Code:
Alles auswählen Aufklappen ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-12 15:53:28
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 INTEL_SS rev.4PC1 74,53GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\SATURN~1\AppData\Local\Temp\pwldapod.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Windows\system32\services.exe[804] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[856] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[964] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[136] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[380] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a30a 1 byte [62]
.text C:\Windows\System32\svchost.exe[792] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[740] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1052] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1320] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1340] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1348] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1832] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1956] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1980] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a30a 1 byte [62]
.text C:\Program Files (x86)\avmwlanstick\WlanNetService.exe[1312] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a30a 1 byte [62]
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[652] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe[2064] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a30a 1 byte [62]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2160] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a30a 1 byte [62]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2160] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072471a22 2 bytes [47, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2160] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072471ad0 2 bytes [47, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2160] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072471b08 2 bytes [47, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2160] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072471bba 2 bytes [47, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2160] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072471bda 2 bytes [47, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749d1465 2 bytes [9D, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749d14bb 2 bytes [9D, 74]
.text ... * 2
.text C:\Windows\system32\svchost.exe[2224] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2340] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076cf3ae0 5 bytes JMP 00000001001e075c
.text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076cf7a90 5 bytes JMP 00000001001e03a4
.text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d21490 5 bytes JMP 00000001001e0b14
.text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d214f0 5 bytes JMP 00000001001e0ecc
.text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d215d0 5 bytes JMP 00000001001e163c
.text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d21810 5 bytes JMP 00000001001e1284
.text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d22840 5 bytes JMP 00000001001e19f4
.text C:\Windows\system32\svchost.exe[3552] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefeda6e00 5 bytes JMP 000007ff7edc1dac
.text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefeda6f2c 5 bytes JMP 000007ff7edc0ecc
.text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefeda7220 5 bytes JMP 000007ff7edc1284
.text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefeda739c 5 bytes JMP 000007ff7edc163c
.text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefeda7538 5 bytes JMP 000007ff7edc19f4
.text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefeda75e8 5 bytes JMP 000007ff7edc03a4
.text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefeda790c 5 bytes JMP 000007ff7edc075c
.text C:\Windows\system32\svchost.exe[3552] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefeda7ab4 5 bytes JMP 000007ff7edc0b14
.text C:\Windows\system32\Dwm.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076cf3ae0 5 bytes JMP 00000001003b075c
.text C:\Windows\system32\Dwm.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076cf7a90 5 bytes JMP 00000001003b03a4
.text C:\Windows\system32\Dwm.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d21490 5 bytes JMP 00000001003b0b14
.text C:\Windows\system32\Dwm.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d214f0 5 bytes JMP 00000001003b0ecc
.text C:\Windows\system32\Dwm.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d215d0 5 bytes JMP 00000001003b163c
.text C:\Windows\system32\Dwm.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d21810 5 bytes JMP 00000001003b1284
.text C:\Windows\system32\Dwm.exe[3932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d22840 5 bytes JMP 00000001003b19f4
.text C:\Windows\system32\Dwm.exe[3932] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefeda6e00 5 bytes JMP 000007ff7edc1dac
.text C:\Windows\system32\Dwm.exe[3932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefeda6f2c 5 bytes JMP 000007ff7edc0ecc
.text C:\Windows\system32\Dwm.exe[3932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefeda7220 5 bytes JMP 000007ff7edc1284
.text C:\Windows\system32\Dwm.exe[3932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefeda739c 5 bytes JMP 000007ff7edc163c
.text C:\Windows\system32\Dwm.exe[3932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefeda7538 5 bytes JMP 000007ff7edc19f4
.text C:\Windows\system32\Dwm.exe[3932] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefeda75e8 5 bytes JMP 000007ff7edc03a4
.text C:\Windows\system32\Dwm.exe[3932] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefeda790c 5 bytes JMP 000007ff7edc075c
.text C:\Windows\system32\Dwm.exe[3932] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefeda7ab4 5 bytes JMP 000007ff7edc0b14
.text C:\Windows\Explorer.EXE[3960] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076cf3ae0 5 bytes JMP 000000010034075c
.text C:\Windows\Explorer.EXE[3960] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076cf7a90 5 bytes JMP 00000001003403a4
