Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avast blockiert Datei (windows\system32\svchost.exe)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.07.2013, 16:59   #1
loewenherzl
 
Avast blockiert Datei (windows\system32\svchost.exe) - Icon16

Avast blockiert Datei (windows\system32\svchost.exe)



Hallo zusammen,

ich habe heute für meine Mama im Internet nach diversen kleinen Spielen wie z.B. peggle, jewels quest usw. gesucht, weil sie gerne ein paar Spiele auf ihrem (nicht meinem infizierten) Laptop haben wollte. Nachdem ich das Spiel Jewel Quest Mysteries hier heruntergeladen, gestartet, beendet und wieder deinstalliert hatte, fingen die Probleme an.

PROBLEM:
Ich bekomme seit dem im etwa 30 Sekundentakt von meinem Avast diese Meldung

und in relativ unregelmäßigen Abständen diese zweite Meldung

Sobald ich die Verbindung zum Internet unterbreche bekomme ich auch keine Meldungen mehr.

Ich habe einen Quickscan mit OTL gemacht, aber lediglich eine txt-Datei (otl.txt) erhalten aber keine extra.txt. Während des Scans mit GMER habe ich mehrfach eine Fehlermeldung bekommen, dass in Laufwerk H: kein Datenträger eingelegt ist und ich diesen bitte einlegen müsse. Ein Laufwerk H: habe ich gar nicht an meinem Rechner Langsam werde ich noch irre von dieser Fehlermeldung. Ich bitte um Hilfe, sonst

Vielen Dank im Voraus für Eure Unterstützung!!!

Gruß
loewenherzl

Alt 14.07.2013, 18:21   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast blockiert Datei (windows\system32\svchost.exe) - Standard

Avast blockiert Datei (windows\system32\svchost.exe)



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 14.07.2013, 19:21   #3
loewenherzl
 
Avast blockiert Datei (windows\system32\svchost.exe) - Standard

Avast blockiert Datei (windows\system32\svchost.exe)



Hallo cosinus,

vielen Dank schon mal für Deine sehr schnelle Rückmeldung. Weitere Logfiles habe ich nicht. Ich hatte heute Vormittag einen Quickscan mit Avast gemacht, da wurden zwei/drei Files angezeigt, die das Programm wohl nicht zuordnen konnte bzw. nicht darauf zugreifen konnte (Fehler).

Die gepackten Logfiles habe ich nur in ein RAR-Archiv gepackt, weil der Beitrag über 123.000 Zeichen hatte und dies nicht möglich war zu posten.

Soll ich noch einen Scan mit einer der im Beitrag Wichtig: Bitte alle Logs mit Funden posten genannten Programme machen und wenn ja mit welchem und wo bekomme ich die?

Gruß
loewenherzl

EDIT:
Bekomme heute immer wieder mal irgendwelche Fenster angezeigt, die sich im Hintergrund von Firefox öffnen und die ich erst rein zufällig in der Taskleiste (Win 8) sehe. z.B.
__________________

Geändert von loewenherzl (14.07.2013 um 19:27 Uhr)

Alt 14.07.2013, 19:26   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast blockiert Datei (windows\system32\svchost.exe) - Standard

Avast blockiert Datei (windows\system32\svchost.exe)



Zitat:
über 123.000 Zeichen hatte und dies nicht möglich war zu posten.
Siehe http://www.trojaner-board.de/69886-a...tml#post566999
__________________
Logs bitte immer in CODE-Tags posten

Alt 14.07.2013, 19:31   #5
loewenherzl
 
Avast blockiert Datei (windows\system32\svchost.exe) - Standard

Avast blockiert Datei (windows\system32\svchost.exe)



OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.07.2013 14:46:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
 Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 69,35% Memory free
6,00 Gb Paging File | 5,04 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 67,32 Gb Free Space | 57,82% Space Free | Partition Type: NTFS
Drive D: | 104,73 Gb Total Space | 54,45 Gb Free Space | 51,99% Space Free | Partition Type: NTFS
Drive E: | 116,44 Gb Total Space | 69,39 Gb Free Space | 59,59% Space Free | Partition Type: NTFS
Drive G: | 116,44 Gb Total Space | 116,16 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
 
Computer Name: LABTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.14 14:46:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2013.07.03 09:57:31 | 000,257,136 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013.06.04 10:41:17 | 000,138,672 | ---- | M] (Microsoft Corporation) -- C:\Programme\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe
PRC - [2013.05.27 13:48:52 | 000,312,608 | ---- | M] (Skillbrains) -- C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.03.02 10:24:03 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe
PRC - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe
PRC - [2012.12.29 10:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.12.29 10:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.23 15:11:50 | 001,045,256 | ---- | M] (Acresso Software Inc.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012.10.11 07:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012.09.14 14:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012.09.11 17:06:52 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012.09.11 12:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012.07.26 05:30:19 | 000,029,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RuntimeBroker.exe
PRC - [2012.07.26 05:20:44 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe
PRC - [2012.07.23 15:42:04 | 000,041,632 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\SynptSync.exe
PRC - [2012.07.17 17:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012.06.25 16:16:48 | 005,446,056 | ---- | M] () -- C:\Programme\SRS Labs\SRS Audio Essentials\AudioEssentials.exe
PRC - [2012.06.25 16:16:44 | 000,548,768 | ---- | M] (SRS Labs, Inc.) -- C:\Programme\SRS Labs\SRS Audio Essentials\AENotifier.exe
PRC - [2012.06.25 16:16:26 | 000,013,232 | ---- | M] (SRS Labs, Inc.) -- C:\Programme\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe
PRC - [2012.01.20 22:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011.11.21 15:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2006.10.23 00:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.14 10:54:08 | 002,297,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\0db8aa5ffb4ab7d5051dc10101841f84\System.Core.ni.dll
MOD - [2013.07.14 10:53:57 | 005,464,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a74b6a2fbd1dff41aa83ce6b8de639e4\System.Xml.ni.dll
MOD - [2013.07.14 10:53:50 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\dfa2cb72af0c0dfeb2b898b1b35c0077\System.Windows.Forms.ni.dll
MOD - [2013.07.14 10:53:39 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\dfd1de460c7612ad1d02afc9d97bf78c\System.Drawing.ni.dll
MOD - [2013.07.14 10:53:29 | 000,368,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\abb10610a31396b63a3cd6c4715b3780\PresentationFramework.Aero.ni.dll
MOD - [2013.07.14 10:53:28 | 014,344,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a1eea172ca028963d0f09cecfe7f8402\PresentationFramework.ni.dll
MOD - [2013.07.14 10:53:04 | 012,240,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\5688fe8c31c6dcefc0cd072867f4e980\PresentationCore.ni.dll
MOD - [2013.07.14 10:52:48 | 003,350,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\5b1df3dd80d30a88e2f843c8498c83b8\WindowsBase.ni.dll
MOD - [2013.07.14 10:52:44 | 007,988,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\1fe104e6fe551fea4435d29d219f19a7\System.ni.dll
MOD - [2013.07.14 10:52:06 | 011,500,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\d1ce70bf6cbab6ab838cbd8b50e902c1\mscorlib.ni.dll
MOD - [2013.05.15 03:04:36 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013.04.20 00:05:22 | 005,283,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2012.10.11 07:06:45 | 000,289,280 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2012.10.11 07:06:45 | 000,289,280 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2012.10.10 03:35:25 | 005,992,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
MOD - [2012.10.10 03:35:25 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
MOD - [2012.10.10 03:35:25 | 000,446,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
MOD - [2012.10.10 03:35:25 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll
MOD - [2012.09.14 00:04:12 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2012.09.14 00:03:49 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.07.06 04:01:14 | 000,385,024 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012.07.06 04:01:14 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012.07.06 04:01:07 | 000,249,856 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2012.07.06 04:01:00 | 000,569,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
MOD - [2012.07.06 04:01:00 | 000,507,904 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
MOD - [2012.06.25 16:16:48 | 005,446,056 | ---- | M] () -- C:\Programme\SRS Labs\SRS Audio Essentials\AudioEssentials.exe
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2013.07.11 10:22:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.07.03 13:03:29 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.05.04 06:57:04 | 000,371,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2013.05.04 06:56:05 | 000,143,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2013.04.08 23:51:05 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2013.03.02 10:23:17 | 000,114,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2013.03.02 10:23:15 | 000,117,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2013.02.14 04:14:02 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.01.10 01:26:37 | 001,532,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2013.01.10 01:26:01 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2013.01.09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Stopped] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013.01.09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.12.29 12:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.23 15:11:50 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.11.06 06:54:13 | 002,205,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.09.20 08:32:32 | 002,151,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2012.09.20 07:55:29 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2012.09.20 07:53:51 | 000,095,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2012.09.11 12:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Programme\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012.07.26 05:20:19 | 000,051,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2012.07.26 05:20:13 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2012.07.26 05:20:11 | 000,192,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2012.07.26 05:20:04 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2012.07.26 05:19:54 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2012.07.26 05:19:40 | 002,028,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2012.07.26 05:19:21 | 000,138,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2012.07.26 05:19:21 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2012.07.26 05:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2012.07.26 05:18:24 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2012.07.26 05:18:18 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2012.07.26 05:18:13 | 000,261,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2012.07.26 05:17:58 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2012.07.26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2012.06.25 16:16:26 | 000,013,232 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Programme\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe -- (SRSHDAudioService)
SRV - [2011.11.21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Programme\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - [2013.06.28 11:19:55 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.06.28 11:19:54 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.06.28 11:19:47 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.05.09 10:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\Drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013.05.04 07:20:57 | 000,362,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2013.05.04 07:20:54 | 000,238,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport)
DRV - [2013.05.04 07:20:54 | 000,180,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000)
DRV - [2013.03.02 11:54:25 | 000,121,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM)
DRV - [2013.03.02 11:06:16 | 000,057,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc)
DRV - [2013.03.02 10:52:49 | 000,268,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2013.03.02 10:52:47 | 000,066,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci)
DRV - [2013.02.02 09:31:49 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2013.01.29 02:02:46 | 000,029,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot)
DRV - [2013.01.29 01:07:34 | 000,193,936 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter)
DRV - [2013.01.10 03:07:00 | 000,024,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2012.12.29 12:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.11.27 05:53:14 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2012.11.20 06:56:58 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c)
DRV - [2012.11.06 05:52:56 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM)
DRV - [2012.10.12 09:12:33 | 000,023,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.10.11 07:45:31 | 000,050,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\dam.sys -- (dam)
DRV - [2012.10.11 07:28:23 | 000,046,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor)
DRV - [2012.10.11 06:40:26 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WSDScan.sys -- (WSDScan)
DRV - [2012.09.20 09:09:32 | 000,031,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2012.09.20 08:34:07 | 000,097,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2012.07.26 06:17:18 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv)
DRV - [2012.07.26 05:48:44 | 000,058,608 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex)
DRV - [2012.07.26 05:42:33 | 000,068,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2012.07.26 05:42:32 | 000,099,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2012.07.26 05:42:32 | 000,070,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2012.07.26 05:42:31 | 000,085,232 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware)
DRV - [2012.07.26 05:42:19 | 000,285,424 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2012.07.26 05:42:19 | 000,080,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2012.07.26 05:42:18 | 000,076,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor)
DRV - [2012.07.26 05:42:15 | 000,059,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis)
DRV - [2012.07.26 05:40:36 | 000,038,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2012.07.26 05:40:10 | 000,256,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS)
DRV - [2012.07.26 05:39:55 | 000,029,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt)
DRV - [2012.07.26 05:33:00 | 000,130,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus)
DRV - [2012.07.26 05:33:00 | 000,042,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt)
DRV - [2012.07.26 05:33:00 | 000,032,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc)
DRV - [2012.07.26 04:37:58 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2012.07.26 04:36:54 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2012.07.26 04:36:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2012.07.26 04:36:36 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo)
DRV - [2012.07.26 04:36:35 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender)
DRV - [2012.07.26 04:35:30 | 000,006,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap)
DRV - [2012.07.26 04:35:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2012.07.26 04:35:10 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic)
DRV - [2012.07.26 04:35:06 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime)
DRV - [2012.07.26 04:35:04 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter)
DRV - [2012.07.26 04:34:43 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr)
DRV - [2012.07.26 04:34:42 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2012.07.26 04:34:22 | 000,018,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2012.07.26 04:34:04 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2012.07.26 04:33:53 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx)
DRV - [2012.07.26 04:33:50 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx)
DRV - [2012.07.26 04:33:50 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\vwifimp.sys -- (vwifimp)
DRV - [2012.07.26 04:33:29 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012.07.26 04:33:16 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2012.07.26 04:32:54 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.07.26 04:32:53 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc)
DRV - [2012.07.26 04:32:02 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2012.07.26 04:31:11 | 000,110,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2012.07.26 04:30:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp)
DRV - [2012.07.26 04:30:39 | 000,084,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu)
DRV - [2012.06.21 17:04:52 | 000,407,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SRS_AE_i386.sys -- (SRS_AE_Service)
DRV - [2012.06.02 16:32:04 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2012.06.02 16:31:30 | 002,273,280 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\athr.sys -- (athr)
DRV - [2009.07.02 18:36:10 | 000,013,880 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Programme\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2009.05.13 10:06:48 | 000,014,392 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\ATKACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about blank"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.27 17:52:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2013.02.25 13:08:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.05.03 17:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.05.25 15:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\90vhslw0.default-1369489056204\extensions
[2013.05.25 15:38:19 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\90vhslw0.default-1369489056204\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.07.03 13:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.07.03 13:03:31 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2012.07.26 06:17:20 | 000,000,824 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SRSAENotifier] C:\Programme\SRS Labs\SRS Audio Essentials\AENotifier.exe (SRS Labs, Inc.)
O4 - HKCU..\Run: [Exetender_148] "C:\Program Files\FreeRide Games\GPlayer.exe" /schedule 300000 File not found
O4 - HKCU..\Run: [LightShot] C:\Users\***\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [SkyDrive] C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SRSHDAudioLab] C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095}  (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBF7F6B0-4688-4F9E-B8A5-5D4DD4E022D3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.12.08 20:12:58 | 000,000,000 | ---D | M] - D:\Autokauf -- [ NTFS ]
O32 - AutoRun File - [2012.12.08 21:21:36 | 000,000,000 | ---D | M] - E:\Autokauf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.14 12:32:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\wildtangent_de
[2013.07.14 12:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeRide Games
[2013.07.14 11:15:42 | 000,000,000 | ---D | C] -- C:\BigFishCache
[2013.07.14 11:15:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Big Fish
[2013.07.14 11:15:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2013.07.12 09:48:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\pdfforge
[2013.07.12 09:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.07.12 09:48:45 | 000,095,416 | ---- | C] (pdfforge GmbH) -- C:\WINDOWS\System32\pdfcmon.dll
[2013.07.12 09:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013.07.10 11:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013.07.06 08:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.07.03 13:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.07.03 09:57:57 | 000,000,000 | -H-D | C] -- C:\SkyDriveTemp
[2013.06.14 15:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.14 14:43:54 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.07.14 14:21:05 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.07.14 14:19:50 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.07.14 13:44:17 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.07.14 13:44:17 | 2576,416,768 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.14 13:27:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\update-S-1-5-21-4171136491-575053196-1707953686-1000.job
[2013.07.14 12:47:17 | 000,425,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.07.14 12:44:01 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\update-sys.job
[2013.07.12 16:28:10 | 000,753,134 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.07.12 16:28:10 | 000,710,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.07.12 16:28:10 | 000,155,826 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.07.12 16:28:10 | 000,132,614 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.07.12 09:40:01 | 000,043,823 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.07.11 17:47:57 | 000,000,442 | ---- | M] () -- C:\Users\***\AppData\Local\UserProducts.xml
[2013.06.28 11:19:55 | 000,175,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.06.28 11:19:55 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013.06.28 11:19:54 | 000,369,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013.06.28 11:19:54 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013.06.28 11:19:47 | 000,770,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013.06.28 11:19:47 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
 
