| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Komische Probleme IIIWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.08.2013, 00:14
| #1 |
 |  Komische Probleme III Hallo Leute ... ich habe mal wieder ein Problem. Seit kurzem möche mein Firefox ständig einen Neustart wenn ich ihn öffnen möchte um Updates zu installieren. Die ersten male habe ich mir nichts dabei gedacht aber langsam nervt es. Außerdem befinden sich auf meiner Festplatte C einige Ordner doppelt, wie zum Beispiel "Programme" (der ist zweimal da und auf einen kann ich nicht zugreifen obwohl ich Admin bin) oder einmal in englischer Version "Documents and Setting" und einmal in deutscher "Dokumente und Einstellungen" (auch keine Zugriffsrechte, bei beiden, wie beim zweiten Programme Ordner). Dann gibt es noch einen vierten Ordner der den Zugriff verweigert, mit der Bezeichnung "$RECYCLE.BIN". Wenn ich als Admin keine Zugriffsrechte habe, wer dann? Ich habe avast!Free Antivirus immer laufen und auf dem neuesten Stand und mache hin und wieder mal einen Anti-Malware-Scann mit Malwarebytes ... war immer alles unauffällig und ohne Meldung. Hier die Logs der Scanns von heute: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.24.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Ismir Uebel :: ISMIRUEBEL-PC [Administrator] 26.08.2013 00:35:55 mbam-log-2013-08-26 (00-35-55).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 267943 Laufzeit: 2 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:47 on 26/08/2013 (Ismir Uebel)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2013 02
Ran by Ismir Uebel (administrator) on 26-08-2013 00:48:07
Running from C:\Users\Ismir Uebel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
==================== Registry (Whitelisted) ==================
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\system: [LogonHoursAction] 2
MountPoints2: {de962ca5-77b2-11e2-92be-806e6f6e6963} - D:\Autorun.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKU\täglicher Gebrauch\...\Policies\system: [LogonHoursAction] 2
HKU\täglicher Gebrauch\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK-Konfigurationstool.lnk
ShortcutTarget: TP-LINK-Konfigurationstool.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Ismir Uebel\AppData\Roaming\Mozilla\Firefox\Profiles\n5e0hy97.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-30] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation )
R3 trustms; C:\Windows\System32\drivers\trustms.sys [12416 2010-11-15] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-26 00:47 - 2013-08-26 00:47 - 00000000 _____ C:\Users\Ismir Uebel\defogger_reenable
2013-08-26 00:34 - 2013-08-26 00:34 - 00377856 _____ C:\Users\Ismir Uebel\Desktop\gmer_2.1.19163.exe
2013-08-26 00:33 - 2013-08-26 00:34 - 01576630 _____ (Farbar) C:\Users\Ismir Uebel\Desktop\FRST64.exe
2013-08-26 00:33 - 2013-08-26 00:33 - 00050477 _____ C:\Users\Ismir Uebel\Desktop\Defogger.exe
2013-08-25 14:40 - 2013-08-25 15:28 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Data
2013-08-24 08:37 - 2013-08-26 00:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-23 14:48 - 2013-08-23 15:48 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Zero Hour Data
2013-08-23 14:14 - 2013-08-23 14:14 - 00014064 _____ C:\Users\Ismir Uebel\Desktop\Dienstplan September.odt
2013-08-23 13:30 - 2013-08-23 13:30 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\OpenOffice
2013-08-22 10:48 - 2013-08-22 11:42 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Neuer Ordner
2013-08-21 16:53 - 2013-08-21 16:53 - 03272136 _____ (Secunia) C:\Users\Ismir Uebel\Downloads\PSISetup711.exe
2013-08-21 12:09 - 2013-08-21 12:09 - 00009869 _____ C:\Users\ISMIRU~1\AppData\Local\recently-used.xbel
2013-08-18 16:24 - 2013-08-18 16:24 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-18 13:16 - 2013-08-18 13:16 - 00003262 _____ C:\Windows\System32\Tasks\{D0C60491-CDE1-4122-94E4-5116A5D060B4}
2013-08-18 12:59 - 2013-08-18 12:59 - 00001252 _____ C:\Users\Public\Desktop\Command & Conquer.lnk
2013-08-18 12:48 - 2013-08-18 12:48 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-08-18 11:15 - 2013-08-24 08:22 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-08-18 11:14 - 2013-08-18 11:15 - 04817275 _____ (Tim Kosse) C:\Users\Ismir Uebel\Downloads\FileZilla_3.7.2_win32-setup.exe
2013-08-18 11:13 - 2013-08-18 11:13 - 01620836 _____ (FileZilla Project) C:\Users\Ismir Uebel\Downloads\FileZilla_Server-0_9_41.exe
