DE@dictionaries.addons.mozilla.org [2013.04.05 15:45:03 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Denis\AppData\Roaming\mozilla\Firefox\Profiles\2lofht7a.default\extensions\ich@maltegoetz.de [2012.12.11 18:52:37 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\2lofht7a.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.03.22 23:57:30 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\2lofht7a.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013.05.09 15:07:43 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\2lofht7a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.23 17:42:08 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Denis\AppData\Roaming\mozilla\firefox\profiles\2lofht7a.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.05.24 01:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.24 01:47:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.06.03 15:46:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Denis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\PrxerNsp.dll () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\PrxerDrv.dll (Initex) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\PrxerNsp.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.21.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{290886D4-FD22-4A17-B17A-2A5FAACD3783}: DhcpNameServer = 172.16.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB76360F-7D88-4F9D-9EDF-CB77F20DF522}: NameServer = 213.191.92.87 62.109.123.6 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE40D8B8-E047-43B4-882C-E9077F359F2E}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1 [2013.06.04 15:18:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Denis\Desktop\OTL.exe [2013.06.04 02:03:44 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.06.04 02:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.06.04 02:03:42 | 000,378,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.06.04 02:03:38 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013.06.04 02:03:35 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013.06.04 02:03:33 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.06.04 02:03:26 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.06.04 02:03:03 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.06.03 17:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows [2013.06.03 17:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN [2013.06.03 17:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN [2013.06.03 16:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.06.03 16:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.06.03 16:30:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.03 16:30:10 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.03 16:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.06.03 16:15:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.03 16:14:33 | 000,000,000 | --SD | C] -- C:\combofix [2013.06.03 15:50:35 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.06.03 15:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.06.03 15:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.06.03 15:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.06.03 15:21:01 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Macromedia [2013.06.03 15:21:01 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\Macromedia [2013.06.01 18:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.06.01 18:15:33 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mass Effect 2 [2013.06.01 18:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 2 [2013.06.01 17:58:57 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\NVIDIA [2013.06.01 17:56:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect 2 [2013.06.01 17:56:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare [2013.06.01 17:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect Deluxe Edition [2013.06.01 17:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect Deluxe Edition [2013.06.01 17:29:01 | 000,000,000 | ---D | C] -- C:\Users\Denis\Documents\BioWare [2013.05.29 18:37:32 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\NVIDIA [2013.05.29 18:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.05.29 18:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.05.29 18:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.05.29 18:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.05.29 18:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.05.29 18:26:06 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.05.29 12:42:10 | 000,000,000 | ---D | C] -- C:\1eb28485d68cce20035c4f7f74a0a7 [2013.05.25 18:59:48 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\ATI [2013.05.25 18:59:48 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\ATI [2013.05.25 18:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2013.05.24 01:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.22 22:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\TAP-Windows [2013.05.16 15:21:24 | 000,000,000 | ---D | C] -- C:\Users\Denis\Documents\4A Games [2013.05.16 15:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED [2013.05.16 14:32:45 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\4A Games [2013.05.16 14:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4A Games [2013.05.16 14:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4A Games [2013.05.14 00:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks [2013.05.14 00:55:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks [2013.05.14 00:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup [2013.05.14 00:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks [2013.05.12 18:54:15 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ [2013.05.09 22:33:51 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Malwarebytes [2013.05.09 22:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.09 22:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.09 