========== Files Created - No Company Name ==========
 
[2013.07.14 14:43:54 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.07.14 12:47:06 | 000,425,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.07.12 09:40:01 | 000,043,823 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.07.11 10:36:56 | 000,001,535 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free YouTube to MP3 Converter.lnk
[2013.07.06 08:41:52 | 000,000,937 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zusammenarbeit im Betrieb (Herr Hagendorf).lnk
[2013.07.06 08:41:50 | 000,001,018 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rechtssicheres Handeln - Umweltrecht (Herr Dr. Hedermann).lnk
[2013.07.06 08:41:48 | 000,001,024 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IKP - Information, Kommunikation und Planung (Herr Rüßmann).lnk
[2013.07.06 08:41:46 | 000,000,957 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betriebswirtschaftliches Handeln (Herr Ziemer).lnk
[2013.06.28 11:19:58 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013.06.27 09:05:48 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013.06.27 09:05:47 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013.03.19 19:39:49 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.03.19 19:39:49 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013.01.13 15:57:01 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.12.23 11:59:56 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SAMSFPA.DAT
[2012.12.21 17:49:20 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\OEMLicense.dll
[2012.12.19 14:12:52 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\syndata.bin
[2012.12.11 18:52:13 | 000,000,442 | ---- | C] () -- C:\Users\***\AppData\Local\UserProducts.xml
[2012.12.10 19:34:33 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswnet.sys.sum
[2012.07.26 10:41:52 | 000,753,134 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2012.07.26 10:41:52 | 000,305,546 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2012.07.26 10:41:52 | 000,155,826 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2012.07.26 10:41:52 | 000,040,390 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2012.07.26 08:55:27 | 000,710,244 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2012.07.26 08:55:27 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012.07.26 08:55:27 | 000,132,614 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2012.07.26 08:55:27 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012.07.26 08:53:47 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012.07.26 08:53:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2012.07.26 08:03:55 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 03:20:38 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll
[2012.07.25 22:41:36 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 22:24:47 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin
[2012.07.14 04:00:46 | 000,043,882 | ---- | C] () -- C:\WINDOWS\System32\srms.dat
[2012.06.21 17:04:52 | 000,407,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\SRS_AE_i386.sys
[2012.06.02 22:25:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat
[2012.06.02 16:31:24 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009.04.28 07:35:21 | 000,000,000 | ---- | C] () -- C:\Users\***\ADSM_Backup.xml
[2009.04.22 07:55:23 | 000,001,074 | RH-- | C] () -- C:\Users\***\XrxWm.ini
[2009.04.22 07:55:23 | 000,000,522 | RH-- | C] () -- C:\Users\***\xw45cpdy.dyc
 
========== ZeroAccess Check ==========
 
[2013.07.14 12:07:03 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB10095$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4D5EYE9F\t.cxt.ms\lso.swf\u.sol
[2012.12.22 11:16:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012.07.26 05:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.12.26 13:14:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cities3D
[2012.12.26 10:56:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\driveridentifier
[2012.12.22 11:16:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Drivers For Free
[2013.07.10 11:12:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2013.07.10 11:14:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.28 11:37:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson
[2012.12.26 13:09:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeOrion
[2013.01.13 12:03:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Geek Uninstaller
[2013.07.14 11:15:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2013.01.13 12:10:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GlarySoft
[2013.07.12 17:27:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2013.01.10 20:19:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.12.24 13:23:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2013.02.25 13:11:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect
[2013.07.12 09:48:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.12.11 18:24:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spacejock Software
[2012.12.19 14:16:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synaptics
 
========== Purity Check ==========
 
 
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB10095$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
         
--- --- ---


Alt 14.07.2013, 19:32   #6
loewenherzl
 
Avast blockiert Datei (windows\system32\svchost.exe) - Standard

Avast blockiert Datei (windows\system32\svchost.exe)



GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-07-14 16:47:49
Windows 6.2.9200  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9250320AS rev.0303 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\uwldapow.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                ZwWriteVirtualMemory [0x9071176E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwVdmControl [0x8F42680E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                ZwUnloadDriver [0x9070FC42]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwTerminateThread [0x8F427CF6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                ZwTerminateProcess [0x907118EA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwSystemDebugControl [0x8F426556]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwSuspendThread [0x8F4281C8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwSuspendProcess [0x8F428066]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwShutdownSystem [0x8F42645C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwSetSystemPowerState [0x8F4264CE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwSetSystemInformation [0x8F4262F8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwSetContextThread [0x8F427D16]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwSetBootOptions [0x8F4267A8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwSetBootEntryOrder [0x8F426742]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwReplyWaitReceivePortEx [0x8F42922A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwReplyWaitReceivePort [0x8F42D8B4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwQueueApcThreadEx [0x8F428506]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwQueryObject [0x8F4287F8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                ZwProtectVirtualMemory [0x90711822]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwOpenTimer [0x8F4330DC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwOpenThread [0x8F42B26E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwOpenSemaphore [0x8F432EF6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwOpenSection [0x8F433036]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwOpenProcess [0x8F42AE78]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwOpenMutant [0x8F432EAC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwOpenIoCompletion [0x8F433122]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwOpenEventPair [0x8F432F86]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwOpenEvent [0x8F432F42]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwNotifyChangeMultipleKeys [0x8F42892C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwNotifyChangeKey [0x8F42B98C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwModifyBootEntry [0x8F4266DC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                ZwLoadDriver [0x9070FC12]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                ZwFreeVirtualMemory [0x907116C2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwDuplicateObject [0x8F42B596]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwDeleteBootEntry [0x8F426676]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwDebugActiveProcess [0x8F427E9C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwCreateTimer [0x8F4330B8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwCreateThreadEx [0x8F427800]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwCreateThread [0x8F4275E4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwCreateSemaphore [0x8F432ECE]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                ZwCreateSection [0x90711992]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwCreateMutant [0x8F432E86]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwCreateIoCompletion [0x8F4330FE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwCreateEventPair [0x8F432F64]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwCreateEvent [0x8F432F18]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwAssignProcessToJobObject [0x8F4270E6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwAlpcSendWaitReceivePort [0x8F429256]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                ZwAllocateVirtualMemory [0x907115FA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                ZwAddBootEntry [0x8F426610]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                ZwCreateProcessEx [0x9072AE00]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                ObMakeTemporaryObject

---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!ZwCallbackReturn + 16C                                                                                                                  81D404BC 12 Bytes  [56, 65, 42, 8F, C8, 81, 42, ...]
.text           ntoskrnl.exe!ZwCallbackReturn + 604                                                                                                                  81D40954 12 Bytes  [B8, 30, 43, 8F, 00, 78, 42, ...]
.text           ntoskrnl.exe!ZwReplacePartitionUnit + 2673                                                                                                           81DB6135 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 66A                                                                                                               81DBAA1A 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE            ntoskrnl.exe!SeOpenObjectAuditAlarmWithTransaction + 580                                                                                             81E9DA07 5 Bytes  JMP 907297CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ObMakeTemporaryObject                                                                                                                   81F8A62E 5 Bytes  JMP 90727C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ZwCreateProcessEx                                                                                                                       8201F0ED 7 Bytes  JMP 9072AE04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.edata          C:\WINDOWS\System32\DRIVERS\netbt.sys                                                                                                                unknown last section [0x8F4FB000, 0x3B6B, 0xC8000040]
?               C:\WINDOWS\System32\DRIVERS\netbt.sys                                                                                                                suspicious PE modification