2013-08-15 09:47 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 09:47 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 09:47 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 09:47 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 09:47 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 09:47 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 09:47 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 09:47 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 09:47 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 09:47 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 09:47 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 09:47 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 09:47 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 09:47 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 08:43 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 08:43 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 08:43 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 08:43 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 08:43 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 08:43 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 08:43 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 08:43 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 08:42 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 08:42 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 08:42 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 08:42 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 08:42 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 08:42 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 08:42 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 08:42 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 08:42 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 08:42 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 08:42 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 08:42 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 08:42 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 08:42 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 08:42 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 08:42 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 08:42 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 08:42 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 08:42 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-09 20:06 - 2013-08-09 20:07 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\messer
2013-08-06 17:06 - 2013-08-06 17:22 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist Fotos
2013-08-06 17:04 - 2013-08-06 17:06 - 200804141 _____ C:\Users\Ismir Uebel\Downloads\Resist.zip
2013-08-06 14:48 - 2013-08-06 14:56 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist To Exist Shirts
2013-08-01 10:55 - 2013-08-01 10:55 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-08-01 10:54 - 2013-08-01 10:54 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-01 09:38 - 2013-08-01 09:39 - 162401424 _____ C:\Users\Ismir Uebel\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-07-30 16:33 - 2013-07-30 16:33 - 00000000 ____D C:\ProgramData\EA Core
2013-07-30 16:32 - 2013-07-30 16:32 - 00000000 ____D C:\Users\Ismir Uebel\Documents\MeinSpore-Kreationen
2013-07-30 16:31 - 2013-07-30 16:39 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\SPORE
2013-07-30 16:31 - 2013-07-30 16:31 - 00000000 __RHD C:\Users\Ismir Uebel\AppData\Roaming\SecuROM
2013-07-30 16:31 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-07-30 16:31 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-07-30 16:30 - 2013-08-18 12:59 - 00018681 _____ C:\Windows\DirectX.log
2013-07-30 16:15 - 2013-07-30 16:15 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-07-30 16:14 - 2013-07-31 19:04 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Origin
2013-07-30 16:14 - 2013-07-30 16:15 - 00000000 ____D C:\Users\ISMIRU~1\AppData\Local\Origin
2013-07-30 16:12 - 2013-08-18 12:00 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-30 16:12 - 2013-07-30 16:15 - 00000000 ____D C:\ProgramData\Origin
2013-07-30 16:12 - 2013-07-30 16:12 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-07-30 16:12 - 2013-07-30 16:12 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-07-30 16:11 - 2013-07-30 16:11 - 16949128 _____ (Electronic Arts, Inc.) C:\Users\Ismir Uebel\Downloads\OriginThinSetup.exe
2013-07-29 11:44 - 2013-07-29 11:48 - 50742119 _____ C:\Users\Ismir Uebel\Downloads\Knochenfabrik - Ameisenstaat (1999).rar
==================== One Month Modified Files and Folders =======
2013-08-26 00:47 - 2013-08-26 00:47 - 00000484 _____ C:\Users\Ismir Uebel\Desktop\defogger_disable.log
2013-08-26 00:47 - 2013-08-26 00:47 - 00000000 _____ C:\Users\Ismir Uebel\defogger_reenable
2013-08-26 00:47 - 2013-06-05 23:18 - 00000000 ____D C:\Users\Ismir Uebel
2013-08-26 00:44 - 2013-08-24 08:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-26 00:41 - 2013-02-27 22:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-26 00:37 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-26 00:37 - 2009-07-14 06:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-26 00:34 - 2013-08-26 00:34 - 00377856 _____ C:\Users\Ismir Uebel\Desktop\gmer_2.1.19163.exe
2013-08-26 00:34 - 2013-08-26 00:33 - 01576630 _____ (Farbar) C:\Users\Ismir Uebel\Desktop\FRST64.exe
2013-08-26 00:33 - 2013-08-26 00:33 - 00050477 _____ C:\Users\Ismir Uebel\Desktop\Defogger.exe