22:33:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.09 22:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.09 19:18:27 | 000,000,000 | ---D | C] -- C:\Users\Denis\Desktop\## [2013.05.09 18:59:29 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\Proxifier [2013.05.09 18:59:13 | 000,103,016 | ---- | C] (Initex) -- C:\Windows\SysNative\ProxifierShellExt.dll [2013.05.09 18:59:13 | 000,091,240 | ---- | C] (Initex) -- C:\Windows\SysWow64\ProxifierShellExt.dll [2013.05.09 18:59:13 | 000,076,392 | ---- | C] (Initex) -- C:\Windows\SysNative\PrxerDrv.dll [2013.05.09 18:59:13 | 000,070,248 | ---- | C] (Initex) -- C:\Windows\SysWow64\PrxerDrv.dll [2013.05.09 18:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proxifier [2013.05.09 18:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proxifier [2013.05.09 16:51:52 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\LolClient [2013.05.09 16:02:45 | 000,000,000 | ---D | C] -- C:\Riot Games [2013.05.09 15:54:23 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Local\Programs [2013.05.09 15:53:56 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft [2013.05.08 19:14:38 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\ICQM [2013.05.08 19:14:29 | 000,000,000 | ---D | C] -- C:\Users\Denis\AppData\Roaming\ICQ-Profile [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.04 15:18:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Denis\Desktop\OTL.exe [2013.06.04 15:12:14 | 000,000,000 | ---- | M] () -- C:\Users\Denis\defogger_reenable [2013.06.04 15:11:52 | 000,050,477 | ---- | M] () -- C:\Users\Denis\Desktop\Defogger.exe [2013.06.04 14:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.04 14:27:41 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.04 14:27:40 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.04 14:19:49 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013.06.04 14:19:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.04 14:19:02 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2013.06.04 02:03:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.06.03 15:46:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.16 18:24:11 | 000,000,000 | ---- | M] () -- C:\Users\Denis\Documents\ts3_clientui-win64-1365064384-2013-05-16 18_24_11.946689.dmp [2013.05.16 13:49:23 | 000,295,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.16 03:04:31 | 001,634,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.16 03:04:31 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.16 03:04:31 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.16 03:04:31 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.16 03:04:31 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.12 23:42:27 | 000,020,536 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.05.09 10:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.05.08 16:13:10 | 003,165,737 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.04 15:12:14 | 000,000,000 | ---- | C] () -- C:\Users\Denis\defogger_reenable [2013.06.04 15:11:52 | 000,050,477 | ---- | C] () -- C:\Users\Denis\Desktop\Defogger.exe [2013.06.04 02:03:30 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.06.04 02:03:27 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013.06.03 15:20:08 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.29 18:29:01 | 003,165,737 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2013.05.29 18:27:18 | 000,020,536 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.05.16 18:24:11 | 000,000,000 | ---- | C] () -- C:\Users\Denis\Documents\ts3_clientui-win64-1365064384-2013-05-16 18_24_11.946689.dmp [2013.05.09 18:59:13 | 000,057,448 | ---- | C] () -- C:\Windows\SysNative\PrxerNsp.dll [2013.05.09 18:59:13 | 000,056,424 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll [2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013.03.29 03:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2013.03.29 03:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2013.03.14 01:41:41 | 000,007,597 | ---- | C] () -- C:\Users\Denis\AppData\Local\resmon.resmoncfg [2013.02.10 03:24:50 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013.01.12 03:15:39 | 001,382,400 | ---- | C] () -- C:\Windows\Data.dll [2013.01.04 16:50:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.04 16:50:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.04 16:50:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.04 16:50:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.04 16:50:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.22 21:15:02 | 000,000,600 | ---- | C] () -- C:\Users\Denis\AppData\Local\PUTTY.RND [2012.09.24 17:49:19 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.24 17:47:27 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.09.24 17:47:25 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.09.24 17:47:24 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.06.19 21:37:54 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.05.27 03:24:17 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.03.05 15:18:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.01 18:30:15 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\.minecraft [2012.09.08 17:34:57 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2013.05.12 19:06:05 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\ICQ-Profile [2013.05.12 18:54:07 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\ICQM [2013.05.09 16:51:52 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\LolClient [2013.04.28 17:21:11 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\Notepad++ [2012.03.23 17:16:10 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\OpenOffice.org [2013.05.09 18:59:29 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\Proxifier [2012.03.14 23:40:01 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\TeamViewer [2013.06.04 14:56:39 | 000,000,000 | ---D | M] -- C:\Users\Denis\AppData\Roaming\TS3Client ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1242 bytes -> C:\ProgramData\Microsoft:banxbnFvkkBs7wunEVwRr5ddI @Alternate Data Stream - 1212 bytes -> C:\Users\Denis\AppData\Local\Temp:ae5QBLgj7rLfvZEH64ORuBid @Alternate Data Stream - 1157 bytes -> C:\ProgramData\Microsoft:IDLRUQrUamcIRmDfrWxjKGR < End of report > 2.OTL-Log ( Extra.txt ) Code:
ATTFilter OTL Extras logfile created on: 04.06.2013 15:18:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Denis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,28% Memory free
8,00 Gb Paging File | 6,77 Gb Available in Paging File | 84,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 300,03 Gb Free Space | 50,34% Space Free | Partition Type: NTFS
Computer Name: DENIS-PC | User Name: Denis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0437044C-5296-4E1A-9256-400A2E5174D8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{047B058C-D303-413A-92AC-E6578EEE39CD}" = lport=445 | protocol=6 | dir=in | app=system |
"{27374289-A329-4D29-B0E9-BC62772B0E4E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2902D0A1-19F7-4866-9707-9254B11F690F}" = rport=445 | protocol=6 | dir=out | app=system |
"{36BAFE44-FDCE-45E0-A474-2AFCFC7F2262}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{473FDDFB-01E8-4AFE-A70A-23D50ABAEE82}" = rport=10243 | protocol=6 | dir=out | app=system |
"{574740C5-745F-47D9-AB74-0C1E11E96E40}" = rport=139 | protocol=6 | dir=out | app=system |
"{5B17C2F2-3F72-42DE-8B18-9D7B7E698672}" = lport=137 | protocol=17 | dir=in | app=system |
"{62E40E0B-DFCA-4B10-B7D8-8DED96A24FE7}" = rport=138 | protocol=17 | dir=out | app=system |
"{642B24A8-BA99-4DD6-AE09-456E9196D703}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6CD2F76B-725E-488B-9C59-ED9AC404B1F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7878F955-F75A-4BF3-A4A2-C4357A320EEC}" = rport=137 | protocol=17 | dir=out | app=system |
"{84327447-1035-4037-9012-226C47761EBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C74F380-ED2F-4158-BC58-393C88942F37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A300A60A-9A69-4D66-9B4C-0C56A46C3E09}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A4222743-9B3B-479D-BE1B-48A3D9F53101}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AA790B86-C0F0-4D70-AC12-9CF8C8C94213}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B406CFC3-F0B7-4BEC-9782-95157B13BBCB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C10D5ADD-D46F-4E12-85EF-60B6C7087C16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD134509-22AB-4F31-873A-AB9A52FAA3D6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DFFBF9E9-7013-4831-8600-4443FF769FBB}" = lport=139 | protocol=6 | dir=in | app=system |
"{E08FF9F6-EDE3-4E89-A241-C39CD2B1F1AB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F3A8567B-9B5A-48FD-B4EA-6E1A040D2311}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C9C766-6FDD-4E12-8C1F-DF7B58965B8E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{14458ABA-E06D-4F0D-B8D5-3C98435E6FAD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{15848F17-19BB-4EE6-9C40-625EBCD2D1FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{202575F7-439F-4E8C-81F0-77B2E7E5D5A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
"{2455875B-8536-485A-87E4-874B2227400A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28EE513C-21B0-49CF-AAA2-524114DCBCB4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{317D625D-CF7A-4074-80C6-B58055CC01A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{34BAAE96-E998-4382-BC87-F326845DA99D}" = protocol=6 | dir=out | app=system |
"{3D45616D-6D2C-40B7-9F36-A82BB3D46EFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{4B2F2E29-1712-44F5-A64C-22CB41906E74}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4E0EB6AE-890C-4D3F-A1FF-A9CB7EE092AD}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{50729A65-C349-4EE0-A1A4-CAC65CF4BA09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5082A1FE-6C6A-4B07-BAEC-718040B5EC9B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5A418909-6F6D-41FB-8429-CAC1510AAA12}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{6386CE1C-1E4C-4FAC-858C-9B88BFC71229}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{65878C72-761D-4C3E-8BE5-BD0E10FFFAC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
"{676AF417-E840-4A43-8156-6E8169C1AAB4}" = dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{6BB1B021-592F-4A2B-865C-7460A65643AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{72401904-5A5D-48C6-BD9F-91E3E8A5A826}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{757EDEE8-A5E5-46BE-8F4C-4B02796C21D1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77101B6D-6FD3-4BF6-B016-AFB89C6B88D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{783641BA-4376-46E1-80AA-A2869312587F}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"{78458307-3543-4717-9637-415A860CDF01}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{7AB224AD-7716-4269-A20B-BFEE33805488}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D43859B-F9D6-4412-B16D-DCC21A623A68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{7F450FBC-9187-4627-999A-756F4B4A04F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{81C31666-6AE0-41B5-9A55-766A944E6D52}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{90DB159D-E5A1-4737-A695-0085D70F4898}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{910EF74B-1253-4DEE-833F-D1F04955574F}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{95244599-B4A6-4598-9194-2B59F1D7E3A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9547983E-92C5-4143-80AC-D30A85A2EFF3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9D2E0473-E657-4DCB-8AF8-847E3B9F0394}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{9E828D41-D66E-4F14-975C-799684717FFF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{9EF0329A-F051-4CAC-8C1A-6DCAC02BD64B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{A33E021C-A041-4267-BB53-B2FEBFBEA92A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A38C59F4-963E-4295-81E0-F662B7661606}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{AE6403B0-CF73-4B48-B91B-D2FCE3E93E08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B03A0E9F-A30E-48BD-9EBE-DABDDE9EFE09}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{B0702EDD-EEE6-45DD-8790-89127C8F3524}" = dir=out | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{BC391938-AE66-4C4C-97AE-F5C33C326D2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{BE2E9F2A-E7A9-4552-9CDF-0784C80F0FAE}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.0\cnc3game.dat |