.text C:\Windows\Explorer.EXE[3960] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d21490 5 bytes JMP 0000000100340b14
.text C:\Windows\Explorer.EXE[3960] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d214f0 5 bytes JMP 0000000100340ecc
.text C:\Windows\Explorer.EXE[3960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d215d0 5 bytes JMP 000000010034163c
.text C:\Windows\Explorer.EXE[3960] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d21810 5 bytes JMP 0000000100341284
.text C:\Windows\Explorer.EXE[3960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d22840 5 bytes JMP 00000001003419f4
.text C:\Windows\Explorer.EXE[3960] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[3960] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefeda6e00 5 bytes JMP 000007ff7edc1dac
.text C:\Windows\Explorer.EXE[3960] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefeda6f2c 5 bytes JMP 000007ff7edc0ecc
.text C:\Windows\Explorer.EXE[3960] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefeda7220 5 bytes JMP 000007ff7edc1284
.text C:\Windows\Explorer.EXE[3960] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefeda739c 5 bytes JMP 000007ff7edc163c
.text C:\Windows\Explorer.EXE[3960] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefeda7538 5 bytes JMP 000007ff7edc19f4
.text C:\Windows\Explorer.EXE[3960] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefeda75e8 5 bytes JMP 000007ff7edc03a4
.text C:\Windows\Explorer.EXE[3960] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefeda790c 5 bytes JMP 000007ff7edc075c
.text C:\Windows\Explorer.EXE[3960] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefeda7ab4 5 bytes JMP 000007ff7edc0b14
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076cf3ae0 5 bytes JMP 000000010054075c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076cf7a90 5 bytes JMP 00000001005403a4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d21490 5 bytes JMP 0000000100540b14
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d214f0 5 bytes JMP 0000000100540ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d215d0 5 bytes JMP 000000010054163c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d21810 5 bytes JMP 0000000100541284
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d22840 5 bytes JMP 00000001005419f4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefeda6e00 5 bytes JMP 000007ff7edc1dac
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefeda6f2c 5 bytes JMP 000007ff7edc0ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefeda7220 5 bytes JMP 000007ff7edc1284
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefeda739c 5 bytes JMP 000007ff7edc163c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefeda7538 5 bytes JMP 000007ff7edc19f4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefeda75e8 5 bytes JMP 000007ff7edc03a4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefeda790c 5 bytes JMP 000007ff7edc075c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3412] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefeda7ab4 5 bytes JMP 000007ff7edc0b14
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ecfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ecfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076ecfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ed0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076ed1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000076eec45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000076ef1217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007691a30a 1 byte [62]
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075dbee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075dc3982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075dc7603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075dc835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075ddf52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000766c5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000766c5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000766c53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000766c54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000766c55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000766c567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000766c589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe[2220] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000766c5a22 5 bytes JMP 0000000100250600
.text D:\Programme\Avast!\AvastUI.exe[2668] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a30a 1 byte [62]
.text D:\Programme\Avast!\AvastUI.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749d1465 2 bytes [9D, 74]
.text D:\Programme\Avast!\AvastUI.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749d14bb 2 bytes [9D, 74]
.text ... * 2
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ecfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ecfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076ecfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ed0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076ed1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000076eec45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000076ef1217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007691a30a 1 byte [62]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075dbee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075dc3982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075dc7603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075dc835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075ddf52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000766c5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000766c5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000766c53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000766c54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000766c55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000766c567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000766c589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4088] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000766c5a22 5 bytes JMP 0000000100250600