2013-08-26 00:33 - 2013-06-05 23:16 - 01184744 _____ C:\Windows\WindowsUpdate.log
2013-08-26 00:31 - 2013-05-29 12:16 - 00001075 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-26 00:31 - 2013-05-29 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-26 00:29 - 2013-06-05 23:16 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-26 00:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-26 00:29 - 2009-07-14 06:51 - 01063534 _____ C:\Windows\setupact.log
2013-08-26 00:20 - 2013-04-18 06:32 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-08-26 00:19 - 2013-02-16 02:26 - 00058764 _____ C:\Windows\PFRO.log
2013-08-25 15:28 - 2013-08-25 14:40 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Data
2013-08-24 08:22 - 2013-08-18 11:15 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-08-23 15:48 - 2013-08-23 14:48 - 00000000 ____D C:\Users\Ismir Uebel\Documents\Command and Conquer Generals Zero Hour Data
2013-08-23 14:14 - 2013-08-23 14:14 - 00014064 _____ C:\Users\Ismir Uebel\Desktop\Dienstplan September.odt
2013-08-23 13:30 - 2013-08-23 13:30 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\OpenOffice
2013-08-22 12:31 - 2013-02-16 18:17 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Filme - intern
2013-08-22 11:42 - 2013-08-22 10:48 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Neuer Ordner
2013-08-22 10:29 - 2013-06-06 09:36 - 00071944 _____ C:\Users\ISMIRU~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-21 16:53 - 2013-08-21 16:53 - 03272136 _____ (Secunia) C:\Users\Ismir Uebel\Downloads\PSISetup711.exe
2013-08-21 13:06 - 2009-07-14 19:58 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-08-21 13:06 - 2009-07-14 19:58 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-08-21 13:06 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-21 12:17 - 2013-07-24 16:00 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\patches
2013-08-21 12:15 - 2013-04-01 12:55 - 00000000 ____D C:\Users\Ismir Uebel\.gimp-2.8
2013-08-21 12:09 - 2013-08-21 12:09 - 00009869 _____ C:\Users\ISMIRU~1\AppData\Local\recently-used.xbel
2013-08-19 22:42 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-18 19:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 16:28 - 2009-07-14 06:45 - 00315552 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-18 16:24 - 2013-08-18 16:24 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-08-18 13:16 - 2013-08-18 13:16 - 00003262 _____ C:\Windows\System32\Tasks\{D0C60491-CDE1-4122-94E4-5116A5D060B4}
2013-08-18 13:15 - 2013-02-15 23:14 - 00000000 ____D C:\Users\ISMIRU~1\AppData\Local\VirtualStore
2013-08-18 12:59 - 2013-08-18 12:59 - 00001252 _____ C:\Users\Public\Desktop\Command & Conquer.lnk
2013-08-18 12:59 - 2013-07-30 16:30 - 00018681 _____ C:\Windows\DirectX.log
2013-08-18 12:48 - 2013-08-18 12:48 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-08-18 12:48 - 2013-07-10 18:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-18 12:00 - 2013-07-30 16:12 - 00000000 ____D C:\Program Files (x86)\Origin
2013-08-18 11:15 - 2013-08-18 11:14 - 04817275 _____ (Tim Kosse) C:\Users\Ismir Uebel\Downloads\FileZilla_3.7.2_win32-setup.exe
2013-08-18 11:15 - 2013-02-17 13:10 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\FileZilla
2013-08-18 11:13 - 2013-08-18 11:13 - 01620836 _____ (FileZilla Project) C:\Users\Ismir Uebel\Downloads\FileZilla_Server-0_9_41.exe
2013-08-15 09:43 - 2013-07-22 11:52 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 09:42 - 2013-06-06 09:59 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 12:49 - 2013-02-16 03:54 - 00000000 ____D C:\World of Warcraft
2013-08-12 18:42 - 2013-04-29 06:19 - 00001949 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2013-08-12 18:42 - 2013-04-29 06:19 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-08-09 20:07 - 2013-08-09 20:06 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\messer
2013-08-06 17:22 - 2013-08-06 17:06 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist Fotos
2013-08-06 17:06 - 2013-08-06 17:04 - 200804141 _____ C:\Users\Ismir Uebel\Downloads\Resist.zip
2013-08-06 14:57 - 2013-02-16 03:58 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Ismir
2013-08-06 14:56 - 2013-08-06 14:48 - 00000000 ____D C:\Users\Ismir Uebel\Desktop\Resist To Exist Shirts
2013-08-01 10:55 - 2013-08-01 10:55 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-08-01 10:54 - 2013-08-01 10:54 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-01 10:54 - 2013-02-16 03:34 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-08-01 10:51 - 2013-03-10 12:12 - 00011776 ___SH C:\Users\Ismir Uebel\Thumbs.db
2013-08-01 09:39 - 2013-08-01 09:38 - 162401424 _____ C:\Users\Ismir Uebel\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_de.exe
2013-07-31 19:04 - 2013-07-30 16:14 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\Origin
2013-07-30 16:39 - 2013-07-30 16:31 - 00000000 ____D C:\Users\Ismir Uebel\AppData\Roaming\SPORE
2013-07-30 16:33 - 2013-07-30 16:33 - 00000000 ____D C:\ProgramData\EA Core