"{C48137C9-8B47-4F11-9782-CA8F61F16738}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D1686D0E-3DC3-4B68-BEE3-DA794C424888}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D22D02C2-CF1A-49B8-9D79-5A5E4F4DBCF4}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"{D3322A1C-EA56-40CA-8B83-7C08AF7989E3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D4B83063-5AA3-485B-9025-3286C6828F08}" = protocol=17 | dir=in | app=c:\users\denis\appdata\roaming\icqm\icq.exe |
"{DECD0946-3BF1-459D-9E2D-9AD67EE8A767}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{E4E8EF2F-B5A4-4D10-B637-034FC377755C}" = protocol=6 | dir=in | app=c:\users\denis\appdata\roaming\icqm\icq.exe |
"{E5C4CBF4-8F3D-4CB2-A80C-AE85233A777F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC620C8E-8206-4D14-B5AC-81099819A755}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F5D8C9E6-A2C0-4025-B87F-1A453AD5CABC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{035D3868-A7A2-4978-9474-50E55DA273F1}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{3CACB7A9-0310-4F04-A9A1-0CE2F3FC3C60}C:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"TCP Query User{5382B0C2-6778-4CE4-90A6-857A135B961F}C:\program files (x86)\activision\call of duty black ops ii\t6sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty black ops ii\t6sp.exe |
"TCP Query User{BACD2CAE-37FE-413F-9809-C7ECF35150A5}C:\program files (x86)\steam\steamapps\l3b3l\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\l3b3l\counter-strike source\hl2.exe |
"TCP Query User{F7779702-ACD3-4666-866D-1AA8FD171070}C:\program files (x86)\4a games\metro last light\metrollbenchmark.exe" = protocol=6 | dir=in | app=c:\program files (x86)\4a games\metro last light\metrollbenchmark.exe |
"UDP Query User{27772E25-C502-4881-9F84-C1DA2D2B899B}C:\program files (x86)\4a games\metro last light\metrollbenchmark.exe" = protocol=17 | dir=in | app=c:\program files (x86)\4a games\metro last light\metrollbenchmark.exe |
"UDP Query User{7786AD6F-E321-4904-B1AF-6492B6501EBF}C:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"UDP Query User{D7AEF958-2142-4950-9297-99708DFA3D59}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{F5C5BA4C-6A47-4094-B578-6F2D17EF8269}C:\program files (x86)\activision\call of duty black ops ii\t6sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty black ops ii\t6sp.exe |
"UDP Query User{F9C66A96-E3AE-4471-9B6C-3AD19DA2CDDF}C:\program files (x86)\steam\steamapps\l3b3l\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\l3b3l\counter-strike source\hl2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"OpenVPN" = OpenVPN 2.3.2-I001
"TAP-Windows" = TAP-Windows 9.9.2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{33E91A0A-2450-47F4-A5E8-3DFE99F73BA4}_is1" = Metro: Last Light
"{4198AE83-A3C6-4C41-85C8-EC63E990696E}" = Crysis®3
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A4B004B0-B6D3-4BA8-B012-3F79A931CF9E}" = BlueStacks Notification Center
"{A5C7818C-27AC-4A71-BEDF-BA5652D2CC36}_is1" = Mass Effect Deluxe Edition
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Black Ops 2 Deutsch Patch-TokZic 1.0" = Black Ops 2 Deutsch Patch-TokZic 1.0
"BlueStacks App Player" = BlueStacks App Player
"Call of Duty Black Ops II_is1" = Call of Duty Black Ops II
"Cross Fire_is1" = Cross Fire En
"Crossfire Europe" = Crossfire Europe
"DivX Setup" = DivX-Setup
"Hitman Absolution_is1" = Hitman Absolution
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PowerTeacher_is1" = PowerTeacher Version 23.04.026.R122
"Proxifier_is1" = Proxifier version 3.21
"PunkBusterSvc" = PunkBuster Services
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 209870" = Blacklight: Retribution
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 730" = Counter-Strike: Global Offensive
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ICQ" = ICQ 8.0 (build 6019)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.06.2013 11:37:03 | Computer Name = Denis-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 03.06.2013 11:37:03 | Computer Name = Denis-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 03.06.2013 11:37:03 | Computer Name = Denis-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 03.06.2013 11:37:03 | Computer Name = Denis-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 03.06.2013 11:37:03 | Computer Name = Denis-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 03.06.2013 11:37:03 | Computer Name = Denis-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 03.06.2013 11:46:02 | Computer Name = Denis-PC | Source = VSS | ID = 8193
Description =
Error - 03.06.2013 11:49:35 | Computer Name = Denis-PC | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 04.06.2013 08:18:20 | Computer Name = Denis-PC | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 04.06.2013 08:19:58 | Computer Name = Denis-PC | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
[ System Events ]
Error - 03.06.2013 11:37:23 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 03.06.2013 11:37:28 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 03.06.2013 11:37:28 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 03.06.2013 11:37:29 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 03.06.2013 11:37:29 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 03.06.2013 11:37:29 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 03.06.2013 11:37:29 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 03.06.2013 11:49:35 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 04.06.2013 08:18:20 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 04.06.2013 08:19:58 | Computer Name = Denis-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