---- User code sections - GMER 2.1 ----

.text           C:\WINDOWS\System32\svchost.exe[428] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                7670DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[452] kernel32.dll!GetBinaryTypeW + 6F                                                                                  7670DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\wininit.exe[540] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                7670DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[612] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                               7670DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[628] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                  7670DDE0 1 Byte  [62]
.text           ...                                                                                                                                                  
.text           C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1700] ntdll.dll!LdrUnloadDll                                               77E62029 5 Bytes  JMP 005603FC 
.text           C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1700] ntdll.dll!LdrLoadDll                                                 77E75D29 5 Bytes  JMP 005601F8 
.text           C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1700] USER32.dll!UnhookWindowsHookEx                                       761DA37A 5 Bytes  JMP 00580A08 
.text           C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1700] USER32.dll!SetWindowsHookExW                                         761DF223 5 Bytes  JMP 00580804 
.text           C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1700] USER32.dll!UnhookWinEvent                                            761DFE7F 5 Bytes  JMP 005803FC 
.text           C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1700] USER32.dll!SetWinEventHook                                           761E938E 5 Bytes  JMP 005801F8 
.text           C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1700] USER32.dll!SetWindowsHookExA                                         761F6F76 5 Bytes  JMP 00580600 
.text           C:\WINDOWS\System32\spoolsv.exe[1964] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                               7670DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\taskhostex.exe[1992] ntdll.dll!LdrUnloadDll                                                                                      77E62029 5 Bytes  JMP 008603FC 
.text           C:\WINDOWS\system32\taskhostex.exe[1992] ntdll.dll!LdrLoadDll                                                                                        77E75D29 5 Bytes  JMP 008601F8 
.text           C:\WINDOWS\system32\taskhostex.exe[1992] KERNEL32.dll!GetBinaryTypeW + 6F                                                                            7670DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\taskhostex.exe[1992] user32.dll!UnhookWindowsHookEx                                                                              761DA37A 5 Bytes  JMP 009B0A08 
.text           C:\WINDOWS\system32\taskhostex.exe[1992] user32.dll!SetWindowsHookExW                                                                                761DF223 5 Bytes  JMP 009B0804 
.text           C:\WINDOWS\system32\taskhostex.exe[1992] user32.dll!UnhookWinEvent                                                                                   761DFE7F 5 Bytes  JMP 009B03FC 
.text           C:\WINDOWS\system32\taskhostex.exe[1992] user32.dll!SetWinEventHook                                                                                  761E938E 5 Bytes  JMP 009B01F8 
.text           C:\WINDOWS\system32\taskhostex.exe[1992] user32.dll!SetWindowsHookExA                                                                                761F6F76 5 Bytes  JMP 009B0600 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2100] ntdll.dll!LdrUnloadDll                                                                  77E62029 5 Bytes  JMP 00C603FC 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2100] ntdll.dll!LdrLoadDll                                                                    77E75D29 5 Bytes  JMP 00C601F8 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2100] KERNEL32.dll!GetBinaryTypeW + 6F                                                        7670DDE0 1 Byte  [62]
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2100] USER32.dll!UnhookWindowsHookEx                                                          761DA37A 5 Bytes  JMP 00DA0A08 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2100] USER32.dll!SetWindowsHookExW                                                            761DF223 5 Bytes  JMP 00DA0804 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2100] USER32.dll!UnhookWinEvent                                                               761DFE7F 5 Bytes  JMP 00DA03FC 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2100] USER32.dll!SetWinEventHook                                                              761E938E 5 Bytes  JMP 00DA01F8 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2100] USER32.dll!SetWindowsHookExA                                                            761F6F76 5 Bytes  JMP 00DA0600 
.text           C:\WINDOWS\system32\svchost.exe[2120] ntdll.dll!LdrUnloadDll                                                                                         77E62029 5 Bytes  JMP 00EC03FC 
.text           C:\WINDOWS\system32\svchost.exe[2120] ntdll.dll!LdrLoadDll                                                                                           77E75D29 5 Bytes  JMP 00EC01F8 
.text           C:\WINDOWS\system32\svchost.exe[2120] USER32.dll!UnhookWindowsHookEx                                                                                 761DA37A 5 Bytes  JMP 00EF0A08 
.text           C:\WINDOWS\system32\svchost.exe[2120] USER32.dll!SetWindowsHookExW                                                                                   761DF223 5 Bytes  JMP 00EF0804 
.text           C:\WINDOWS\system32\svchost.exe[2120] USER32.dll!UnhookWinEvent                                                                                      761DFE7F 5 Bytes  JMP 00EF03FC 
.text           C:\WINDOWS\system32\svchost.exe[2120] USER32.dll!SetWinEventHook                                                                                     761E938E 5 Bytes  JMP 00EF01F8 
.text           C:\WINDOWS\system32\svchost.exe[2120] USER32.dll!SetWindowsHookExA                                                                                   761F6F76 5 Bytes  JMP 00EF0600 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2384] ntdll.dll!LdrUnloadDll                                                                        77E62029 5 Bytes  JMP 002003FC 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2384] ntdll.dll!LdrLoadDll                                                                          77E75D29 5 Bytes  JMP 002001F8 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2384] USER32.dll!UnhookWindowsHookEx                                                                761DA37A 5 Bytes  JMP 00210A08 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2384] USER32.dll!SetWindowsHookExW                                                                  761DF223 5 Bytes  JMP 00210804 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2384] USER32.dll!UnhookWinEvent                                                                     761DFE7F 5 Bytes  JMP 002103FC 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2384] USER32.dll!SetWinEventHook                                                                    761E938E 5 Bytes  JMP 002101F8 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2384] USER32.dll!SetWindowsHookExA                                                                  761F6F76 5 Bytes  JMP 00210600 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2532] ntdll.dll!LdrUnloadDll                                                                77E62029 5 Bytes  JMP 00BA03FC 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2532] ntdll.dll!LdrLoadDll                                                                  77E75D29 5 Bytes  JMP 00BA01F8 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2532] KERNEL32.dll!GetBinaryTypeW + 6F                                                      7670DDE0 1 Byte  [62]
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2532] USER32.dll!UnhookWindowsHookEx                                                        761DA37A 5 Bytes  JMP 00BC0A08 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2532] USER32.dll!SetWindowsHookExW                                                          761DF223 5 Bytes  JMP 00BC0804 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2532] USER32.dll!UnhookWinEvent                                                             761DFE7F 5 Bytes  JMP 00BC03FC 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2532] USER32.dll!SetWinEventHook                                                            761E938E 5 Bytes  JMP 00BC01F8 
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2532] USER32.dll!SetWindowsHookExA                                                          761F6F76 5 Bytes  JMP 00BC0600 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2688] ntdll.dll!LdrUnloadDll                                                      77E62029 5 Bytes  JMP 009B03FC 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2688] ntdll.dll!LdrLoadDll                                                        77E75D29 5 Bytes  JMP 009B01F8 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2688] KERNEL32.dll!GetBinaryTypeW + 6F                                            7670DDE0 1 Byte  [62]
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2688] USER32.dll!UnhookWindowsHookEx                                              761DA37A 5 Bytes  JMP 00B60A08 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2688] USER32.dll!SetWindowsHookExW                                                761DF223 5 Bytes  JMP 00B60804 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2688] USER32.dll!UnhookWinEvent                                                   761DFE7F 5 Bytes  JMP 00B603FC 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2688] USER32.dll!SetWinEventHook                                                  761E938E 5 Bytes  JMP 00B601F8 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2688] USER32.dll!SetWindowsHookExA                                                761F6F76 5 Bytes  JMP 00B60600 
.text           C:\WINDOWS\system32\svchost.exe[3224] ntdll.dll!LdrUnloadDll                                                                                         77E62029 5 Bytes  JMP 00C503FC 
.text           C:\WINDOWS\system32\svchost.exe[3224] ntdll.dll!LdrLoadDll                                                                                           77E75D29 5 Bytes  JMP 00C501F8 
.text           C:\WINDOWS\system32\svchost.exe[3224] user32.dll!UnhookWindowsHookEx                                                                                 761DA37A 5 Bytes  JMP 00C70A08 
.text           C:\WINDOWS\system32\svchost.exe[3224] user32.dll!SetWindowsHookExW                                                                                   761DF223 5 Bytes  JMP 00C70804 
.text           C:\WINDOWS\system32\svchost.exe[3224] user32.dll!UnhookWinEvent                                                                                      761DFE7F 5 Bytes  JMP 00C703FC 
.text           C:\WINDOWS\system32\svchost.exe[3224] user32.dll!SetWinEventHook                                                                                     761E938E 5 Bytes  JMP 00C701F8 
.text           C:\WINDOWS\system32\svchost.exe[3224] user32.dll!SetWindowsHookExA                                                                                   761F6F76 5 Bytes  JMP 00C70600 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[3356] ntdll.dll!LdrUnloadDll                                                           77E62029 5 Bytes  JMP 00B503FC 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[3356] ntdll.dll!LdrLoadDll                                                             77E75D29 5 Bytes  JMP 00B501F8 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[3356] KERNEL32.dll!GetBinaryTypeW + 6F                                                 7670DDE0 1 Byte  [62]
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[3356] USER32.dll!UnhookWindowsHookEx                                                   761DA37A 5 Bytes  JMP 00B70A08 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[3356] USER32.dll!SetWindowsHookExW                                                     761DF223 5 Bytes  JMP 00B70804 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[3356] USER32.dll!UnhookWinEvent                                                        761DFE7F 5 Bytes  JMP 00B703FC 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[3356] USER32.dll!SetWinEventHook                                                       761E938E 5 Bytes  JMP 00B701F8 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[3356] USER32.dll!SetWindowsHookExA                                                     761F6F76 5 Bytes  JMP 00B70600 
.text           C:\WINDOWS\system32\nvvsvc.exe[3380] ntdll.dll!LdrUnloadDll                                                                                          77E62029 5 Bytes  JMP 00E103FC 
.text           C:\WINDOWS\system32\nvvsvc.exe[3380] ntdll.dll!LdrLoadDll                                                                                            77E75D29 5 Bytes  JMP 00E101F8 
.text           C:\WINDOWS\system32\nvvsvc.exe[3380] USER32.dll!UnhookWindowsHookEx                                                                                  761DA37A 5 Bytes  JMP 00E40A08 
.text           C:\WINDOWS\system32\nvvsvc.exe[3380] USER32.dll!SetWindowsHookExW                                                                                    761DF223 5 Bytes  JMP 00E40804 
.text           C:\WINDOWS\system32\nvvsvc.exe[3380] USER32.dll!UnhookWinEvent                                                                                       761DFE7F 5 Bytes  JMP 00E403FC 
.text           C:\WINDOWS\system32\nvvsvc.exe[3380] USER32.dll!SetWinEventHook                                                                                      761E938E 5 Bytes  JMP 00E401F8 
.text           C:\WINDOWS\system32\nvvsvc.exe[3380] USER32.dll!SetWindowsHookExA                                                                                    761F6F76 5 Bytes  JMP 00E40600 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3448] ntdll.dll!LdrUnloadDll                                                                           77E62029 5 Bytes  JMP 001803FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3448] ntdll.dll!LdrLoadDll                                                                             77E75D29 5 Bytes  JMP 001801F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3448] USER32.dll!UnhookWindowsHookEx                                                                   761DA37A 5 Bytes  JMP 001A0A08 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3448] USER32.dll!SetWindowsHookExW                                                                     761DF223 5 Bytes  JMP 001A0804 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3448] USER32.dll!UnhookWinEvent                                                                        761DFE7F 5 Bytes  JMP 001A03FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3448] USER32.dll!SetWinEventHook                                                                       761E938E 5 Bytes  JMP 001A01F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3448] USER32.dll!SetWindowsHookExA                                                                     761F6F76 5 Bytes  JMP 001A0600 
.text           C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3580] ntdll.dll!LdrUnloadDll                                                                  77E62029 5 Bytes  JMP 002103FC 
.text           C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3580] ntdll.dll!LdrLoadDll                                                                    77E75D29 5 Bytes  JMP 002101F8 
.text           C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3580] KERNEL32.dll!GetBinaryTypeW + 6F                                                        7670DDE0 1 Byte  [62]
.text           C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3580] USER32.dll!UnhookWindowsHookEx                                                          761DA37A 5 Bytes  JMP 00230A08 
.text           C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3580] USER32.dll!SetWindowsHookExW                                                            761DF223 5 Bytes  JMP 00230804 
.text           C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3580] USER32.dll!UnhookWinEvent                                                               761DFE7F 5 Bytes  JMP 002303FC 
.text           C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3580] USER32.dll!SetWinEventHook                                                              761E938E 5 Bytes  JMP 002301F8 
.text           C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3580] USER32.dll!SetWindowsHookExA                                                            761F6F76 5 Bytes  JMP 00230600 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[3616] ntdll.dll!LdrUnloadDll                                                              77E62029 5 Bytes  JMP 001803FC 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[3616] ntdll.dll!LdrLoadDll                                                                77E75D29 5 Bytes  JMP 001801F8 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[3616] KERNEL32.dll!GetBinaryTypeW + 6F                                                    7670DDE0 1 Byte  [62]
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[3616] USER32.dll!UnhookWindowsHookEx                                                      761DA37A 5 Bytes  JMP 00320A08 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[3616] USER32.dll!SetWindowsHookExW                                                        761DF223 5 Bytes  JMP 00320804 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[3616] USER32.dll!UnhookWinEvent                                                           761DFE7F 5 Bytes  JMP 003203FC 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[3616] USER32.dll!SetWinEventHook                                                          761E938E 5 Bytes  JMP 003201F8 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[3616] USER32.dll!SetWindowsHookExA                                                        761F6F76 5 Bytes  JMP 00320600 
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3712] ntdll.dll!LdrUnloadDll                              77E62029 5 Bytes  JMP 009503FC 
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3712] ntdll.dll!LdrLoadDll                                77E75D29 5 Bytes  JMP 009501F8 
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3712] USER32.dll!UnhookWindowsHookEx                      761DA37A 5 Bytes  JMP 00970A08 
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3712] USER32.dll!SetWindowsHookExW                        761DF223 5 Bytes  JMP 00970804 
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3712] USER32.dll!UnhookWinEvent                           761DFE7F 5 Bytes  JMP 009703FC 
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3712] USER32.dll!SetWinEventHook                          761E938E 5 Bytes  JMP 009701F8 
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3712] USER32.dll!SetWindowsHookExA                        761F6F76 5 Bytes  JMP 00970600 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] ntdll.dll!LdrUnloadDll                                                              77E62029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] ntdll.dll!LdrLoadDll                                                                77E75D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] USER32.dll!UnhookWindowsHookEx                                                      761DA37A 5 Bytes  JMP 00230A08 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] USER32.dll!SetWindowsHookExW                                                        761DF223 5 Bytes  JMP 00230804 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] USER32.dll!UnhookWinEvent                                                           761DFE7F 5 Bytes  JMP 002303FC 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] USER32.dll!SetWinEventHook                                                          761E938E 5 Bytes  JMP 002301F8 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3764] USER32.dll!SetWindowsHookExA                                                        761F6F76 5 Bytes  JMP 00230600 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3844] ntdll.dll!LdrUnloadDll                                                                                   77E62029 5 Bytes  JMP 006903FC 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3844] ntdll.dll!LdrLoadDll                                                                                     77E75D29 5 Bytes  JMP 006901F8 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3844] KERNEL32.dll!GetBinaryTypeW + 6F                                                                         7670DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\SearchIndexer.exe[3844] USER32.dll!UnhookWindowsHookEx                                                                           761DA37A 5 Bytes  JMP 006C0A08 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3844] USER32.dll!SetWindowsHookExW                                                                             761DF223 5 Bytes  JMP 006C0804 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3844] USER32.dll!UnhookWinEvent                                                                                761DFE7F 5 Bytes  JMP 006C03FC 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3844] USER32.dll!SetWinEventHook                                                                               761E938E 5 Bytes  JMP 006C01F8 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3844] USER32.dll!SetWindowsHookExA                                                                             761F6F76 5 Bytes  JMP 006C0600 
.text           C:\WINDOWS\Explorer.EXE[3856] ntdll.dll!LdrUnloadDll                                                                                                 77E62029 5 Bytes  JMP 009203FC 
.text           C:\WINDOWS\Explorer.EXE[3856] ntdll.dll!LdrLoadDll                                                                                                   77E75D29 5 Bytes  JMP 009201F8 
.text           C:\WINDOWS\Explorer.EXE[3856] KERNEL32.dll!GetBinaryTypeW + 6F                                                                                       7670DDE0 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[3856] USER32.dll!UnhookWindowsHookEx                                                                                         761DA37A 5 Bytes  JMP 00950A08 
.text           C:\WINDOWS\Explorer.EXE[3856] USER32.dll!SetWindowsHookExW                                                                                           761DF223 5 Bytes  JMP 00950804 
.text           C:\WINDOWS\Explorer.EXE[3856] USER32.dll!UnhookWinEvent                                                                                              761DFE7F 5 Bytes  JMP 009503FC 
.text           C:\WINDOWS\Explorer.EXE[3856] USER32.dll!SetWinEventHook                                                                                             761E938E 5 Bytes  JMP 009501F8 
.text           C:\WINDOWS\Explorer.EXE[3856] USER32.dll!SetWindowsHookExA                                                                                           761F6F76 5 Bytes  JMP 00950600 
.text           C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4052] ntdll.dll!LdrUnloadDll                                                                 77E62029 5 Bytes  JMP 000103FC 
.text           C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4052] ntdll.dll!LdrLoadDll                                                                   77E75D29 5 Bytes  JMP 000101F8 
.text           C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4052] KERNEL32.dll!GetBinaryTypeW + 6F                                                       7670DDE0 1 Byte  [62]
.text           C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4052] USER32.dll!UnhookWindowsHookEx                                                         761DA37A 5 Bytes  JMP 00220A08 
.text           C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4052] USER32.dll!SetWindowsHookExW                                                           761DF223 5 Bytes  JMP 00220804 
.text           C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4052] USER32.dll!UnhookWinEvent                                                              761DFE7F 5 Bytes  JMP 002203FC 
.text           C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4052] USER32.dll!SetWinEventHook                                                             761E938E 5 Bytes  JMP 002201F8 
.text           C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4052] USER32.dll!SetWindowsHookExA                                                           761F6F76 5 Bytes  JMP 00220600 
.text           C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4136] ntdll.dll!LdrUnloadDll                                                           77E62029 5 Bytes  JMP 005A03FC 
.text           C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4136] ntdll.dll!LdrLoadDll                                                             77E75D29 5 Bytes  JMP 005A01F8 
.text           C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4136] KERNEL32.dll!GetBinaryTypeW + 6F                                                 7670DDE0 1 Byte  [62]
.text           C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4136] USER32.dll!UnhookWindowsHookEx                                                   761DA37A 5 Bytes  JMP 005B0A08 
.text           C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4136] USER32.dll!SetWindowsHookExW                                                     761DF223 5 Bytes  JMP 005B0804 
.text           C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4136] USER32.dll!UnhookWinEvent                                                        761DFE7F 5 Bytes  JMP 005B03FC 
.text           C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4136] USER32.dll!SetWinEventHook                                                       761E938E 5 Bytes  JMP 005B01F8 
.text           C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4136] USER32.dll!SetWindowsHookExA                                                     761F6F76 5 Bytes  JMP 005B0600 
.text           C:\WINDOWS\System32\svchost.exe[4376] ntdll.dll!LdrUnloadDll                                                                                         77E62029 5 Bytes  JMP 010A03FC 
.text           C:\WINDOWS\System32\svchost.exe[4376] ntdll.dll!LdrLoadDll                                                                                           77E75D29 5 Bytes  JMP 010A01F8 
.text           C:\WINDOWS\System32\svchost.exe[4376] USER32.dll!GetCursorPos                                                                                        761DA346 5 Bytes  JMP 01A3000A 
.text           C:\WINDOWS\System32\svchost.exe[4376] USER32.dll!UnhookWindowsHookEx                                                                                 761DA37A 5 Bytes  JMP 010D0A08 
.text           C:\WINDOWS\System32\svchost.exe[4376] USER32.dll!SetWindowsHookExW                                                                                   761DF223 5 Bytes  JMP 010D0804 
.text           C:\WINDOWS\System32\svchost.exe[4376] USER32.dll!UnhookWinEvent                                                                                      761DFE7F 5 Bytes  JMP 010D03FC 
.text           C:\WINDOWS\System32\svchost.exe[4376] USER32.dll!SetWinEventHook                                                                                     761E938E 5 Bytes  JMP 010D01F8 
.text           C:\WINDOWS\System32\svchost.exe[4376] USER32.dll!SetWindowsHookExA                                                                                   761F6F76 5 Bytes  JMP 010D0600 
.text           C:\WINDOWS\System32\svchost.exe[4376] USER32.dll!DialogBoxIndirectParamAorW                                                                          761FC14B 5 Bytes  JMP 01A4000A 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4400] ntdll.dll!LdrUnloadDll          77E62029 5 Bytes  JMP 009003FC 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4400] ntdll.dll!LdrLoadDll            77E75D29 5 Bytes  JMP 009001F8 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4400] USER32.dll!UnhookWindowsHookEx  761DA37A 5 Bytes  JMP 009C0A08 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4400] USER32.dll!SetWindowsHookExW    761DF223 5 Bytes  JMP 009C0804 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4400] USER32.dll!UnhookWinEvent       761DFE7F 5 Bytes  JMP 009C03FC 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4400] USER32.dll!SetWinEventHook      761E938E 5 Bytes  JMP 009C01F8 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4400] USER32.dll!SetWindowsHookExA    761F6F76 5 Bytes  JMP 009C0600 
.text           C:\WINDOWS\System32\WinLogon.exe[4496] ntdll.dll!LdrUnloadDll                                                                                        77E62029 5 Bytes  JMP 00A803FC 
.text           C:\WINDOWS\System32\WinLogon.exe[4496] ntdll.dll!LdrLoadDll                                                                                          77E75D29 5 Bytes  JMP 00A801F8 
.text           C:\WINDOWS\System32\WinLogon.exe[4496] KERNEL32.dll!GetBinaryTypeW + 6F                                                                              7670DDE0 1 Byte  [62]
.text           C:\WINDOWS\System32\WinLogon.exe[4496] USER32.dll!UnhookWindowsHookEx                                                                                761DA37A 5 Bytes  JMP 00B10A08 
.text           C:\WINDOWS\System32\WinLogon.exe[4496] USER32.dll!SetWindowsHookExW                                                                                  761DF223 5 Bytes  JMP 00B10804 
.text           C:\WINDOWS\System32\WinLogon.exe[4496] USER32.dll!UnhookWinEvent                                                                                     761DFE7F 5 Bytes  JMP 00B103FC 
.text           C:\WINDOWS\System32\WinLogon.exe[4496] USER32.dll!SetWinEventHook                                                                                    761E938E 5 Bytes  JMP 00B101F8 
.text           C:\WINDOWS\System32\WinLogon.exe[4496] USER32.dll!SetWindowsHookExA                                                                                  761F6F76 5 Bytes  JMP 00B10600 
.text           C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4552] ntdll.dll!LdrUnloadDll                                                                  77E62029 5 Bytes  JMP 00E203FC 
.text           C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4552] ntdll.dll!LdrLoadDll                                                                    77E75D29 5 Bytes  JMP 00E201F8 
.text           C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4552] USER32.dll!UnhookWindowsHookEx                                                          761DA37A 5 Bytes  JMP 00F50A08 
.text           C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4552] USER32.dll!SetWindowsHookExW                                                            761DF223 5 Bytes  JMP 00F50804 
.text           C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4552] USER32.dll!UnhookWinEvent                                                               761DFE7F 5 Bytes  JMP 00F503FC 
.text           C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4552] USER32.dll!SetWinEventHook                                                              761E938E 5 Bytes  JMP 00F501F8 
.text           C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[4552] USER32.dll!SetWindowsHookExA                                                            761F6F76 5 Bytes  JMP 00F50600 
.text           C:\WINDOWS\system32\csrss.exe[4700] kernel32.dll!GetBinaryTypeW + 6F                                                                                 7670DDE0 1 Byte  [62]
.text           C:\WINDOWS\System32\dwm.exe[4748] ntdll.dll!LdrUnloadDll                                                                                             77E62029 5 Bytes  JMP 005F03FC 
.text           C:\WINDOWS\System32\dwm.exe[4748] ntdll.dll!LdrLoadDll                                                                                               77E75D29 5 Bytes  JMP 005F01F8 
.text           C:\WINDOWS\System32\dwm.exe[4748] KERNEL32.dll!GetBinaryTypeW + 6F                                                                                   7670DDE0 1 Byte  [62]
.text           C:\WINDOWS\System32\dwm.exe[4748] USER32.dll!UnhookWindowsHookEx                                                                                     761DA37A 5 Bytes  JMP 00610A08 
.text           C:\WINDOWS\System32\dwm.exe[4748] USER32.dll!SetWindowsHookExW                                                                                       761DF223 5 Bytes  JMP 00610804 
.text           C:\WINDOWS\System32\dwm.exe[4748] USER32.dll!UnhookWinEvent                                                                                          761DFE7F 5 Bytes  JMP 006103FC 
.text           C:\WINDOWS\System32\dwm.exe[4748] USER32.dll!SetWinEventHook                                                                                         761E938E 5 Bytes  JMP 006101F8 
.text           C:\WINDOWS\System32\dwm.exe[4748] USER32.dll!SetWindowsHookExA                                                                                       761F6F76 5 Bytes  JMP 00610600 
.text           C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4772] ntdll.dll!LdrUnloadDll                                                                   77E62029 5 Bytes  JMP 001803FC 
.text           C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4772] ntdll.dll!LdrLoadDll                                                                     77E75D29 5 Bytes  JMP 001801F8 
.text           C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4772] KERNEL32.dll!GetBinaryTypeW + 6F                                                         7670DDE0 1 Byte  [62]
.text           C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4772] USER32.dll!UnhookWindowsHookEx                                                           761DA37A 5 Bytes  JMP 001B0A08 
.text           C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4772] USER32.dll!SetWindowsHookExW                                                             761DF223 5 Bytes  JMP 001B0804 
.text           C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4772] USER32.dll!UnhookWinEvent                                                                761DFE7F 5 Bytes  JMP 001B03FC 
.text           C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4772] USER32.dll!SetWinEventHook                                                               761E938E 5 Bytes  JMP 001B01F8 
.text           C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[4772] USER32.dll!SetWindowsHookExA                                                             761F6F76 5 Bytes  JMP 001B0600 
.text           C:\Windows\System32\RuntimeBroker.exe[5144] ntdll.dll!LdrUnloadDll                                                                                   77E62029 5 Bytes  JMP 00A803FC 
.text           C:\Windows\System32\RuntimeBroker.exe[5144] ntdll.dll!LdrLoadDll                                                                                     77E75D29 5 Bytes  JMP 00A801F8 
.text           C:\Windows\System32\RuntimeBroker.exe[5144] KERNEL32.dll!GetBinaryTypeW + 6F                                                                         7670DDE0 1 Byte  [62]
.text           C:\Windows\System32\RuntimeBroker.exe[5144] USER32.dll!UnhookWindowsHookEx                                                                           761DA37A 5 Bytes  JMP 00AA0A08 
.text           C:\Windows\System32\RuntimeBroker.exe[5144] USER32.dll!SetWindowsHookExW                                                                             761DF223 5 Bytes  JMP 00AA0804 
.text           C:\Windows\System32\RuntimeBroker.exe[5144] USER32.dll!UnhookWinEvent                                                                                761DFE7F 5 Bytes  JMP 00AA03FC 
.text           C:\Windows\System32\RuntimeBroker.exe[5144] USER32.dll!SetWinEventHook                                                                               761E938E 3 Bytes  JMP 00AA01F8 
.text           C:\Windows\System32\RuntimeBroker.exe[5144] USER32.dll!SetWinEventHook + 4                                                                           761E9392 1 Byte  [8A]
.text           C:\Windows\System32\RuntimeBroker.exe[5144] USER32.dll!SetWindowsHookExA                                                                             761F6F76 5 Bytes  JMP 00AA0600 
.text           C:\Users\***\Downloads\gmer_2.1.19163.exe[5560] ntdll.dll!LdrUnloadDll                                                                            77E62029 5 Bytes  JMP 001803FC 
.text           C:\Users\***\Downloads\gmer_2.1.19163.exe[5560] ntdll.dll!LdrLoadDll                                                                              77E75D29 5 Bytes  JMP 001801F8 
.text           C:\Users\***\Downloads\gmer_2.1.19163.exe[5560] KERNEL32.dll!GetBinaryTypeW + 6F                                                                  7670DDE0 1 Byte  [62]
.text           C:\Users\***\Downloads\gmer_2.1.19163.exe[5560] USER32.dll!UnhookWindowsHookEx                                                                    761DA37A 5 Bytes  JMP 001B0A08 
.text           C:\Users\***\Downloads\gmer_2.1.19163.exe[5560] USER32.dll!SetWindowsHookExW                                                                      761DF223 5 Bytes  JMP 001B0804 
.text           C:\Users\***\Downloads\gmer_2.1.19163.exe[5560] USER32.dll!UnhookWinEvent                                                                         761DFE7F 5 Bytes  JMP 001B03FC 
.text           C:\Users\***\Downloads\gmer_2.1.19163.exe[5560] USER32.dll!SetWinEventHook                                                                        761E938E 5 Bytes  JMP 001B01F8 
.text           C:\Users\***\Downloads\gmer_2.1.19163.exe[5560] USER32.dll!SetWindowsHookExA                                                                      761F6F76 5 Bytes  JMP 001B0600 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[5708] ntdll.dll!LdrUnloadDll                                                               77E62029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[5708] ntdll.dll!LdrLoadDll                                                                 77E75D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[5708] KERNEL32.dll!GetBinaryTypeW + 6F                                                     7670DDE0 1 Byte  [62]
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[5708] USER32.dll!UnhookWindowsHookEx                                                       761DA37A 5 Bytes  JMP 00320A08 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[5708] USER32.dll!SetWindowsHookExW                                                         761DF223 5 Bytes  JMP 00320804 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[5708] USER32.dll!UnhookWinEvent                                                            761DFE7F 5 Bytes  JMP 003203FC 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[5708] USER32.dll!SetWinEventHook                                                           761E938E 5 Bytes  JMP 003201F8 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[5708] USER32.dll!SetWindowsHookExA                                                         761F6F76 5 Bytes  JMP 00320600 