2013-07-30 16:32 - 2013-07-30 16:32 - 00000000 ____D C:\Users\Ismir Uebel\Documents\MeinSpore-Kreationen
2013-07-30 16:31 - 2013-07-30 16:31 - 00000000 __RHD C:\Users\Ismir Uebel\AppData\Roaming\SecuROM
2013-07-30 16:15 - 2013-07-30 16:15 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-07-30 16:15 - 2013-07-30 16:14 - 00000000 ____D C:\Users\ISMIRU~1\AppData\Local\Origin
2013-07-30 16:15 - 2013-07-30 16:12 - 00000000 ____D C:\ProgramData\Origin
2013-07-30 16:12 - 2013-07-30 16:12 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-07-30 16:12 - 2013-07-30 16:12 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-07-30 16:11 - 2013-07-30 16:11 - 16949128 _____ (Electronic Arts, Inc.) C:\Users\Ismir Uebel\Downloads\OriginThinSetup.exe
2013-07-29 11:48 - 2013-07-29 11:44 - 50742119 _____ C:\Users\Ismir Uebel\Downloads\Knochenfabrik - Ameisenstaat (1999).rar
Files to move or delete:
====================
C:\Users\ISMIRU~1\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nvStInst.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\oKTSypeZ.exe.part
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\InstallHelper.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\EnumDevLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\IpLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\libeay32.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RTLDHCP.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RtlICS.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RtlIhvOid.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Win7\RtlLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\EnumDevLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\IpLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\libeay32.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RTLDHCP.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RtlICS.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RtlIhvOid.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\{3645663B-B155-458C-B0EE-E30A4A85B0FE}\{319D91C6-3D44-436C-9F79-36C0D22372DC}\Rtl_Vista\RtlLib.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\WDEE85E.tmp\CddbLangDE.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\WDEBC0D.tmp\CddbLangDE.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\WDE5253.tmp\CddbLangDE.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nsp2B29.tmp\LangDLL.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\nsp2B29.tmp\nsis_chklist.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\mProjector3175261488\mPlayer.3.1.1k.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\dotNetFx40LP_Full_x86_x64de.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll
C:\Users\ISMIRU~1\AppData\Local\Temp\isp3F16.tmp\_Setup.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-22 18:33
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-26 00:57:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD5000AAKS-00V1A0 rev.05.01D05 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ISMIRU~1\AppData\Local\Temp\kfdiauow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[472] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\services.exe[536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[808] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Windows\System32\svchost.exe[944] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1200] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\Explorer.EXE[1548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1840] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[1888] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[1888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76]
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[1888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1964] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76]
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1148] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[1856] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76]
.text C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76]
.text ... * 2
.text C:\Program Files\Windows Sidebar\sidebar.exe[2476] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\SysWOW64\schtasks.exe[2496] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2516] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76]
.text ... * 2
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2612] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2784] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007738fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007738fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007738fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077390038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077391920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000773ac4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000773b1287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000766c5181 5 bytes JMP 00000001001a1014