< End of report >
|
|
04.06.2013, 15:04
| #2 |
| | Verdacht auf Virus ( Versucht ihn alleine los zu werden mit Combofix ) Sry für Doppelpost aber das alles passt nicht in ein Beitrag rein :
__________________3.Gmer-Log Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-04 15:58:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6400AACS-00D6B1 rev.01.01A01 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Denis\AppData\Local\Temp\kgloapod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033a9000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 614 fffff800033a9036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 3
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 128
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770a13c0 5 bytes JMP 0000000149d50470
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770a1410 5 bytes JMP 0000000149d50460
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770a1570 5 bytes JMP 0000000149d50370
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770a15c0 5 bytes JMP 0000000149d50480
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770a15d0 5 bytes JMP 0000000149d503e0
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000770a1680 5 bytes JMP 0000000149d50320
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770a16b0 5 bytes JMP 0000000149d503b0
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770a16d0 5 bytes JMP 0000000149d50390
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770a1710 5 bytes JMP 0000000149d502e0
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000770a1760 5 bytes JMP 0000000149d50440
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000770a1790 5 bytes JMP 0000000149d502d0
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770a17b0 5 bytes JMP 0000000149d50310
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770a17f0 5 bytes JMP 0000000149d503c0
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770a1840 5 bytes JMP 0000000149d503f0
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770a19a0 1 byte JMP 0000000149d50230
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770a19a2 3 bytes {JMP 0xffffffffd2cae890}
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770a1b60 5 bytes JMP 0000000149d50490
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000770a1b90 5 bytes JMP 0000000149d503a0
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000770a1c70 5 bytes JMP 0000000149d502f0
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000770a1c80 5 bytes JMP 0000000149d50350
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000770a1ce0 5 bytes JMP 0000000149d50290
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000770a1d70 5 bytes JMP 0000000149d502b0
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770a1d90 5 bytes JMP 0000000149d503d0
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000770a1da0 1 byte JMP 0000000149d50330
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000770a1da2 3 bytes {JMP 0xffffffffd2cae590}
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000770a1e10 5 bytes JMP 0000000149d50410
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000770a1e40 5 bytes JMP 0000000149d50240
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770a2100 5 bytes JMP 0000000149d501e0
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770a21c0 1 byte JMP 0000000149d50250
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770a21c2 3 bytes {JMP 0xffffffffd2cae090}
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770a21f0 5 bytes JMP 0000000149d504a0
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770a2200 5 bytes JMP 0000000149d504b0
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770a2230 5 bytes JMP 0000000149d50300
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770a2240 5 bytes JMP 0000000149d50360
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770a22a0 5 bytes JMP 0000000149d502a0
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770a22f0 5 bytes JMP 0000000149d502c0
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770a2320 5 bytes JMP 0000000149d50380
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770a2330 5 bytes JMP 0000000149d50340
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770a2620 5 bytes JMP 0000000149d50450
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770a2820 5 bytes JMP 0000000149d50260
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770a2830 5 bytes JMP 0000000149d50270
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770a2840 5 bytes JMP 0000000149d50400
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770a2a00 5 bytes JMP 0000000149d501f0
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770a2a10 5 bytes JMP 0000000149d50210
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000770a2a80 5 bytes JMP 0000000149d50200
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000770a2ae0 5 bytes JMP 0000000149d50420
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000770a2af0 5 bytes JMP 0000000149d50430
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000770a2b00 5 bytes JMP 0000000149d50220
.text C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000770a2be0 5 bytes JMP 0000000149d50280
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770a13c0 5 bytes JMP 0000000077200470
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770a1410 5 bytes JMP 0000000077200460
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770a1570 5 bytes JMP 0000000077200370
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770a15c0 5 bytes JMP 0000000077200480
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770a15d0 5 bytes JMP 00000000772003e0