---- Devices - GMER 2.1 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                               aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                              aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                              aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Trace I/O - GMER 2.1 ----

Trace           ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85ec2698]<<                                                                                          85ec2698
Trace           1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x85c76518]                                                                                              85c76518
Trace           3 CLASSPNP.SYS[8b12a300] -> nt!IofCallDriver -> [0x86299028]                                                                                         86299028
Trace           \Driver\00000870[0x861215b0] -> IRP_MJ_CREATE -> 0x85ec2698                                                                                          85ec2698

---- Processes - GMER 2.1 ----

Process         C:\WINDOWS\System32\svchost.exe (*** hidden *** )                                                                                                    4376                                                                                                                                                 

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                    1230100402
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{E2BC2B90-0F7E-11DE-A5D3-806E6F6E6963}                               8427099848

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk1\DR1                                                                                                                                unknown MBR code

---- Files - GMER 2.1 ----

File            C:\avast! sandbox                                                                                                                                    0 bytes
File            C:\avast! sandbox\S-1-5-21-4171136491-575053196-1707953686-1000                                                                                      0 bytes
File            C:\avast! sandbox\S-1-5-21-4171136491-575053196-1707953686-1000\sfzone                                                                               0 bytes
File            C:\avast! sandbox\S-1-5-21-4171136491-575053196-1707953686-1000\sfzone\C                                                                             0 bytes
File            C:\avast! sandbox\S-1-5-21-4171136491-575053196-1707953686-1000\sfzone\snx_fs.dat                                                                    180 bytes
File            C:\avast! sandbox\snx_rhive                                                                                                                          262144 bytes
File            C:\avast! sandbox\snx_rhive.LOG1                                                                                                                     16384 bytes
File            C:\avast! sandbox\snx_rhive.LOG2                                                                                                                     0 bytes
File            C:\avast! sandbox\snx_rhive{b8ea36b0-c204-11e1-b375-00248c645453}.TM.blf                                                                             65536 bytes
File            C:\avast! sandbox\snx_rhive{b8ea36b0-c204-11e1-b375-00248c645453}.TMContainer00000000000000000001.regtrans-ms                                        524288 bytes
File            C:\avast! sandbox\snx_rhive{b8ea36b0-c204-11e1-b375-00248c645453}.TMContainer00000000000000000002.regtrans-ms                                        524288 bytes
File            C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui                                                                                             57424 bytes executable
File            C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui                                                                                              40528 bytes executable
File            C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui                                                                                              109136 bytes executable
File            C:\Windows\$NtUninstallKB10095$\207039288                                                                                                            0 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\@                                                                                                          2048 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\Desktop.ini                                                                                                4608 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\L                                                                                                          0 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\L\00000004.@                                                                                               804 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\L\201d3dde                                                                                                 59 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\L\6715e287                                                                                                 98 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\L\76603ac3                                                                                                 2416 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\L\kzoosnvr                                                                                                 254464 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\U                                                                                                          0 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\U\00000004.@                                                                                               2048 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\U\00000008.@                                                                                               1024 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\U\000000cb.@                                                                                               1632 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\U\80000000.@                                                                                               11776 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\U\80000032.@                                                                                               91648 bytes
File            C:\Windows\$NtUninstallKB10095$\3920239710                                                                                                           0 bytes

---- EOF - GMER 2.1 ----
         
--- --- ---

Alt 14.07.2013, 19:39   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast blockiert Datei (windows\system32\svchost.exe) - Standard

Avast blockiert Datei (windows\system32\svchost.exe)



Code:
ATTFilter
File            C:\Windows\$NtUninstallKB10095$\207039288                                                                                                            0 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\@                                                                                                          2048 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\Desktop.ini                                                                                                4608 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\L                                                                                                          0 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\L\00000004.@                                                                                               804 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\L\201d3dde                                                                                                 59 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\L\6715e287                                                                                                 98 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\L\76603ac3                                                                                                 2416 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\L\kzoosnvr                                                                                                 254464 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\U                                                                                                          0 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\U\00000004.@                                                                                               2048 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\U\00000008.@                                                                                               1024 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\U\000000cb.@                                                                                               1632 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\U\80000000.@                                                                                               11776 bytes
File            C:\Windows\$NtUninstallKB10095$\207039288\U\80000032.@                                                                                               91648 bytes
File            C:\Windows\$NtUninstallKB10095$\3920239710
         

ZeroAccess!

Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
  • Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.
  • Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.
  • Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, dass sie sich praktisch "jeder" ansehen konnte.

Teile mir also mit, wie du dich entschieden hast.
__________________
Logs bitte immer in CODE-Tags posten

Alt 14.07.2013, 20:42   #8
loewenherzl
 
Avast blockiert Datei (windows\system32\svchost.exe) - Standard

Avast blockiert Datei (windows\system32\svchost.exe)



Sorry wenn ich das sage ... ach Du scheiße ...

Auf meinem Computer habe ich keine sensiblen Daten, da ich keinerlei Passwörter oder sonst was irgendwo speichere. Onlinebanking mache ich mit einem TAN-Generator, da habe ich keine Papierliste (schon seit ein paar Jahren).

Wie groß sind denn die Chancen, dass der Rechner wieder 100% bereinigt wird ohne Neuinstallation? Auf meinem Rechner arbeite ich sehr viel, da ich mich in einer Meisterausbildung befinde brauche ich den nahezu täglich und so schnell wie möglich. Aber eine Neuinstallation, da habe ich nicht wirklich Lust und Zeit zu. Wie schaut es mit den Daten in meiner Cloud (SkyDrive) aus, sind die gefährdet oder kann ich dort ohne Probleme meine Daten weiterhin speichern? Zur Sicherung.

Was muss ich ohne Neuinstallation machen? Denke das ist mir der liebste Weg, vorausgesetzt ich habe eine Chance, dass es sicher weiter geht. Wo kommt dieser Schädling denn her? Ich war doch nirgends zudem ist mein Rechner so aktuell wie möglich und wird immer auf dem neusten Stand (Updatemäßig) gehalten.

EDIT:
hatte mich schon gewundert, warum der Rechner seit ein paar Tagen so langsam war und die Leistungskurve im Taskmanager sehr hoch ging. Kann das ein Indiz dafür sein, dass es den Virus schon etwas länger auf dem Rechner gibt und gar nichts mit der heutigen Aktion zu tun hat?

Geändert von loewenherzl (14.07.2013 um 20:48 Uhr)

Alt 14.07.2013, 20:46   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast blockiert Datei (windows\system32\svchost.exe) - Standard

Avast blockiert Datei (windows\system32\svchost.exe)



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Logs bitte immer in CODE-Tags posten

Alt 14.07.2013, 21:01   #10
loewenherzl
 
Avast blockiert Datei (windows\system32\svchost.exe) - Standard

Avast blockiert Datei (windows\system32\svchost.exe)



ADDITION:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-07-2013
Ran by *** at 2013-07-14 20:58:00
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================

Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.0.0)
Adobe Bridge 1.0 (Version: 001.000.001)
Adobe Common File Installer (Version: 1.00.001)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Help Center 1.0 (Version: 1.0.1)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Adobe Stock Photos 1.0 (Version: 1.0.1)
ATK Package (Version: 1.0.0023)
avast! Free Antivirus (Version: 8.0.1489.0)
Catan - Städte und Ritter (Version: 1.229)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EPSON BX305 Plus Series Printer Uninstall
Epson Easy Photo Print 2 (Version: 2.3.2.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
EPSON Scan
Free YouTube to MP3 Converter version 3.12.5.628 (Version: 3.12.5.628)
GIMP 2.8.4 (Version: 2.8.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
lightshot-4.3.0.0 (Version: 4.3.0.0)
MediaMonkey 4.0 (Version: 4.0)
Microsoft Expression Design 4 (Version: 8.0.31217.1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 17.0.2011.0627)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
Netzwerkhandbuch EPSON BX305 Plus Series
NVIDIA 3D Vision Treiber 310.90 (Version: 310.90)
NVIDIA Grafiktreiber 310.90 (Version: 310.90)
NVIDIA Install Application (Version: 2.1002.95.599)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1090)
NVIDIA Systemsteuerung 310.90 (Version: 310.90)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Origin (Version: 9.1.3.2637)
PDF Architect (Version: 1.0.52.8917)
PDFCreator (Version: 1.7.0)
SRS Audio Essentials (Version: 1.02.0312)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 16.2.21.0)
System Power Shortcuts (Version: 1.1.1029)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
 

==================== Restore Points  =========================

23-06-2013 13:01:54 Geplanter Prüfpunkt
03-07-2013 08:10:25 Geplanter Prüfpunkt
06-07-2013 06:51:08 Installed Java 7 Update 25
11-07-2013 14:52:48 Windows Update

==================== Hosts content: ==========================

2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0E78FEE0-C387-4530-AC36-4D46887FBFD5} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {0FB9F3EA-4F42-41A0-B8CE-06CDEF09B849} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {159DA30B-9B91-4267-A71F-5B7ACC15230D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {174644D4-4E5F-4B13-893F-DC718163E165} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {21EBABC3-315E-4262-91EA-833D48E9208B} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {307D6D3E-9D87-4CFD-B668-C60E8C86B0E3} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {30AFB382-B450-4F01-B005-A373C9538063} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {311C4CC9-7320-42AB-B437-C1D02EEB6587} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {342D8E10-501F-4B38-A4C0-F2DE193B46E9} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {363B18FF-B363-4665-B1C4-DD7823139C45} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation)
Task: {3799C698-B9E2-4D51-86FC-B9B20E8DEF91} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {3979CF68-CD08-46D3-A340-CB769AE09013} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {3B292858-FAAA-4B61-9C76-6902AEB7607B} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {3E787B0D-8405-40CD-BC79-5BF41DAB734D} - System32\Tasks\update-S-1-5-21-4171136491-575053196-1707953686-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-02-23] ()
Task: {3EC42D4C-09B0-49D9-A6A8-F2E1A94C0A74} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {4294B8A6-13BD-4733-8559-C8D558B6F597} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {44E19131-88E9-4238-9DCD-22306E438BB1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {4875C8FF-DF2A-4DBF-B93B-C18E351949B5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {4F2DA3E8-0B43-47C0-8811-45ECA435391F} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {545C008C-4471-44F8-AD15-96CB8BB2BB0C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {5986D1E8-C632-477C-8096-ECEBBDF07468} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-02-23] ()
Task: {5B88CA1D-EEEA-4BAC-9E36-D94BA7D5CC37} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {5CB273A4-513A-4D26-9064-1880BFE98AD1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {6495D7D8-52C0-4309-9097-247A7B9574CC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {67FF304D-1A11-4CB0-909A-A92DCFD95294} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {68070BBC-F2DE-4476-95C6-C2ED1ECE3D0F} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {6BB2238B-0B60-43CB-9FD7-30FC5D5758BA} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe No File
Task: {6CEE63A4-32D4-473A-9615-35287493A8D0} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4171136491-575053196-1707953686-1000
Task: {74748E76-21FC-465C-ABE1-5E465834A900} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {753C8596-7415-46D3-AF5E-9EEC299E7D90} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {7EBC5A66-ABD2-4B81-872F-BC7CA4AD5D55} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {8E694376-21AC-46FA-8E80-C453341417E4} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {973628F1-FAD0-487A-B3EC-A318007483E8} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {9C3ADA14-4FAF-445F-B971-A69F60A7C497} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {9D175E12-DB50-4682-9F62-F923B154AA57} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A014EC55-F9EB-479D-9F4C-ACBE30C9E949} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: {AAEB0B67-69E8-4F99-922A-28CB70F79E35} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {AFE9EACD-AC61-4642-A077-BB06D1147FC5} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {BB4910D3-79D9-461E-AC1B-915B8E8672A3} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BC858B0C-7D0F-436F-B08B-50D51DF74306} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {C25EB31A-6966-4BF5-BAAB-9107993D54BD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\WINDOWS\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {C465A656-3917-43C0-B40A-4EBBE8708BB9} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {C66B8D31-A32F-4AF7-800E-475B2C2BE27D} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {C7B00221-71A0-4FB5-84F5-F1A8A2CA1B2A} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {D1CDD09C-5F29-4A7F-8FB4-897B439CC9A9} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {E3F2C42C-4547-49CD-A14F-FDDA37794A75} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {E3FC5136-FFFE-42DA-BB1D-6C62CAEB4585} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {E60C98D3-B41B-482A-AC61-DD19EDF2841D} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {E6EF7532-3F7A-443F-8769-AED6CC439EC5} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {EF9592CE-7796-47A6-9CD5-8630640D45BB} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {F273F7E8-98FA-47D0-BFE3-8B71C8C3E9A8} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {F413C755-E3DC-4075-BB1E-AC60C1CA9AEA} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {F69E710E-D481-4685-9A82-C1B0C2369EB5} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {F6E06073-27B2-48BB-8FA1-AAA8B50066D0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {FB96BBB5-A5AD-4886-B14B-183EA8E08AD0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-11] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-4171136491-575053196-1707953686-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2013 00:40:29 PM) (Source: Application on Demand - JQM2_ger) (User: )
Description: ALoggerFileCyclic:  Failed to release mutex. Last error code: 288

Type:    
    ERROR
Location:
    ::(0) : error 0: 
Computer:
    Id: 0, Name:Null

Error: (07/14/2013 00:40:29 PM) (Source: Application on Demand - JQM2_ger) (User: )
Description: ALoggerFileCyclic:  Failed to release mutex. Last error code: 288

Type:    
    ERROR
Location:
    ::(0) : error 0: 
Computer:
    Id: 0, Name:Null

Error: (07/14/2013 00:24:26 PM) (Source: Application on Demand - plugin-container) (User: )
Description: ALoggerFileCyclic:  Failed to delete an old log file Last error code: 32

Type:    
    ERROR
Location:
    ::(0) : error 0: 
Computer:
    Id: 0, Name:Null

Error: (07/10/2013 08:44:54 AM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (06/29/2013 08:07:09 AM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (06/22/2013 08:04:14 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (06/14/2013 04:10:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: LABTOP)
Description: Die App „microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.