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076cf3ae0 5 bytes JMP 00000001002b075c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076cf7a90 5 bytes JMP 00000001002b03a4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d21490 5 bytes JMP 00000001002b0b14
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d214f0 5 bytes JMP 00000001002b0ecc
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d215d0 5 bytes JMP 00000001002b163c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d21810 5 bytes JMP 00000001002b1284
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d22840 5 bytes JMP 00000001002b19f4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1156] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefeda6e00 5 bytes JMP 000007ff7edc1dac
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefeda6f2c 5 bytes JMP 000007ff7edc0ecc
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefeda7220 5 bytes JMP 000007ff7edc1284
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefeda739c 5 bytes JMP 000007ff7edc163c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefeda7538 5 bytes JMP 000007ff7edc19f4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefeda75e8 5 bytes JMP 000007ff7edc03a4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefeda790c 5 bytes JMP 000007ff7edc075c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefeda7ab4 5 bytes JMP 000007ff7edc0b14
.text C:\Windows\system32\SearchIndexer.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076cf3ae0 5 bytes JMP 000000010018075c
.text C:\Windows\system32\SearchIndexer.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076cf7a90 5 bytes JMP 00000001001803a4
.text C:\Windows\system32\SearchIndexer.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d21490 5 bytes JMP 0000000100180b14
.text C:\Windows\system32\SearchIndexer.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d214f0 5 bytes JMP 0000000100180ecc
.text C:\Windows\system32\SearchIndexer.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d215d0 5 bytes JMP 000000010018163c
.text C:\Windows\system32\SearchIndexer.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d21810 5 bytes JMP 0000000100181284
.text C:\Windows\system32\SearchIndexer.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d22840 5 bytes JMP 00000001001819f4
.text C:\Windows\system32\SearchIndexer.exe[3976] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3976] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefeda6e00 5 bytes JMP 000007ff7edc1dac
.text C:\Windows\system32\SearchIndexer.exe[3976] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefeda6f2c 5 bytes JMP 000007ff7edc0ecc
.text C:\Windows\system32\SearchIndexer.exe[3976] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefeda7220 5 bytes JMP 000007ff7edc1284
.text C:\Windows\system32\SearchIndexer.exe[3976] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefeda739c 5 bytes JMP 000007ff7edc163c
.text C:\Windows\system32\SearchIndexer.exe[3976] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefeda7538 5 bytes JMP 000007ff7edc19f4
.text C:\Windows\system32\SearchIndexer.exe[3976] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefeda75e8 5 bytes JMP 000007ff7edc03a4
.text C:\Windows\system32\SearchIndexer.exe[3976] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefeda790c 5 bytes JMP 000007ff7edc075c
.text C:\Windows\system32\SearchIndexer.exe[3976] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefeda7ab4 5 bytes JMP 000007ff7edc0b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076cf3ae0 5 bytes JMP 00000001001e075c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076cf7a90 5 bytes JMP 00000001001e03a4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d21490 5 bytes JMP 00000001001e0b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d214f0 5 bytes JMP 00000001001e0ecc
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d215d0 5 bytes JMP 00000001001e163c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d21810 5 bytes JMP 00000001001e1284
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d22840 5 bytes JMP 00000001001e19f4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4148] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4148] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefeda6e00 5 bytes JMP 000007ff7edc1dac
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4148] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefeda6f2c 5 bytes JMP 000007ff7edc0ecc
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4148] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefeda7220 5 bytes JMP 000007ff7edc1284
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4148] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefeda739c 5 bytes JMP 000007ff7edc163c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4148] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefeda7538 5 bytes JMP 000007ff7edc19f4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4148] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefeda75e8 5 bytes JMP 000007ff7edc03a4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4148] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefeda790c 5 bytes JMP 000007ff7edc075c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4148] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefeda7ab4 5 bytes JMP 000007ff7edc0b14
.text C:\Windows\System32\svchost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076cf3ae0 5 bytes JMP 000000010027075c
.text C:\Windows\System32\svchost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076cf7a90 5 bytes JMP 00000001002703a4
.text C:\Windows\System32\svchost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d21490 5 bytes JMP 0000000100270b14
.text C:\Windows\System32\svchost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d214f0 5 bytes JMP 0000000100270ecc
.text C:\Windows\System32\svchost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d215d0 5 bytes JMP 000000010027163c
.text C:\Windows\System32\svchost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d21810 5 bytes JMP 0000000100271284
.text C:\Windows\System32\svchost.exe[4536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d22840 5 bytes JMP 00000001002719f4