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000770a1680 5 bytes JMP 0000000077200320
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770a16b0 5 bytes JMP 00000000772003b0
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770a16d0 5 bytes JMP 0000000077200390
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770a1710 5 bytes JMP 00000000772002e0
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000770a1760 5 bytes JMP 0000000077200440
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000770a1790 5 bytes JMP 00000000772002d0
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770a17b0 5 bytes JMP 0000000077200310
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770a17f0 5 bytes JMP 00000000772003c0
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770a1840 5 bytes JMP 00000000772003f0
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770a19a0 1 byte JMP 0000000077200230
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770a1b60 5 bytes JMP 0000000077200490
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000770a1b90 5 bytes JMP 00000000772003a0
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000770a1c70 5 bytes JMP 00000000772002f0
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000770a1c80 5 bytes JMP 0000000077200350
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000770a1ce0 5 bytes JMP 0000000077200290
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000770a1d70 5 bytes JMP 00000000772002b0
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770a1d90 5 bytes JMP 00000000772003d0
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000770a1da0 1 byte JMP 0000000077200330
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000770a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000770a1e10 5 bytes JMP 0000000077200410
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000770a1e40 5 bytes JMP 0000000077200240
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770a2100 5 bytes JMP 00000000772001e0
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770a21c0 1 byte JMP 0000000077200250
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770a21f0 5 bytes JMP 00000000772004a0
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770a2200 5 bytes JMP 00000000772004b0
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770a2230 5 bytes JMP 0000000077200300
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770a2240 5 bytes JMP 0000000077200360
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770a22a0 5 bytes JMP 00000000772002a0
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770a22f0 5 bytes JMP 00000000772002c0
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770a2320 5 bytes JMP 0000000077200380
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770a2330 5 bytes JMP 0000000077200340
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770a2620 5 bytes JMP 0000000077200450
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770a2820 5 bytes JMP 0000000077200260
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770a2830 5 bytes JMP 0000000077200270
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770a2840 5 bytes JMP 0000000077200400
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770a2a00 5 bytes JMP 00000000772001f0
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770a2a10 5 bytes JMP 0000000077200210
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000770a2a80 5 bytes JMP 0000000077200200
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000770a2ae0 5 bytes JMP 0000000077200420
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000770a2af0 5 bytes JMP 0000000077200430
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000770a2b00 5 bytes JMP 0000000077200220
.text C:\Windows\system32\wininit.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000770a2be0 5 bytes JMP 0000000077200280
.text C:\Windows\system32\wininit.exe[520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2eecd 1 byte [62]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 3
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 2
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 128
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770a13c0 5 bytes JMP 0000000149d50470
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770a1410 5 bytes JMP 0000000149d50460
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770a1570 5 bytes JMP 0000000149d50370
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770a15c0 5 bytes JMP 0000000149d50480
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770a15d0 5 bytes JMP 0000000149d503e0
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000770a1680 5 bytes JMP 0000000149d50320
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770a16b0 5 bytes JMP 0000000149d503b0
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770a16d0 5 bytes JMP 0000000149d50390
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770a1710 5 bytes JMP 0000000149d502e0
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000770a1760 5 bytes JMP 0000000149d50440
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000770a1790 5 bytes JMP 0000000149d502d0
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770a17b0 5 bytes JMP 0000000149d50310
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770a17f0 5 bytes JMP 0000000149d503c0
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770a1840 5 bytes JMP 0000000149d503f0
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770a19a0 1 byte JMP 0000000149d50230
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770a19a2 3 bytes {JMP 0xffffffffd2cae890}
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770a1b60 5 bytes JMP 0000000149d50490
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000770a1b90 5 bytes JMP 0000000149d503a0
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000770a1c70 5 bytes JMP 0000000149d502f0
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000770a1c80 5 bytes JMP 0000000149d50350