Error: (06/14/2013 02:56:03 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (06/13/2013 02:35:17 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (06/12/2013 00:53:05 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005


System errors:
=============
Error: (07/14/2013 08:59:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2147942405

Error: (07/14/2013 08:59:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%2147942405

Error: (07/14/2013 08:59:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2147942405

Error: (07/14/2013 08:59:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%2147942405

Error: (07/14/2013 08:47:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1062

Error: (07/14/2013 08:47:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2147942405

Error: (07/14/2013 08:47:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%2147942405

Error: (07/14/2013 08:35:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2147942405

Error: (07/14/2013 08:35:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%2147942405

Error: (07/14/2013 08:35:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2147942405


Microsoft Office Sessions:
=========================
Error: (07/14/2013 00:40:29 PM) (Source: Application on Demand - JQM2_ger)(User: )
Description: ALoggerFileCyclic:  Failed to release mutex. Last error code: 288

Type:    
    ERROR
Location:
    ::(0) : error 0: 
Computer:
    Id: 0, Name:Null

Error: (07/14/2013 00:40:29 PM) (Source: Application on Demand - JQM2_ger)(User: )
Description: ALoggerFileCyclic:  Failed to release mutex. Last error code: 288

Type:    
    ERROR
Location:
    ::(0) : error 0: 
Computer:
    Id: 0, Name:Null

Error: (07/14/2013 00:24:26 PM) (Source: Application on Demand - plugin-container)(User: )
Description: ALoggerFileCyclic:  Failed to delete an old log file Last error code: 32

Type:    
    ERROR
Location:
    ::(0) : error 0: 
Computer:
    Id: 0, Name:Null

Error: (07/10/2013 08:44:54 AM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d

Error: (06/29/2013 08:07:09 AM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d

Error: (06/22/2013 08:04:14 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (06/14/2013 04:10:31 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: LABTOP)
Description: microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive

Error: (06/14/2013 02:56:03 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (06/13/2013 02:35:17 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (06/12/2013 00:53:05 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005


==================== Memory info =========================== 

Percentage of memory in use: 74%
Total physical RAM: 3071.33 MB
Available physical RAM: 786.73 MB
Total Pagefile: 6143.33 MB
Available Pagefile: 3486.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1839.45 MB

==================== Drives ================================

Drive c: (Windows 8) (Fixed) (Total:116.44 GB) (Free:67.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (***) (Fixed) (Total:104.73 GB) (Free:54.45 GB) NTFS
Drive e: () (Fixed) (Total:116.44 GB) (Free:69.39 GB) NTFS
Drive g: () (Fixed) (Total:116.44 GB) (Free:116.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: BBC58B91)
Partition 1: (Not Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=116 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 97646C29)
Partition 1: (Not Active) - (Size=12 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=105 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-07-2013
Ran by *** (administrator) on 14-07-2013 20:56:34
Running from C:\Users\***\Desktop
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(SRS Labs, Inc.) C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe
(Acresso Software Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe
(Microsoft Corporation) C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2383160 2012-11-06] (Synaptics Incorporated)
HKLM\...\Run: [SRSAENotifier] - C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe [548768 2012-06-25] (SRS Labs, Inc.)
HKLM\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-23] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [LightShot] - C:\Users\***\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [195072 2011-03-16] ()
HKCU\...\Run: [OfficeSyncProcess] - "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [SRSHDAudioLab] - "C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe" auto [5446056 2012-06-25] ()
HKCU\...\Run: [Steam] - "C:\Program Files\Steam\Steam.exe" -silent [1597864 2013-02-14] (Valve Corporation)
HKCU\...\Run: [SkyDrive] - "C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background [257136 2013-07-03] (Microsoft Corporation)
HKCU\...\Run: [Exetender_148] - "C:\Program Files\FreeRide Games\GPlayer.exe" /schedule 300000 [x]
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Winsock: Catalog5 04 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Winsock: Catalog9 25 mswsock.dll File Not found ()
Winsock: Catalog9 26 mswsock.dll File Not found ()
Winsock: Catalog9 27 mswsock.dll File Not found ()
Winsock: Catalog9 28 mswsock.dll File Not found ()
Winsock: Catalog9 29 mswsock.dll File Not found ()
Winsock: Catalog9 30 mswsock.dll File Not found ()
Winsock: Catalog9 31 mswsock.dll File Not found ()
Winsock: Catalog9 32 mswsock.dll File Not found ()
Winsock: Catalog9 33 mswsock.dll File Not found ()
Winsock: Catalog9 34 mswsock.dll File Not found ()
Winsock: Catalog9 35 mswsock.dll File Not found ()
Winsock: Catalog9 36 mswsock.dll File Not found ()
Winsock: Catalog9 37 mswsock.dll File Not found ()
Winsock: Catalog9 38 mswsock.dll File Not found ()
Winsock: Catalog9 39 mswsock.dll File Not found ()
Winsock: Catalog9 40 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\90vhslw0.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\***\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt

========================== Services (Whitelisted) =================

R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [106880 2012-09-11] (ASUSTek Computer Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
S2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 SRSHDAudioService; C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe [13232 2012-06-25] (SRS Labs, Inc.)

==================== Drivers (Whitelisted) ====================

R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] ()
R3 athr; C:\Windows\system32\DRIVERS\athr.sys [2273280 2012-06-02] (Qualcomm Atheros Communications, Inc.)
R3 MTsensor; C:\Windows\System32\drivers\ATKACPI.sys [14392 2009-05-13] (ASUS)
R3 SRS_AE_Service; C:\Windows\system32\drivers\SRS_AE_i386.sys [407368 2012-06-21] ()
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHDA.sys [x]
U3 uwldapow; \??\C:\Users\***\AppData\Local\Temp\uwldapow.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-14 20:56 - 2013-07-14 20:56 - 00000000 ____D C:\FRST
2013-07-14 20:54 - 2013-07-14 20:54 - 01218214 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-14 16:48 - 2013-07-14 16:48 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(2).exe
2013-07-14 16:47 - 2013-07-14 16:49 - 00064652 _____ C:\Users\***\Desktop\gmer.log
2013-07-14 15:07 - 2013-07-14 15:07 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-14 14:56 - 2013-07-14 14:56 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(1).exe
2013-07-14 14:54 - 2013-07-14 14:54 - 00115388 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-14 14:54 - 2013-07-14 14:54 - 00115112 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-14 14:46 - 2013-07-14 14:46 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-14 14:43 - 2013-07-14 14:45 - 00000474 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-14 14:43 - 2013-07-14 14:43 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-14 14:43 - 2013-07-14 14:43 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-14 14:33 - 2013-07-14 14:33 - 00540072 _____ (Neuber Software) C:\Users\***\Downloads\SvchostAnalyzer.exe
2013-07-14 13:57 - 2013-07-14 13:57 - 04054000 _____ (LionSea Software                                            ) C:\Users\***\Downloads\setup.exe
2013-07-14 12:47 - 2013-07-14 12:47 - 00425072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-14 12:32 - 2013-07-14 12:32 - 00000000 ____D C:\Users\Public\Documents\wildtangent_de
2013-07-14 12:24 - 2013-07-14 12:24 - 00000000 ____D C:\ProgramData\FreeRide Games
2013-07-14 12:16 - 2013-07-14 12:16 - 15314304 _____ C:\Users\***\Downloads\PeggleSetup-en.exe
2013-07-14 11:43 - 2013-07-14 11:43 - 00605800 _____ C:\Users\***\Downloads\peggle-deluxe.exe
2013-07-14 11:15 - 2013-07-14 11:15 - 00369951 _____ (Freeware-Download) C:\Users\***\Downloads\get_Peggle_Deluxe.exe
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Users\***\AppData\Roaming\GetRightToGo
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Users\***\AppData\Local\Big Fish
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\BigFishCache
2013-07-14 11:08 - 2013-07-14 11:08 - 00235872 _____ (Big Fish Games) C:\Users\***\Downloads\peggle_s2_l2_gF1465T1L2_d2117874113.exe
2013-07-14 11:06 - 2013-07-14 11:06 - 00235872 _____ (Big Fish Games) C:\Users\***\Downloads\peggle_s2_l2_gF1465T1L2_d2117873080.exe
2013-07-12 09:48 - 2013-07-12 09:49 - 00000000 ____D C:\Program Files\PDFCreator
2013-07-12 09:48 - 2013-07-12 09:48 - 00000000 ____D C:\Users\***\AppData\Roaming\pdfforge
2013-07-12 09:48 - 2013-04-09 15:13 - 00095416 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2013-07-12 09:48 - 2012-05-05 11:54 - 00662288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCOMCT2.OCX
2013-07-12 09:48 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMAPI32.OCX
2013-07-12 09:48 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPIDE.DLL
2013-07-12 09:48 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB6DE.DLL
2013-07-12 09:48 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCMCDE.DLL
2013-07-12 09:48 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCC2DE.DLL
2013-07-12 09:46 - 2013-07-12 09:46 - 17502040 _____ (pdfforge GbR) C:\Users\***\Downloads\PDFCreator-1_7_0_setup.exe
2013-07-12 09:40 - 2013-07-12 09:40 - 00043823 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-07-11 16:18 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-07-11 16:18 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-07-11 16:18 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-07-11 16:18 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-07-11 16:18 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2013-07-11 16:17 - 2013-05-31 01:09 - 03389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-07-11 16:17 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2013-07-11 16:17 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2013-07-11 10:36 - 2013-07-11 10:36 - 00001535 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free YouTube to MP3 Converter.lnk
2013-07-10 11:12 - 2013-07-10 11:12 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-10 11:10 - 2013-07-10 11:10 - 01211048 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\***\Downloads\FreeYouTubeToMP3Converter.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-07-06 08:52 - 2013-07-06 08:52 - 00000000 ____D C:\Program Files\Java
2013-07-06 08:50 - 2013-07-06 08:50 - 31714216 _____ (Oracle Corporation) C:\Users\***\Downloads\jre-7u25-windows-i586.exe
2013-07-06 08:41 - 2013-07-06 08:41 - 00001024 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IKP - Information, Kommunikation und Planung (Herr Rüßmann).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00001018 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rechtssicheres Handeln - Umweltrecht (Herr Dr. Hedermann).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00000957 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betriebswirtschaftliches Handeln (Herr Ziemer).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00000937 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zusammenarbeit im Betrieb (Herr Hagendorf).lnk
2013-07-03 13:03 - 2013-07-03 13:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-28 11:19 - 2013-06-28 11:19 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2013-06-27 09:05 - 2013-06-28 11:19 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2013-06-27 09:05 - 2013-06-28 11:19 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
2013-06-14 16:15 - 2013-06-14 16:15 - 03270960 _____ (Secunia) C:\Users\***\Downloads\PSISetup.exe
2013-06-14 15:57 - 2013-05-31 01:20 - 01011712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2013-06-14 15:57 - 2013-05-24 01:27 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-06-14 15:57 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-06-14 15:57 - 2013-05-15 04:24 - 00793088 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2013-06-14 15:57 - 2013-05-15 04:24 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2013-06-14 15:57 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-06-14 15:57 - 2013-04-03 01:37 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdlg.dll
2013-06-14 15:49 - 2013-06-14 15:49 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-14 15:46 - 2013-06-14 15:46 - 31666592 _____ (Oracle Corporation) C:\Users\***\Downloads\jre-7u21-windows-i586.exe
2013-06-14 15:25 - 2013-05-04 07:45 - 05575424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-06-14 15:11 - 2013-04-24 01:13 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2013-06-14 15:11 - 2013-04-24 01:12 - 01569792 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-06-14 15:11 - 2013-04-24 01:12 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
2013-06-14 15:11 - 2013-04-24 01:12 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2013-06-14 09:05 - 2013-05-04 07:54 - 00103176 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2013-06-14 09:05 - 2013-05-04 07:37 - 00052056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-06-14 09:05 - 2013-05-04 07:20 - 00362240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2013-06-14 09:05 - 2013-05-04 07:20 - 00238336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-06-14 09:05 - 2013-05-04 07:20 - 00180488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-06-14 09:05 - 2013-05-04 06:58 - 02561536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-06-14 09:05 - 2013-05-04 06:58 - 01555456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-06-14 09:05 - 2013-05-04 06:58 - 01150976 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2013-06-14 09:05 - 2013-05-04 06:58 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2013-06-14 09:05 - 2013-05-04 06:58 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-06-14 09:05 - 2013-05-04 06:58 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-06-14 09:05 - 2013-05-04 06:58 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-06-14 09:05 - 2013-05-04 06:58 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-06-14 09:05 - 2013-05-04 06:58 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-06-14 09:05 - 2013-05-04 06:57 - 10788864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 08857088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2013-06-14 09:05 - 2013-05-04 06:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\muifontsetup.dll
2013-06-14 09:05 - 2013-05-04 06:56 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-06-14 09:05 - 2013-05-04 06:56 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-06-14 09:05 - 2013-05-04 06:56 - 00582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2013-06-14 09:05 - 2013-05-04 06:56 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-06-14 09:05 - 2013-05-04 06:56 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2013-06-14 09:05 - 2013-05-04 06:56 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2013-06-14 09:05 - 2013-05-04 06:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2013-06-14 09:05 - 2013-05-04 06:56 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2013-06-14 09:05 - 2013-05-04 06:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2013-06-14 09:05 - 2013-05-04 06:55 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2013-06-14 09:05 - 2013-05-04 06:10 - 00014848 _____ (Microsoft) C:\WINDOWS\system32\rars.rs
2013-06-14 09:05 - 2013-05-04 06:08 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-06-14 09:05 - 2013-05-04 06:08 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2013-06-14 09:05 - 2013-05-04 06:06 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2013-06-14 09:05 - 2013-05-03 00:04 - 00386646 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-06-14 07:44 - 2013-05-04 07:14 - 01801472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-06-14 07:09 - 2013-04-27 05:21 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