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000766c5254 5 bytes JMP 00000001001a0804
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000766c53d5 5 bytes JMP 00000001001a0a08
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000766c54c2 5 bytes JMP 00000001001a0c0c
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000766c55e2 5 bytes JMP 00000001001a0e10
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000766c567c 5 bytes JMP 00000001001a01f8
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000766c589f 5 bytes JMP 00000001001a03fc
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000766c5a22 5 bytes JMP 00000001001a0600
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b91465 2 bytes [B9, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b914bb 2 bytes [B9, 76]
.text ... * 2
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771b3b10 5 bytes JMP 00000001001e075c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771b7ac0 5 bytes JMP 00000001001e03a4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000771e1430 5 bytes JMP 00000001001e0b14
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000771e1490 5 bytes JMP 00000001001e0ecc
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e1570 5 bytes JMP 00000001001e163c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771e17b0 5 bytes JMP 00000001001e1284
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e27e0 5 bytes JMP 00000001001e19f4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe866e00 5 bytes JMP 000007ff7e881dac
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe866f2c 5 bytes JMP 000007ff7e880ecc
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe867220 5 bytes JMP 000007ff7e881284
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe86739c 5 bytes JMP 000007ff7e88163c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe867538 5 bytes JMP 000007ff7e8819f4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe8675e8 5 bytes JMP 000007ff7e8803a4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe86790c 5 bytes JMP 000007ff7e88075c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3696] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe867ab4 5 bytes JMP 000007ff7e880b14
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771b3b10 5 bytes JMP 000000010044075c
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771b7ac0 5 bytes JMP 00000001004403a4
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000771e1430 5 bytes JMP 0000000100440b14
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000771e1490 5 bytes JMP 0000000100440ecc
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e1570 5 bytes JMP 000000010044163c
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771e17b0 5 bytes JMP 0000000100441284
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e27e0 5 bytes JMP 00000001004419f4
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe866e00 5 bytes JMP 000007ff7e881dac
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe866f2c 5 bytes JMP 000007ff7e880ecc
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe867220 5 bytes JMP 000007ff7e881284
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe86739c 5 bytes JMP 000007ff7e88163c
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe867538 5 bytes JMP 000007ff7e8819f4
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe8675e8 5 bytes JMP 000007ff7e8803a4
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe86790c 5 bytes JMP 000007ff7e88075c
.text C:\Windows\system32\SearchIndexer.exe[3972] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe867ab4 5 bytes JMP 000007ff7e880b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3280] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771b3b10 5 bytes JMP 000000010039075c
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771b7ac0 5 bytes JMP 00000001003903a4
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000771e1430 5 bytes JMP 0000000100390b14
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000771e1490 5 bytes JMP 0000000100390ecc
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e1570 5 bytes JMP 000000010039163c
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771e17b0 5 bytes JMP 0000000100391284
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e27e0 5 bytes JMP 00000001003919f4
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe866e00 5 bytes JMP 000007ff7e881dac
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe866f2c 5 bytes JMP 000007ff7e880ecc
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe867220 5 bytes JMP 000007ff7e881284
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe86739c 5 bytes JMP 000007ff7e88163c
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe867538 5 bytes JMP 000007ff7e8819f4
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe8675e8 5 bytes JMP 000007ff7e8803a4
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe86790c 5 bytes JMP 000007ff7e88075c