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000770a1ce0 5 bytes JMP 0000000149d50290
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000770a1d70 5 bytes JMP 0000000149d502b0
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770a1d90 5 bytes JMP 0000000149d503d0
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000770a1da0 1 byte JMP 0000000149d50330
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000770a1da2 3 bytes {JMP 0xffffffffd2cae590}
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000770a1e10 5 bytes JMP 0000000149d50410
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000770a1e40 5 bytes JMP 0000000149d50240
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770a2100 5 bytes JMP 0000000149d501e0
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770a21c0 1 byte JMP 0000000149d50250
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770a21c2 3 bytes {JMP 0xffffffffd2cae090}
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770a21f0 5 bytes JMP 0000000149d504a0
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770a2200 5 bytes JMP 0000000149d504b0
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770a2230 5 bytes JMP 0000000149d50300
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770a2240 5 bytes JMP 0000000149d50360
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770a22a0 5 bytes JMP 0000000149d502a0
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770a22f0 5 bytes JMP 0000000149d502c0
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770a2320 5 bytes JMP 0000000149d50380
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770a2330 5 bytes JMP 0000000149d50340
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770a2620 5 bytes JMP 0000000149d50450
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770a2820 5 bytes JMP 0000000149d50260
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770a2830 5 bytes JMP 0000000149d50270
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770a2840 5 bytes JMP 0000000149d50400
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770a2a00 5 bytes JMP 0000000149d501f0
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770a2a10 5 bytes JMP 0000000149d50210
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000770a2a80 5 bytes JMP 0000000149d50200
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000770a2ae0 5 bytes JMP 0000000149d50420
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000770a2af0 5 bytes JMP 0000000149d50430
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000770a2b00 5 bytes JMP 0000000149d50220
.text C:\Windows\system32\csrss.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000770a2be0 5 bytes JMP 0000000149d50280
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770a13c0 5 bytes JMP 0000000077200470
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770a1410 5 bytes JMP 0000000077200460
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770a1570 5 bytes JMP 0000000077200370
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770a15c0 5 bytes JMP 0000000077200480
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770a15d0 5 bytes JMP 00000000772003e0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000770a1680 5 bytes JMP 0000000077200320
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770a16b0 5 bytes JMP 00000000772003b0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770a16d0 5 bytes JMP 0000000077200390
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770a1710 5 bytes JMP 00000000772002e0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000770a1760 5 bytes JMP 0000000077200440
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000770a1790 5 bytes JMP 00000000772002d0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770a17b0 5 bytes JMP 0000000077200310
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770a17f0 5 bytes JMP 00000000772003c0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770a1840 5 bytes JMP 00000000772003f0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770a19a0 1 byte JMP 0000000077200230
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770a1b60 5 bytes JMP 0000000077200490
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000770a1b90 5 bytes JMP 00000000772003a0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000770a1c70 5 bytes JMP 00000000772002f0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000770a1c80 5 bytes JMP 0000000077200350
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000770a1ce0 5 bytes JMP 0000000077200290
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000770a1d70 5 bytes JMP 00000000772002b0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770a1d90 5 bytes JMP 00000000772003d0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000770a1da0 1 byte JMP 0000000077200330
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000770a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000770a1e10 5 bytes JMP 0000000077200410
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000770a1e40 5 bytes JMP 0000000077200240
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770a2100 5 bytes JMP 00000000772001e0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770a21c0 1 byte JMP 0000000077200250
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770a21f0 5 bytes JMP 00000000772004a0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770a2200 5 bytes JMP 00000000772004b0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770a2230 5 bytes JMP 0000000077200300
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770a2240 5 bytes JMP 0000000077200360
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770a22a0 5 bytes JMP 00000000772002a0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770a22f0 5 bytes JMP 00000000772002c0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770a2320 5 bytes JMP 0000000077200380
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770a2330 5 bytes JMP 0000000077200340