==================== One Month Modified Files and Folders =======

2013-07-14 20:56 - 2013-07-14 20:56 - 00000000 ____D C:\FRST
2013-07-14 20:55 - 2012-12-09 12:43 - 00000000 ___RD C:\Users\***\Desktop
2013-07-14 20:54 - 2013-07-14 20:54 - 01218214 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2013-07-14 20:44 - 2012-12-11 18:52 - 00000392 _____ C:\WINDOWS\Tasks\update-sys.job
2013-07-14 19:21 - 2012-12-26 15:18 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-14 19:07 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-07-14 17:27 - 2012-12-11 18:52 - 00000392 _____ C:\WINDOWS\Tasks\update-S-1-5-21-4171136491-575053196-1707953686-1000.job
2013-07-14 16:49 - 2013-07-14 16:47 - 00064652 _____ C:\Users\***\Desktop\gmer.log
2013-07-14 16:48 - 2013-07-14 16:48 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(2).exe
2013-07-14 16:40 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-07-14 15:07 - 2013-07-14 15:07 - 00377856 _____ C:\Users\***\Downloads\gmer_2.1.19163.exe
2013-07-14 14:56 - 2013-07-14 14:56 - 00602112 _____ (OldTimer Tools) C:\Users\***\Downloads\OTL(1).exe
2013-07-14 14:54 - 2013-07-14 14:54 - 00115388 _____ C:\Users\***\Downloads\OTL.Txt
2013-07-14 14:54 - 2013-07-14 14:54 - 00115112 _____ C:\Users\***\Desktop\OTL.Txt
2013-07-14 14:46 - 2013-07-14 14:46 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-07-14 14:45 - 2013-07-14 14:43 - 00000474 _____ C:\Users\***\Downloads\defogger_disable.log
2013-07-14 14:43 - 2013-07-14 14:43 - 00050477 _____ C:\Users\***\Downloads\Defogger.exe
2013-07-14 14:43 - 2013-07-14 14:43 - 00000000 _____ C:\Users\***\defogger_reenable
2013-07-14 14:43 - 2012-12-09 12:43 - 00000000 ____D C:\Users\***
2013-07-14 14:33 - 2013-07-14 14:33 - 00540072 _____ (Neuber Software) C:\Users\***\Downloads\SvchostAnalyzer.exe
2013-07-14 14:21 - 2013-02-06 15:51 - 00000000 ___RD C:\Users\***\SkyDrive
2013-07-14 14:07 - 2012-07-26 08:53 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-14 13:57 - 2013-07-14 13:57 - 04054000 _____ (LionSea Software                                            ) C:\Users\***\Downloads\setup.exe
2013-07-14 13:44 - 2012-12-27 13:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-14 13:44 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-14 13:43 - 2012-07-26 06:17 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2013-07-14 12:47 - 2013-07-14 12:47 - 00425072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-14 12:32 - 2013-07-14 12:32 - 00000000 ____D C:\Users\Public\Documents\wildtangent_de
2013-07-14 12:24 - 2013-07-14 12:24 - 00000000 ____D C:\ProgramData\FreeRide Games
2013-07-14 12:24 - 2012-12-19 14:50 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-14 12:16 - 2013-07-14 12:16 - 15314304 _____ C:\Users\***\Downloads\PeggleSetup-en.exe
2013-07-14 11:43 - 2013-07-14 11:43 - 00605800 _____ C:\Users\***\Downloads\peggle-deluxe.exe
2013-07-14 11:15 - 2013-07-14 11:15 - 00369951 _____ (Freeware-Download) C:\Users\***\Downloads\get_Peggle_Deluxe.exe
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Users\***\AppData\Roaming\GetRightToGo
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\Users\***\AppData\Local\Big Fish
2013-07-14 11:15 - 2013-07-14 11:15 - 00000000 ____D C:\BigFishCache
2013-07-14 11:08 - 2013-07-14 11:08 - 00235872 _____ (Big Fish Games) C:\Users\***\Downloads\peggle_s2_l2_gF1465T1L2_d2117874113.exe
2013-07-14 11:06 - 2013-07-14 11:06 - 00235872 _____ (Big Fish Games) C:\Users\***\Downloads\peggle_s2_l2_gF1465T1L2_d2117873080.exe
2013-07-14 08:59 - 2012-12-28 12:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-14 08:59 - 2012-12-09 12:37 - 00024662 _____ C:\WINDOWS\PFRO.log
2013-07-12 18:51 - 2012-07-26 10:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 18:50 - 2012-12-09 12:51 - 01187502 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-12 17:27 - 2012-12-11 18:31 - 00000000 ____D C:\Users\***\AppData\Roaming\MediaMonkey
2013-07-12 16:28 - 2012-12-09 12:52 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-12 16:15 - 2013-01-18 12:11 - 00000000 ____D C:\Users\***\.gimp-2.8
2013-07-12 09:50 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2013-07-12 09:49 - 2013-07-12 09:48 - 00000000 ____D C:\Program Files\PDFCreator
2013-07-12 09:48 - 2013-07-12 09:48 - 00000000 ____D C:\Users\***\AppData\Roaming\pdfforge
2013-07-12 09:46 - 2013-07-12 09:46 - 17502040 _____ (pdfforge GbR) C:\Users\***\Downloads\PDFCreator-1_7_0_setup.exe
2013-07-12 09:40 - 2013-07-12 09:40 - 00043823 _____ C:\Users\***\AppData\Local\recently-used.xbel
2013-07-11 17:47 - 2012-12-11 18:52 - 00000442 _____ C:\Users\***\AppData\Local\UserProducts.xml
2013-07-11 17:47 - 2012-12-11 18:52 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2013-07-11 17:02 - 2012-12-10 19:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 16:57 - 2012-12-13 17:42 - 75699896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-07-11 16:08 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-07-11 10:36 - 2013-07-11 10:36 - 00001535 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free YouTube to MP3 Converter.lnk
2013-07-11 10:22 - 2012-12-12 18:47 - 00000000 ____D C:\Users\***\AppData\Local\Adobe
2013-07-10 11:14 - 2013-05-20 12:12 - 00000000 ____D C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
2013-07-10 11:12 - 2013-07-10 11:12 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-10 11:12 - 2012-12-11 18:55 - 00000000 ____D C:\Users\***\AppData\Roaming\DVDVideoSoft
2013-07-10 11:10 - 2013-07-10 11:10 - 01211048 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\***\Downloads\FreeYouTubeToMP3Converter.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-07-06 08:52 - 2013-07-06 08:52 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-07-06 08:52 - 2013-07-06 08:52 - 00000000 ____D C:\Program Files\Java
2013-07-06 08:52 - 2012-12-21 15:46 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-07-06 08:52 - 2012-12-21 15:46 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-07-06 08:50 - 2013-07-06 08:50 - 31714216 _____ (Oracle Corporation) C:\Users\***\Downloads\jre-7u25-windows-i586.exe
2013-07-06 08:41 - 2013-07-06 08:41 - 00001024 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IKP - Information, Kommunikation und Planung (Herr Rüßmann).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00001018 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rechtssicheres Handeln - Umweltrecht (Herr Dr. Hedermann).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00000957 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Betriebswirtschaftliches Handeln (Herr Ziemer).lnk
2013-07-06 08:41 - 2013-07-06 08:41 - 00000937 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zusammenarbeit im Betrieb (Herr Hagendorf).lnk
2013-07-04 18:08 - 2012-12-11 19:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-03 13:03 - 2013-07-03 13:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 09:57 - 2013-02-06 15:51 - 00002251 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2013-07-01 17:04 - 2012-07-26 08:03 - 00080005 _____ C:\WINDOWS\setupact.log
2013-06-28 11:19 - 2013-06-28 11:19 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys.sum
2013-06-28 11:19 - 2013-06-27 09:05 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2013-06-28 11:19 - 2013-06-27 09:05 - 00000175 _____ C:\WINDOWS\system32\Drivers\aswSnx.sys.sum
2013-06-28 11:19 - 2013-03-19 19:39 - 00175176 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-06-28 11:19 - 2012-12-09 13:39 - 00770344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-06-28 11:19 - 2012-12-09 13:39 - 00369584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-06-28 00:04 - 2013-04-14 13:34 - 00693112 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-06-28 00:04 - 2013-04-14 13:34 - 00078200 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-06-16 12:48 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\rescache
2013-06-15 16:03 - 2012-12-10 19:45 - 00001536 _____ C:\Users\***\Desktop\Produktkey.txt
2013-06-14 16:15 - 2013-06-14 16:15 - 03270960 _____ (Secunia) C:\Users\***\Downloads\PSISetup.exe
2013-06-14 16:00 - 2012-07-26 08:53 - 00000000 ___RD C:\WINDOWS\ToastData
2013-06-14 16:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\WinStore
2013-06-14 16:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\de-DE
2013-06-14 16:00 - 2012-07-26 08:53 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-06-14 16:00 - 2012-07-26 08:49 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2013-06-14 15:49 - 2013-06-14 15:49 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-14 15:46 - 2013-06-14 15:46 - 31666592 _____ (Oracle Corporation) C:\Users\***\Downloads\jre-7u21-windows-i586.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\de-DE => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-07-11 10:35

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Wie soll ich mich jetzt eigentlich verhalten? Was darf ich noch auf dem Rechner und was nicht solange das nicht bereinigt ist?

Alt 14.07.2013, 21:13   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast blockiert Datei (windows\system32\svchost.exe) - Standard

Avast blockiert Datei (windows\system32\svchost.exe)



Du machst erstmal garnix am Rechner bis wir durch sind....


Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



Anschließend bitte ein frisches Log mit GMER machen:

Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.
__________________
Logs bitte immer in CODE-Tags posten

Alt 14.07.2013, 22:53   #12
loewenherzl
 
Avast blockiert Datei (windows\system32\svchost.exe) - Standard

Avast blockiert Datei (windows\system32\svchost.exe)



GMER:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-14 22:50:30
Windows 6.2.9200  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2 ST9250320AS rev.0303 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\uwldapow.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                  ZwWriteVirtualMemory [0x9031276E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwVdmControl [0x9042280E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                  ZwUnloadDriver [0x90310C42]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwTerminateThread [0x90423CF6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                  ZwTerminateProcess [0x903128EA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwSystemDebugControl [0x90422556]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwSuspendThread [0x904241C8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwSuspendProcess [0x90424066]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwShutdownSystem [0x9042245C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwSetSystemPowerState [0x904224CE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwSetSystemInformation [0x904222F8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwSetContextThread [0x90423D16]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwSetBootOptions [0x904227A8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwSetBootEntryOrder [0x90422742]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwReplyWaitReceivePortEx [0x9042522A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwReplyWaitReceivePort [0x904298B4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwQueueApcThreadEx [0x90424506]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwQueryObject [0x904247F8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                  ZwProtectVirtualMemory [0x90312822]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwOpenTimer [0x9042F0DC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwOpenThread [0x9042726E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwOpenSemaphore [0x9042EEF6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwOpenSection [0x9042F036]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwOpenProcess [0x90426E78]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwOpenMutant [0x9042EEAC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwOpenIoCompletion [0x9042F122]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwOpenEventPair [0x9042EF86]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwOpenEvent [0x9042EF42]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwNotifyChangeMultipleKeys [0x9042492C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwNotifyChangeKey [0x9042798C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwModifyBootEntry [0x904226DC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                  ZwLoadDriver [0x90310C12]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                  ZwFreeVirtualMemory [0x903126C2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwDuplicateObject [0x90427596]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwDeleteBootEntry [0x90422676]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwDebugActiveProcess [0x90423E9C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwCreateTimer [0x9042F0B8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwCreateThreadEx [0x90423800]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwCreateThread [0x904235E4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwCreateSemaphore [0x9042EECE]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                  ZwCreateSection [0x90312992]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwCreateMutant [0x9042EE86]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwCreateIoCompletion [0x9042F0FE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwCreateEventPair [0x9042EF64]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwCreateEvent [0x9042EF18]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwAssignProcessToJobObject [0x904230E6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwAlpcSendWaitReceivePort [0x90425256]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                  ZwAllocateVirtualMemory [0x903125FA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                  ZwAddBootEntry [0x90422610]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                  ZwCreateProcessEx [0x9032BE00]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                  ObMakeTemporaryObject

---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!ZwCallbackReturn + 16C                                                                                                                    812EC4BC 12 Bytes  [56, 25, 42, 90, C8, 41, 42, ...] {PUSH ESI; AND EAX, 0x41c89042; INC EDX; NOP ; INC AX; INC EDX; NOP }
.text           ntoskrnl.exe!ZwCallbackReturn + 1B4                                                                                                                    812EC504 2 Bytes  [CE, 24]
.text           ntoskrnl.exe!ZwCallbackReturn + 1B7                                                                                                                    812EC507 5 Bytes  [90, F8, 22, 42, 90] {NOP ; CLC ; AND AL, [EDX-0x70]}
.text           ntoskrnl.exe!ZwCallbackReturn + 604                                                                                                                    812EC954 12 Bytes  [B8, F0, 42, 90, 00, 38, 42, ...] {MOV EAX, 0x9042f0; CMP [EDX-0x70], AL; IN AL, 0x35; INC EDX; NOP }
.text           ntoskrnl.exe!ZwReplacePartitionUnit + 2673                                                                                                             81362135 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 66A                                                                                                                 81366A1A 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE            ntoskrnl.exe!SeOpenObjectAuditAlarmWithTransaction + 580                                                                                               81449A07 5 Bytes  JMP 9032A7CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ObMakeTemporaryObject                                                                                                                     8153662E 5 Bytes  JMP 90328C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ZwCreateProcessEx                                                                                                                         815CB0ED 7 Bytes  JMP 9032BE04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
?               System32\drivers\imofugc.sys                                                                                                                           Das System kann den angegebenen Pfad nicht finden. !
.edata          C:\WINDOWS\System32\DRIVERS\netbt.sys                                                                                                                  unknown last section [0x90A20000, 0x3B6B, 0xC8000040]