.text C:\Windows\System32\svchost.exe[2812] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe867ab4 5 bytes JMP 000007ff7e880b14
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771b3b10 5 bytes JMP 000000010036075c
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771b7ac0 5 bytes JMP 00000001003603a4
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000771e1430 5 bytes JMP 0000000100360b14
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000771e1490 5 bytes JMP 0000000100360ecc
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000771e1570 5 bytes JMP 000000010036163c
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000771e17b0 5 bytes JMP 0000000100361284
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771e27e0 5 bytes JMP 00000001003619f4
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe866e00 5 bytes JMP 000007ff7e881dac
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe866f2c 5 bytes JMP 000007ff7e880ecc
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe867220 5 bytes JMP 000007ff7e881284
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe86739c 5 bytes JMP 000007ff7e88163c
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe867538 5 bytes JMP 000007ff7e8819f4
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe8675e8 5 bytes JMP 000007ff7e8803a4
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe86790c 5 bytes JMP 000007ff7e88075c
.text C:\Windows\System32\svchost.exe[2548] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe867ab4 5 bytes JMP 000007ff7e880b14
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe866e00 5 bytes JMP 000007ff7e881dac
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe866f2c 5 bytes JMP 000007ff7e880ecc
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe867220 5 bytes JMP 000007ff7e881284
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe86739c 5 bytes JMP 000007ff7e88163c
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe867538 5 bytes JMP 000007ff7e8819f4
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe8675e8 5 bytes JMP 000007ff7e8803a4
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe86790c 5 bytes JMP 000007ff7e88075c
.text C:\Windows\system32\svchost.exe[4244] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe867ab4 5 bytes JMP 000007ff7e880b14
.text C:\Windows\system32\AUDIODG.EXE[4312] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076fceecd 1 byte [62]
.text C:\Users\Ismir Uebel\Desktop\gmer_2.1.19163.exe[2684] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000765ea30a 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [2548:4660] 000007feee3f9688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 4
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 177
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition1\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 1386102
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 3
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 4
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 177
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition1\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 1386102
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 3
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet003\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet003\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet003\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters@BootCounter 33
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition1\Windows
Reg HKLM\SYSTEM\ControlSet003\services\aswRvrt\Parameters@TickCounter 260886
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet003\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet003\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet003\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet003\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet003\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet003\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet003\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet003\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet003\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet003\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet003\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet003\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet003\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet003\services\avast! Antivirus@ObjectName LocalSystem
---- EOF - GMER 2.1 ----
Vielen Dank schonmal ... ich bin echt froh, dass es euch gibt! Grüße aus Berlin |
| Themen zu Komische Probleme III |
| adobe, antivirus, avast, browser, einstellungen, explorer, farbar, farbar recovery scan tool, festplatte, firefox, flash player, ftp, home, installation, langsam, mozilla, origin, panda usb vaccine, plug-in, realtek, registry, secunia psi, security, services.exe, software, svchost.exe, taskhost.exe, temp, updates, usb, vista, zugriff verweigert |
Baum-Darstellung