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770a2620 5 bytes JMP 0000000077200450
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770a2820 5 bytes JMP 0000000077200260
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770a2830 5 bytes JMP 0000000077200270
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770a2840 5 bytes JMP 0000000077200400
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770a2a00 5 bytes JMP 00000000772001f0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770a2a10 5 bytes JMP 0000000077200210
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000770a2a80 5 bytes JMP 0000000077200200
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000770a2ae0 5 bytes JMP 0000000077200420
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000770a2af0 5 bytes JMP 0000000077200430
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000770a2b00 5 bytes JMP 0000000077200220
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000770a2be0 5 bytes JMP 0000000077200280
.text C:\Windows\system32\services.exe[580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c2eecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770a13c0 5 bytes JMP 0000000077200470
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000770a1410 5 bytes JMP 0000000077200460
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770a1570 5 bytes JMP 0000000077200370
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770a15c0 5 bytes JMP 0000000077200480
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770a15d0 5 bytes JMP 00000000772003e0
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000770a1680 5 bytes JMP 0000000077200320
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770a16b0 5 bytes JMP 00000000772003b0
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770a16d0 5 bytes JMP 0000000077200390
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000770a1710 5 bytes JMP 00000000772002e0
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000770a1760 5 bytes JMP 0000000077200440
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000770a1790 5 bytes JMP 00000000772002d0
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770a17b0 5 bytes JMP 0000000077200310
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770a17f0 5 bytes JMP 00000000772003c0
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000770a1840 5 bytes JMP 00000000772003f0
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770a19a0 1 byte JMP 0000000077200230
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000770a1b60 5 bytes JMP 0000000077200490
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000770a1b90 5 bytes JMP 00000000772003a0
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000770a1c70 5 bytes JMP 00000000772002f0
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000770a1c80 5 bytes JMP 0000000077200350
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000770a1ce0 5 bytes JMP 0000000077200290
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000770a1d70 5 bytes JMP 00000000772002b0
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770a1d90 5 bytes JMP 00000000772003d0
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000770a1da0 1 byte JMP 0000000077200330
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000770a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000770a1e10 5 bytes JMP 0000000077200410
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000770a1e40 5 bytes JMP 0000000077200240
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000770a2100 5 bytes JMP 00000000772001e0
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770a21c0 1 byte JMP 0000000077200250
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770a21f0 5 bytes JMP 00000000772004a0
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000770a2200 5 bytes JMP 00000000772004b0
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000770a2230 5 bytes JMP 0000000077200300
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000770a2240 5 bytes JMP 0000000077200360
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770a22a0 5 bytes JMP 00000000772002a0
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770a22f0 5 bytes JMP 00000000772002c0
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770a2320 5 bytes JMP 0000000077200380
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000770a2330 5 bytes JMP 0000000077200340
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000770a2620 5 bytes JMP 0000000077200450
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000770a2820 5 bytes JMP 0000000077200260
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000770a2830 5 bytes JMP 0000000077200270
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770a2840 5 bytes JMP 0000000077200400
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000770a2a00 5 bytes JMP 00000000772001f0
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000770a2a10 5 bytes JMP 0000000077200210
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000770a2a80 5 bytes JMP 0000000077200200
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000770a2ae0 5 bytes JMP 0000000077200420
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000770a2af0 5 bytes JMP 0000000077200430
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000770a2b00 5 bytes JMP 0000000077200220
.text C:\Windows\system32\lsass.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000770a2be0 5 bytes JMP 0000000077200280
---- EOF - GMER 2.1 ----
|
|
| Themen zu Verdacht auf Virus ( Versucht ihn alleine los zu werden mit Combofix ) |
| adobe reader xi, antivirus, aswrvrt.sys, bho, bluestacks, combofix, converter, ebay, error, eset nod32, firefox, flash player, grand theft auto, helper, home, iexplore.exe, install.exe, internet langsam, langsam, logfile, mozilla, mp3, nodrives, plug-in, realtek, registry, scan, security, software, svchost.exe, teamspeak, verdacht auf virus, virus, windows |
Linear-Darstellung