---- User code sections - GMER 2.1 ----

.text           C:\WINDOWS\system32\csrss.exe[460] kernel32.dll!GetBinaryTypeW + 6F                                                                                    7541DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\dashost.exe[472] ntdll.dll!LdrUnloadDll                                                                                            77992029 5 Bytes  JMP 00E903FC 
.text           C:\WINDOWS\system32\dashost.exe[472] ntdll.dll!LdrLoadDll                                                                                              779A5D29 5 Bytes  JMP 00E901F8 
.text           C:\WINDOWS\system32\dashost.exe[472] KERNEL32.dll!GetBinaryTypeW + 6F                                                                                  7541DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\AUDIODG.EXE[480] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                  7541DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\wininit.exe[532] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                  7541DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[540] kernel32.dll!GetBinaryTypeW + 6F                                                                                    7541DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[628] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                 7541DDE0 1 Byte  [62]
.text           ...                                                                                                                                                    
.text           C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1068] ntdll.dll!LdrUnloadDll                                                 77992029 5 Bytes  JMP 00F803FC 
.text           C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1068] ntdll.dll!LdrLoadDll                                                   779A5D29 5 Bytes  JMP 00F801F8 
.text           C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1068] KERNEL32.dll!GetBinaryTypeW + 6F                                       7541DDE0 1 Byte  [62]
.text           C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1068] USER32.dll!UnhookWindowsHookEx                                         76DFA37A 5 Bytes  JMP 010A0A08 
.text           C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1068] USER32.dll!SetWindowsHookExW                                           76DFF223 5 Bytes  JMP 010A0804 
.text           C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1068] USER32.dll!UnhookWinEvent                                              76DFFE7F 5 Bytes  JMP 010A03FC 
.text           C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1068] USER32.dll!SetWinEventHook                                             76E0938E 5 Bytes  JMP 010A01F8 
.text           C:\Users\***\AppData\Local\Skillbrains\lightshot\4.3.0.0\LightShot.exe[1068] USER32.dll!SetWindowsHookExA                                           76E16F76 5 Bytes  JMP 010A0600 
.text           C:\WINDOWS\system32\svchost.exe[1104] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                 7541DDE0 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[1204] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                 7541DDE0 1 Byte  [62]
.text           C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1268] KERNEL32.DLL!GetBinaryTypeW + 6F                                                        7541DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\nvvsvc.exe[1280] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                  7541DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1472] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                                 7541DDE0 1 Byte  [62]
.text           ...                                                                                                                                                    
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[1704] ntdll.dll!LdrUnloadDll                                77992029 5 Bytes  JMP 005B03FC 
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[1704] ntdll.dll!LdrLoadDll                                  779A5D29 5 Bytes  JMP 005B01F8 
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[1704] USER32.dll!UnhookWindowsHookEx                        76DFA37A 5 Bytes  JMP 005D0A08 
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[1704] USER32.dll!SetWindowsHookExW                          76DFF223 5 Bytes  JMP 005D0804 
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[1704] USER32.dll!UnhookWinEvent                             76DFFE7F 5 Bytes  JMP 005D03FC 
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[1704] USER32.dll!SetWinEventHook                            76E0938E 5 Bytes  JMP 005D01F8 
.text           C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[1704] USER32.dll!SetWindowsHookExA                          76E16F76 5 Bytes  JMP 005D0600 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] ntdll.dll!LdrUnloadDll                                                                    77992029 5 Bytes  JMP 00BC03FC 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] ntdll.dll!LdrLoadDll                                                                      779A5D29 5 Bytes  JMP 00BC01F8 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] KERNEL32.dll!GetBinaryTypeW + 6F                                                          7541DDE0 1 Byte  [62]
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] USER32.dll!UnhookWindowsHookEx                                                            76DFA37A 5 Bytes  JMP 00BE0A08 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] USER32.dll!SetWindowsHookExW                                                              76DFF223 5 Bytes  JMP 00BE0804 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] USER32.dll!UnhookWinEvent                                                                 76DFFE7F 5 Bytes  JMP 00BE03FC 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] USER32.dll!SetWinEventHook                                                                76E0938E 5 Bytes  JMP 00BE01F8 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1964] USER32.dll!SetWindowsHookExA                                                              76E16F76 5 Bytes  JMP 00BE0600 
.text           C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2104] ntdll.dll!LdrUnloadDll                                                                    77992029 5 Bytes  JMP 004A03FC 
.text           C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2104] ntdll.dll!LdrLoadDll                                                                      779A5D29 5 Bytes  JMP 004A01F8 
.text           C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2104] KERNEL32.dll!GetBinaryTypeW + 6F                                                          7541DDE0 1 Byte  [62]
.text           C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2104] USER32.dll!UnhookWindowsHookEx                                                            76DFA37A 5 Bytes  JMP 005D0A08 
.text           C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2104] USER32.dll!SetWindowsHookExW                                                              76DFF223 5 Bytes  JMP 005D0804 
.text           C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2104] USER32.dll!UnhookWinEvent                                                                 76DFFE7F 5 Bytes  JMP 005D03FC 
.text           C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2104] USER32.dll!SetWinEventHook                                                                76E0938E 5 Bytes  JMP 005D01F8 
.text           C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[2104] USER32.dll!SetWindowsHookExA                                                              76E16F76 5 Bytes  JMP 005D0600 
.text           C:\Users\***\Desktop\gmer_2.1.19163.exe[2240] KERNEL32.DLL!GetBinaryTypeW + 6F                                                                      7541DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\taskhostex.exe[2264] ntdll.dll!LdrUnloadDll                                                                                        77992029 5 Bytes  JMP 00AB03FC 
.text           C:\WINDOWS\system32\taskhostex.exe[2264] ntdll.dll!LdrLoadDll                                                                                          779A5D29 5 Bytes  JMP 00AB01F8 
.text           C:\WINDOWS\system32\taskhostex.exe[2264] KERNEL32.dll!GetBinaryTypeW + 6F                                                                              7541DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\taskhostex.exe[2264] user32.dll!UnhookWindowsHookEx                                                                                76DFA37A 5 Bytes  JMP 00AE0A08 
.text           C:\WINDOWS\system32\taskhostex.exe[2264] user32.dll!SetWindowsHookExW                                                                                  76DFF223 5 Bytes  JMP 00AE0804 
.text           C:\WINDOWS\system32\taskhostex.exe[2264] user32.dll!UnhookWinEvent                                                                                     76DFFE7F 5 Bytes  JMP 00AE03FC 
.text           C:\WINDOWS\system32\taskhostex.exe[2264] user32.dll!SetWinEventHook                                                                                    76E0938E 5 Bytes  JMP 00AE01F8 
.text           C:\WINDOWS\system32\taskhostex.exe[2264] user32.dll!SetWindowsHookExA                                                                                  76E16F76 5 Bytes  JMP 00AE0600 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2308] ntdll.dll!LdrUnloadDll                                                                    77992029 5 Bytes  JMP 00C403FC 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2308] ntdll.dll!LdrLoadDll                                                                      779A5D29 5 Bytes  JMP 00C401F8 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2308] USER32.dll!UnhookWindowsHookEx                                                            76DFA37A 5 Bytes  JMP 00C80A08 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2308] USER32.dll!SetWindowsHookExW                                                              76DFF223 5 Bytes  JMP 00C80804 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2308] USER32.dll!UnhookWinEvent                                                                 76DFFE7F 5 Bytes  JMP 00C803FC 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2308] USER32.dll!SetWinEventHook                                                                76E0938E 5 Bytes  JMP 00C801F8 
.text           C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2308] USER32.dll!SetWindowsHookExA                                                              76E16F76 5 Bytes  JMP 00C80600 
.text           C:\WINDOWS\Explorer.EXE[2392] ntdll.dll!LdrUnloadDll                                                                                                   77992029 5 Bytes  JMP 007303FC 
.text           C:\WINDOWS\Explorer.EXE[2392] ntdll.dll!LdrLoadDll                                                                                                     779A5D29 5 Bytes  JMP 007301F8 
.text           C:\WINDOWS\Explorer.EXE[2392] KERNEL32.dll!GetBinaryTypeW + 6F                                                                                         7541DDE0 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[2392] USER32.dll!UnhookWindowsHookEx                                                                                           76DFA37A 5 Bytes  JMP 00760A08 
.text           C:\WINDOWS\Explorer.EXE[2392] USER32.dll!SetWindowsHookExW                                                                                             76DFF223 5 Bytes  JMP 00760804 
.text           C:\WINDOWS\Explorer.EXE[2392] USER32.dll!UnhookWinEvent                                                                                                76DFFE7F 5 Bytes  JMP 007603FC 
.text           C:\WINDOWS\Explorer.EXE[2392] USER32.dll!SetWinEventHook                                                                                               76E0938E 5 Bytes  JMP 007601F8 
.text           C:\WINDOWS\Explorer.EXE[2392] USER32.dll!SetWindowsHookExA                                                                                             76E16F76 5 Bytes  JMP 00760600 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2420] ntdll.dll!LdrUnloadDll                                                        77992029 5 Bytes  JMP 014303FC 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2420] ntdll.dll!LdrLoadDll                                                          779A5D29 5 Bytes  JMP 014301F8 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2420] USER32.dll!UnhookWindowsHookEx                                                76DFA37A 5 Bytes  JMP 01470A08 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2420] USER32.dll!SetWindowsHookExW                                                  76DFF223 5 Bytes  JMP 01470804 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2420] USER32.dll!UnhookWinEvent                                                     76DFFE7F 5 Bytes  JMP 014703FC 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2420] USER32.dll!SetWinEventHook                                                    76E0938E 5 Bytes  JMP 014701F8 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe[2420] USER32.dll!SetWindowsHookExA                                                  76E16F76 5 Bytes  JMP 01470600 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2452] ntdll.dll!LdrUnloadDll                                                                 77992029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2452] ntdll.dll!LdrLoadDll                                                                   779A5D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2452] KERNEL32.dll!GetBinaryTypeW + 6F                                                       7541DDE0 1 Byte  [62]
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2452] USER32.dll!UnhookWindowsHookEx                                                         76DFA37A 5 Bytes  JMP 00220A08 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2452] USER32.dll!SetWindowsHookExW                                                           76DFF223 5 Bytes  JMP 00220804 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2452] USER32.dll!UnhookWinEvent                                                              76DFFE7F 5 Bytes  JMP 002203FC 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2452] USER32.dll!SetWinEventHook                                                             76E0938E 5 Bytes  JMP 002201F8 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe[2452] USER32.dll!SetWindowsHookExA                                                           76E16F76 5 Bytes  JMP 00220600 
.text           C:\Program Files\PDF Architect\HelperService.exe[2460] ntdll.dll!LdrUnloadDll                                                                          77992029 5 Bytes  JMP 00B203FC 
.text           C:\Program Files\PDF Architect\HelperService.exe[2460] ntdll.dll!LdrLoadDll                                                                            779A5D29 5 Bytes  JMP 00B201F8 
.text           C:\Program Files\PDF Architect\HelperService.exe[2460] KERNEL32.dll!GetBinaryTypeW + 6F                                                                7541DDE0 1 Byte  [62]
.text           C:\Program Files\PDF Architect\HelperService.exe[2460] USER32.dll!UnhookWindowsHookEx                                                                  76DFA37A 5 Bytes  JMP 00B50A08 
.text           C:\Program Files\PDF Architect\HelperService.exe[2460] USER32.dll!SetWindowsHookExW                                                                    76DFF223 5 Bytes  JMP 00B50804 
.text           C:\Program Files\PDF Architect\HelperService.exe[2460] USER32.dll!UnhookWinEvent                                                                       76DFFE7F 5 Bytes  JMP 00B503FC 
.text           C:\Program Files\PDF Architect\HelperService.exe[2460] USER32.dll!SetWinEventHook                                                                      76E0938E 5 Bytes  JMP 00B501F8 
.text           C:\Program Files\PDF Architect\HelperService.exe[2460] USER32.dll!SetWindowsHookExA                                                                    76E16F76 5 Bytes  JMP 00B50600 
.text           C:\WINDOWS\system32\SearchIndexer.exe[2480] ntdll.dll!LdrUnloadDll                                                                                     77992029 5 Bytes  JMP 001603FC 
.text           C:\WINDOWS\system32\SearchIndexer.exe[2480] ntdll.dll!LdrLoadDll                                                                                       779A5D29 5 Bytes  JMP 001601F8 
.text           C:\WINDOWS\system32\SearchIndexer.exe[2480] USER32.dll!UnhookWindowsHookEx                                                                             76DFA37A 5 Bytes  JMP 001A0A08 
.text           C:\WINDOWS\system32\SearchIndexer.exe[2480] USER32.dll!SetWindowsHookExW                                                                               76DFF223 5 Bytes  JMP 001A0804 
.text           C:\WINDOWS\system32\SearchIndexer.exe[2480] USER32.dll!UnhookWinEvent                                                                                  76DFFE7F 5 Bytes  JMP 001A03FC 
.text           C:\WINDOWS\system32\SearchIndexer.exe[2480] USER32.dll!SetWinEventHook                                                                                 76E0938E 5 Bytes  JMP 001A01F8 
.text           C:\WINDOWS\system32\SearchIndexer.exe[2480] USER32.dll!SetWindowsHookExA                                                                               76E16F76 5 Bytes  JMP 001A0600 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[2484] ntdll.dll!LdrUnloadDll                                                                77992029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[2484] ntdll.dll!LdrLoadDll                                                                  779A5D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[2484] KERNEL32.dll!GetBinaryTypeW + 6F                                                      7541DDE0 1 Byte  [62]
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[2484] USER32.dll!UnhookWindowsHookEx                                                        76DFA37A 5 Bytes  JMP 00220A08 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[2484] USER32.dll!SetWindowsHookExW                                                          76DFF223 5 Bytes  JMP 00220804 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[2484] USER32.dll!UnhookWinEvent                                                             76DFFE7F 5 Bytes  JMP 002203FC 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[2484] USER32.dll!SetWinEventHook                                                            76E0938E 5 Bytes  JMP 002201F8 
.text           C:\Program Files\ASUS\ATK Package\ATK Hotkey\SynptSync.exe[2484] USER32.dll!SetWindowsHookExA                                                          76E16F76 5 Bytes  JMP 00220600 
.text           C:\WINDOWS\system32\svchost.exe[2696] ntdll.dll!LdrUnloadDll                                                                                           77992029 5 Bytes  JMP 00E103FC 
.text           C:\WINDOWS\system32\svchost.exe[2696] ntdll.dll!LdrLoadDll                                                                                             779A5D29 5 Bytes  JMP 00E101F8 
.text           C:\WINDOWS\system32\svchost.exe[2696] KERNEL32.dll!GetBinaryTypeW + 6F                                                                                 7541DDE0 1 Byte  [62]
.text           C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe[2720] ntdll.dll!LdrUnloadDll                                  77992029 5 Bytes  JMP 009503FC 
.text           C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe[2720] ntdll.dll!LdrLoadDll                                    779A5D29 5 Bytes  JMP 009501F8 
.text           C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe[2720] USER32.dll!UnhookWindowsHookEx                          76DFA37A 5 Bytes  JMP 00980A08 
.text           C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe[2720] USER32.dll!SetWindowsHookExW                            76DFF223 5 Bytes  JMP 00980804 
.text           C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe[2720] USER32.dll!UnhookWinEvent                               76DFFE7F 5 Bytes  JMP 009803FC 
.text           C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe[2720] USER32.dll!SetWinEventHook                              76E0938E 5 Bytes  JMP 009801F8 
.text           C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe[2720] USER32.dll!SetWindowsHookExA                            76E16F76 5 Bytes  JMP 00980600 
.text           C:\WINDOWS\system32\svchost.exe[2768] ntdll.dll!LdrUnloadDll                                                                                           77992029 5 Bytes  JMP 007203FC 
.text           C:\WINDOWS\system32\svchost.exe[2768] ntdll.dll!LdrLoadDll                                                                                             779A5D29 5 Bytes  JMP 007201F8 
.text           C:\WINDOWS\system32\svchost.exe[2768] KERNEL32.dll!GetBinaryTypeW + 6F                                                                                 7541DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[2768] USER32.dll!UnhookWindowsHookEx                                                                                   76DFA37A 5 Bytes  JMP 00850A08 
.text           C:\WINDOWS\system32\svchost.exe[2768] USER32.dll!SetWindowsHookExW                                                                                     76DFF223 5 Bytes  JMP 00850804 
.text           C:\WINDOWS\system32\svchost.exe[2768] USER32.dll!UnhookWinEvent                                                                                        76DFFE7F 5 Bytes  JMP 008503FC 
.text           C:\WINDOWS\system32\svchost.exe[2768] USER32.dll!SetWinEventHook                                                                                       76E0938E 5 Bytes  JMP 008501F8 
.text           C:\WINDOWS\system32\svchost.exe[2768] USER32.dll!SetWindowsHookExA                                                                                     76E16F76 5 Bytes  JMP 00850600 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2820] ntdll.dll!LdrUnloadDll                                                                          77992029 5 Bytes  JMP 002003FC 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2820] ntdll.dll!LdrLoadDll                                                                            779A5D29 5 Bytes  JMP 002001F8 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2820] USER32.dll!UnhookWindowsHookEx                                                                  76DFA37A 5 Bytes  JMP 00210A08 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2820] USER32.dll!SetWindowsHookExW                                                                    76DFF223 5 Bytes  JMP 00210804 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2820] USER32.dll!UnhookWinEvent                                                                       76DFFE7F 5 Bytes  JMP 002103FC 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2820] USER32.dll!SetWinEventHook                                                                      76E0938E 5 Bytes  JMP 002101F8 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2820] USER32.dll!SetWindowsHookExA                                                                    76E16F76 5 Bytes  JMP 00210600 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[2852] ntdll.dll!LdrUnloadDll                                                             77992029 5 Bytes  JMP 008403FC 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[2852] ntdll.dll!LdrLoadDll                                                               779A5D29 5 Bytes  JMP 008401F8 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[2852] USER32.dll!UnhookWindowsHookEx                                                     76DFA37A 5 Bytes  JMP 00860A08 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[2852] USER32.dll!SetWindowsHookExW                                                       76DFF223 5 Bytes  JMP 00860804 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[2852] USER32.dll!UnhookWinEvent                                                          76DFFE7F 5 Bytes  JMP 008603FC 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[2852] USER32.dll!SetWinEventHook                                                         76E0938E 5 Bytes  JMP 008601F8 
.text           C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe[2852] USER32.dll!SetWindowsHookExA                                                       76E16F76 5 Bytes  JMP 00860600 
.text           C:\WINDOWS\system32\svchost.exe[2964] ntdll.dll!LdrUnloadDll                                                                                           77992029 5 Bytes  JMP 010E03FC 
.text           C:\WINDOWS\system32\svchost.exe[2964] ntdll.dll!LdrLoadDll                                                                                             779A5D29 5 Bytes  JMP 010E01F8 
.text           C:\WINDOWS\system32\svchost.exe[2964] KERNEL32.dll!GetBinaryTypeW + 6F                                                                                 7541DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[2964] user32.dll!UnhookWindowsHookEx                                                                                   76DFA37A 5 Bytes  JMP 01200A08 
.text           C:\WINDOWS\system32\svchost.exe[2964] user32.dll!SetWindowsHookExW                                                                                     76DFF223 5 Bytes  JMP 01200804 
.text           C:\WINDOWS\system32\svchost.exe[2964] user32.dll!UnhookWinEvent                                                                                        76DFFE7F 5 Bytes  JMP 012003FC 
.text           C:\WINDOWS\system32\svchost.exe[2964] user32.dll!SetWinEventHook                                                                                       76E0938E 5 Bytes  JMP 012001F8 
.text           C:\WINDOWS\system32\svchost.exe[2964] user32.dll!SetWindowsHookExA                                                                                     76E16F76 5 Bytes  JMP 01200600 
.text           C:\WINDOWS\system32\DllHost.exe[3024] ntdll.dll!LdrUnloadDll                                                                                           77992029 5 Bytes  JMP 00F503FC 
.text           C:\WINDOWS\system32\DllHost.exe[3024] ntdll.dll!LdrLoadDll                                                                                             779A5D29 5 Bytes  JMP 00F501F8 
.text           C:\WINDOWS\system32\DllHost.exe[3024] KERNEL32.dll!GetBinaryTypeW + 6F                                                                                 7541DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\DllHost.exe[3024] user32.dll!UnhookWindowsHookEx                                                                                   76DFA37A 5 Bytes  JMP 00FA0A08 
.text           C:\WINDOWS\system32\DllHost.exe[3024] user32.dll!SetWindowsHookExW                                                                                     76DFF223 5 Bytes  JMP 00FA0804 
.text           C:\WINDOWS\system32\DllHost.exe[3024] user32.dll!UnhookWinEvent                                                                                        76DFFE7F 5 Bytes  JMP 00FA03FC 
.text           C:\WINDOWS\system32\DllHost.exe[3024] user32.dll!SetWinEventHook                                                                                       76E0938E 5 Bytes  JMP 00FA01F8 
.text           C:\WINDOWS\system32\DllHost.exe[3024] user32.dll!SetWindowsHookExA                                                                                     76E16F76 5 Bytes  JMP 00FA0600 
.text           C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[3124] ntdll.dll!LdrUnloadDll                                                                   77992029 5 Bytes  JMP 001803FC 
.text           C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[3124] ntdll.dll!LdrLoadDll                                                                     779A5D29 5 Bytes  JMP 001801F8 
.text           C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[3124] USER32.dll!UnhookWindowsHookEx                                                           76DFA37A 5 Bytes  JMP 00330A08 
.text           C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[3124] USER32.dll!SetWindowsHookExW                                                             76DFF223 5 Bytes  JMP 00330804 
.text           C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[3124] USER32.dll!UnhookWinEvent                                                                76DFFE7F 5 Bytes  JMP 003303FC 
.text           C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[3124] USER32.dll!SetWinEventHook                                                               76E0938E 5 Bytes  JMP 003301F8 
.text           C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[3124] USER32.dll!SetWindowsHookExA                                                             76E16F76 5 Bytes  JMP 00330600 
.text           C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3472] ntdll.dll!LdrUnloadDll                                                                    77992029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3472] ntdll.dll!LdrLoadDll                                                                      779A5D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3472] KERNEL32.dll!GetBinaryTypeW + 6F                                                          7541DDE0 1 Byte  [62]
.text           C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3472] USER32.dll!UnhookWindowsHookEx                                                            76DFA37A 5 Bytes  JMP 00220A08 
.text           C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3472] USER32.dll!SetWindowsHookExW                                                              76DFF223 5 Bytes  JMP 00220804 
.text           C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3472] USER32.dll!UnhookWinEvent                                                                 76DFFE7F 5 Bytes  JMP 002203FC 
.text           C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3472] USER32.dll!SetWinEventHook                                                                76E0938E 5 Bytes  JMP 002201F8 
.text           C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe[3472] USER32.dll!SetWindowsHookExA                                                              76E16F76 5 Bytes  JMP 00220600 
.text           C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3516] ntdll.dll!LdrUnloadDll                                                                     77992029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3516] ntdll.dll!LdrLoadDll                                                                       779A5D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3516] KERNEL32.dll!GetBinaryTypeW + 6F                                                           7541DDE0 1 Byte  [62]
.text           C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3516] USER32.dll!UnhookWindowsHookEx                                                             76DFA37A 5 Bytes  JMP 00220A08 
.text           C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3516] USER32.dll!SetWindowsHookExW                                                               76DFF223 5 Bytes  JMP 00220804 
.text           C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3516] USER32.dll!UnhookWinEvent                                                                  76DFFE7F 5 Bytes  JMP 002203FC 
.text           C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3516] USER32.dll!SetWinEventHook                                                                 76E0938E 5 Bytes  JMP 002201F8 
.text           C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3516] USER32.dll!SetWindowsHookExA                                                               76E16F76 5 Bytes  JMP 00220600 
.text           C:\Windows\System32\WUDFHost.exe[3540] ntdll.dll!LdrUnloadDll                                                                                          77992029 5 Bytes  JMP 00EA03FC 
.text           C:\Windows\System32\WUDFHost.exe[3540] ntdll.dll!LdrLoadDll                                                                                            779A5D29 5 Bytes  JMP 00EA01F8 
.text           C:\Windows\System32\WUDFHost.exe[3540] USER32.dll!UnhookWindowsHookEx                                                                                  76DFA37A 5 Bytes  JMP 00EE0A08 
.text           C:\Windows\System32\WUDFHost.exe[3540] USER32.dll!SetWindowsHookExW                                                                                    76DFF223 5 Bytes  JMP 00EE0804 
.text           C:\Windows\System32\WUDFHost.exe[3540] USER32.dll!UnhookWinEvent                                                                                       76DFFE7F 5 Bytes  JMP 00EE03FC 
.text           C:\Windows\System32\WUDFHost.exe[3540] USER32.dll!SetWinEventHook                                                                                      76E0938E 5 Bytes  JMP 00EE01F8 
.text           C:\Windows\System32\WUDFHost.exe[3540] USER32.dll!SetWindowsHookExA                                                                                    76E16F76 5 Bytes  JMP 00EE0600 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3648] ntdll.dll!LdrUnloadDll                                                                             77992029 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3648] ntdll.dll!LdrLoadDll                                                                               779A5D29 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3648] USER32.dll!UnhookWindowsHookEx                                                                     76DFA37A 5 Bytes  JMP 00220A08 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3648] USER32.dll!SetWindowsHookExW                                                                       76DFF223 5 Bytes  JMP 00220804 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3648] USER32.dll!UnhookWinEvent                                                                          76DFFE7F 5 Bytes  JMP 002203FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3648] USER32.dll!SetWinEventHook                                                                         76E0938E 5 Bytes  JMP 002201F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3648] USER32.dll!SetWindowsHookExA                                                                       76E16F76 5 Bytes  JMP 00220600 
.text           C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3668] ntdll.dll!LdrUnloadDll                                                             77992029 5 Bytes  JMP 008703FC 
.text           C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3668] ntdll.dll!LdrLoadDll                                                               779A5D29 5 Bytes  JMP 008701F8 
.text           C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3668] USER32.dll!UnhookWindowsHookEx                                                     76DFA37A 5 Bytes  JMP 00880A08 
.text           C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3668] USER32.dll!SetWindowsHookExW                                                       76DFF223 5 Bytes  JMP 00880804 
.text           C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3668] USER32.dll!UnhookWinEvent                                                          76DFFE7F 5 Bytes  JMP 008803FC 
.text           C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3668] USER32.dll!SetWinEventHook                                                         76E0938E 5 Bytes  JMP 008801F8 
.text           C:\Users\***\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[3668] USER32.dll!SetWindowsHookExA                                                       76E16F76 5 Bytes  JMP 00880600 
.text           C:\Windows\System32\RuntimeBroker.exe[3872] ntdll.dll!LdrUnloadDll                                                                                     77992029 5 Bytes  JMP 003603FC 
.text           C:\Windows\System32\RuntimeBroker.exe[3872] ntdll.dll!LdrLoadDll                                                                                       779A5D29 5 Bytes  JMP 003601F8 
.text           C:\Windows\System32\RuntimeBroker.exe[3872] USER32.dll!UnhookWindowsHookEx                                                                             76DFA37A 5 Bytes  JMP 00380A08 
.text           C:\Windows\System32\RuntimeBroker.exe[3872] USER32.dll!SetWindowsHookExW                                                                               76DFF223 5 Bytes  JMP 00380804 
.text           C:\Windows\System32\RuntimeBroker.exe[3872] USER32.dll!UnhookWinEvent                                                                                  76DFFE7F 5 Bytes  JMP 003803FC 
.text           C:\Windows\System32\RuntimeBroker.exe[3872] USER32.dll!SetWinEventHook                                                                                 76E0938E 5 Bytes  JMP 003801F8 
.text           C:\Windows\System32\RuntimeBroker.exe[3872] USER32.dll!SetWindowsHookExA                                                                               76E16F76 5 Bytes  JMP 00380600 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4012] ntdll.dll!LdrUnloadDll            77992029 5 Bytes  JMP 010303FC 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4012] ntdll.dll!LdrLoadDll              779A5D29 5 Bytes  JMP 010301F8 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4012] KERNEL32.dll!GetBinaryTypeW + 6F  7541DDE0 1 Byte  [62]
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4012] USER32.dll!UnhookWindowsHookEx    76DFA37A 5 Bytes  JMP 011F0A08 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4012] USER32.dll!SetWindowsHookExW      76DFF223 5 Bytes  JMP 011F0804 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4012] USER32.dll!UnhookWinEvent         76DFFE7F 5 Bytes  JMP 011F03FC 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4012] USER32.dll!SetWinEventHook        76E0938E 5 Bytes  JMP 011F01F8 
.text           C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe\LiveComm.exe[4012] USER32.dll!SetWindowsHookExA      76E16F76 5 Bytes  JMP 011F0600 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4044] ntdll.dll!LdrUnloadDll                                                                77992029 5 Bytes  JMP 002103FC 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4044] ntdll.dll!LdrLoadDll                                                                  779A5D29 5 Bytes  JMP 002101F8 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4044] KERNEL32.dll!GetBinaryTypeW + 6F                                                      7541DDE0 1 Byte  [62]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4044] USER32.dll!UnhookWindowsHookEx                                                        76DFA37A 5 Bytes  JMP 00340A08 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4044] USER32.dll!SetWindowsHookExW                                                          76DFF223 5 Bytes  JMP 00340804 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4044] USER32.dll!UnhookWinEvent                                                             76DFFE7F 5 Bytes  JMP 003403FC 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4044] USER32.dll!SetWinEventHook                                                            76E0938E 5 Bytes  JMP 003401F8 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[4044] USER32.dll!SetWindowsHookExA                                                          76E16F76 5 Bytes  JMP 00340600 
.text           C:\WINDOWS\system32\ctfmon.exe[4620] ntdll.dll!LdrUnloadDll                                                                                            77992029 5 Bytes  JMP 004603FC 
.text           C:\WINDOWS\system32\ctfmon.exe[4620] ntdll.dll!LdrLoadDll                                                                                              779A5D29 5 Bytes  JMP 004601F8 
.text           C:\WINDOWS\system32\ctfmon.exe[4620] KERNEL32.dll!GetBinaryTypeW + 6F                                                                                  7541DDE0 1 Byte  [62]
.text           C:\WINDOWS\system32\ctfmon.exe[4620] USER32.dll!UnhookWindowsHookEx                                                                                    76DFA37A 5 Bytes  JMP 00490A08 
.text           C:\WINDOWS\system32\ctfmon.exe[4620] USER32.dll!SetWindowsHookExW                                                                                      76DFF223 5 Bytes  JMP 00490804 
.text           C:\WINDOWS\system32\ctfmon.exe[4620] USER32.dll!UnhookWinEvent                                                                                         76DFFE7F 5 Bytes  JMP 004903FC 
.text           C:\WINDOWS\system32\ctfmon.exe[4620] USER32.dll!SetWinEventHook                                                                                        76E0938E 5 Bytes  JMP 004901F8 
.text           C:\WINDOWS\system32\ctfmon.exe[4620] USER32.dll!SetWindowsHookExA                                                                                      76E16F76 5 Bytes  JMP 00490600 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5900] ntdll.dll!LdrUnloadDll                                                                              77992029 5 Bytes  JMP 002F03FC 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5900] ntdll.dll!LdrLoadDll                                                                                779A5D29 5 Bytes  JMP 5885EEB0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5900] KERNEL32.dll!InterlockedExchange + 11                                                               7540153B 7 Bytes  JMP 58E6979B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5900] KERNEL32.dll!GetStdHandle + C                                                                       75401B37 7 Bytes  JMP 58E69778 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5900] KERNEL32.dll!CreateProcessW + 69                                                                    75404798 7 Bytes  JMP 58864CE9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5900] KERNEL32.dll!GetBinaryTypeW + 6F                                                                    7541DDE0 1 Byte  [62]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5900] USER32.dll!UnhookWindowsHookEx                                                                      76DFA37A 5 Bytes  JMP 00300A08 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5900] USER32.dll!SetWindowsHookExW                                                                        76DFF223 5 Bytes  JMP 00300804 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5900] USER32.dll!UnhookWinEvent                                                                           76DFFE7F 5 Bytes  JMP 003003FC 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5900] USER32.dll!SetWinEventHook                                                                          76E0938E 5 Bytes  JMP 003001F8 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5900] USER32.dll!SetWindowsHookExA                                                                        76E16F76 5 Bytes  JMP 00300600 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5900] GDI32.dll!SetWindowOrgEx + 3C7                                                                      771C8C9D 7 Bytes  JMP 58E696F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 2.1 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                 aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                                aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                                aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                               fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                      -2134714711