.text C:\Windows\System32\svchost.exe[4536] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefeda6e00 5 bytes JMP 000007ff7edc1dac
.text C:\Windows\System32\svchost.exe[4536] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefeda6f2c 5 bytes JMP 000007ff7edc0ecc
.text C:\Windows\System32\svchost.exe[4536] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefeda7220 5 bytes JMP 000007ff7edc1284
.text C:\Windows\System32\svchost.exe[4536] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefeda739c 5 bytes JMP 000007ff7edc163c
.text C:\Windows\System32\svchost.exe[4536] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefeda7538 5 bytes JMP 000007ff7edc19f4
.text C:\Windows\System32\svchost.exe[4536] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefeda75e8 5 bytes JMP 000007ff7edc03a4
.text C:\Windows\System32\svchost.exe[4536] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefeda790c 5 bytes JMP 000007ff7edc075c
.text C:\Windows\System32\svchost.exe[4536] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefeda7ab4 5 bytes JMP 000007ff7edc0b14
.text C:\Windows\system32\DllHost.exe[4792] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefeda6e00 5 bytes JMP 000007ff7edc1dac
.text C:\Windows\system32\DllHost.exe[4792] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefeda6f2c 5 bytes JMP 000007ff7edc0ecc
.text C:\Windows\system32\DllHost.exe[4792] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefeda7220 5 bytes JMP 000007ff7edc1284
.text C:\Windows\system32\DllHost.exe[4792] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefeda739c 5 bytes JMP 000007ff7edc163c
.text C:\Windows\system32\DllHost.exe[4792] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefeda7538 5 bytes JMP 000007ff7edc19f4
.text C:\Windows\system32\DllHost.exe[4792] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefeda75e8 5 bytes JMP 000007ff7edc03a4
.text C:\Windows\system32\DllHost.exe[4792] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefeda790c 5 bytes JMP 000007ff7edc075c
.text C:\Windows\system32\DllHost.exe[4792] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefeda7ab4 5 bytes JMP 000007ff7edc0b14
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ecfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ecfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076ecfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ed0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076ed1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000076eec45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000076ef1217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007691a30a 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000766c5181 5 bytes JMP 0000000100141014
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000766c5254 5 bytes JMP 0000000100140804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000766c53d5 5 bytes JMP 0000000100140a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000766c54c2 5 bytes JMP 0000000100140c0c
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000766c55e2 5 bytes JMP 0000000100140e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000766c567c 5 bytes JMP 00000001001401f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000766c589f 5 bytes JMP 00000001001403fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000766c5a22 5 bytes JMP 0000000100140600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075dbee09 5 bytes JMP 00000001001501f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075dc3982 5 bytes JMP 00000001001503fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075dc7603 5 bytes JMP 0000000100150804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075dc835c 5 bytes JMP 0000000100150600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6092] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075ddf52b 5 bytes JMP 0000000100150a08
.text C:\Windows\system32\svchost.exe[3476] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefeda6e00 5 bytes JMP 000007ff7edc1dac
.text C:\Windows\system32\svchost.exe[3476] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefeda6f2c 5 bytes JMP 000007ff7edc0ecc
.text C:\Windows\system32\svchost.exe[3476] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefeda7220 5 bytes JMP 000007ff7edc1284
.text C:\Windows\system32\svchost.exe[3476] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefeda739c 5 bytes JMP 000007ff7edc163c
.text C:\Windows\system32\svchost.exe[3476] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefeda7538 5 bytes JMP 000007ff7edc19f4
.text C:\Windows\system32\svchost.exe[3476] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefeda75e8 5 bytes JMP 000007ff7edc03a4
.text C:\Windows\system32\svchost.exe[3476] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefeda790c 5 bytes JMP 000007ff7edc075c
.text C:\Windows\system32\svchost.exe[3476] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefeda7ab4 5 bytes JMP 000007ff7edc0b14
.text C:\Windows\system32\AUDIODG.EXE[5312] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076c0eecd 1 byte [62]
.text C:\Users\Saturn-Freising\Downloads\gmer_2.1.19163.exe[5288] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007691a30a 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [2304:3880] 000007fef52a9688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 3
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 5
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 65578
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\D:\Programme\Avast!
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\D:\Programme\Avast!
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "D:\Programme\Avast!\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 3
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 5
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 65578
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\D:\Programme\Avast!
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\D:\Programme\Avast!
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "D:\Programme\Avast!\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
12.09.2013, 15:44
Baum-Darstellung