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk1\DR1                                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----
         
Wie verhält es sich eigentlich mit meinem Windows Phone, dass bei mir auch Netzwerkzugriff hat? Muss ich da auch was befürchten?

Alt 14.07.2013, 22:56   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast blockiert Datei (windows\system32\svchost.exe) - Standard

Avast blockiert Datei (windows\system32\svchost.exe)



Was ist mit MBAR? Du solltest erst MBAR dann GMER ausführen....
__________________
Logs bitte immer in CODE-Tags posten

Alt 14.07.2013, 22:58   #14
loewenherzl
 
Avast blockiert Datei (windows\system32\svchost.exe) - Standard

Avast blockiert Datei (windows\system32\svchost.exe)



MBAR:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.14.06

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16635
Sascha :: LABTOP [administrator]

14.07.2013 21:56:12
mbar-log-2013-07-14 (21-56-12).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 230630
Time elapsed: 16 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Sorry, habe ich vergessen einzufügen. Ist schon zu spät

Alt 14.07.2013, 22:59   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast blockiert Datei (windows\system32\svchost.exe) - Standard

Avast blockiert Datei (windows\system32\svchost.exe)



Hat MBAR wirklich nix gefunden?
__________________
Logs bitte immer in CODE-Tags posten

Antwort

Themen zu Avast blockiert Datei (windows\system32\svchost.exe)
avast, beendet, blockiert, datei, datenträger, diverse, fehlermeldung, gen, gmer, infizierte, internet, langsam, laptop, laufwerk, meldung, probleme, rechner, sekunden, spiele, spielen, svchost.exe, system, system32, unregelmäßige, verbindung, windows



Ähnliche Themen: Avast blockiert Datei (windows\system32\svchost.exe)


  1. Avast! Web-Schutz hat eine schädliche Website oder Datei blockiert
    Plagegeister aller Art und deren Bekämpfung - 26.08.2015 (13)
  2. Avast meldet "schädliche Webseite blockiert " - svchost
    Plagegeister aller Art und deren Bekämpfung - 19.06.2015 (22)
  3. Avast Pop-ups Infection: URL:Mal Process: C:\Windows\System32\svchost.exe
    Log-Analyse und Auswertung - 13.06.2015 (11)
  4. Avast meldet "schädliche Webseite blockiert " - svchost
    Plagegeister aller Art und deren Bekämpfung - 13.06.2015 (18)
  5. Trojaner "c:\windows\system32\svchost.exe "Avast - Infektion geblockt"
    Log-Analyse und Auswertung - 07.06.2015 (16)
  6. AVAST meldet Infektion - SVCHOST.exe und SWUpdate.exe wird blockiert
    Log-Analyse und Auswertung - 06.05.2015 (7)
  7. Avast meldet ständig bösartige Website blockiert (URL:Mal) - Prozess "svchost.exe"
    Plagegeister aller Art und deren Bekämpfung - 07.04.2015 (9)
  8. URL:Mal in C:\Windows\System32\svchost.exe von avast gefunden
    Plagegeister aller Art und deren Bekämpfung - 11.03.2015 (11)
  9. c:\windows\system32\svchost.exe "Avast - Infektion geblockt"
    Log-Analyse und Auswertung - 07.03.2015 (11)
  10. Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 30.01.2015 (11)
  11. Avast - Datei wurde durch eine Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 02.05.2014 (15)
  12. C:windows/system32/svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (1)
  13. Rootkit? Avast: Bösartige Website blockiert, svchost.exe ...
    Log-Analyse und Auswertung - 04.06.2013 (13)
  14. Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe
    Log-Analyse und Auswertung - 14.11.2012 (5)
  15. Avast blockiert Rootkit C:\WINDOWS\system32\drivers\ogpfndii.dat
    Log-Analyse und Auswertung - 20.06.2011 (1)
  16. C:\Windows\system32\svchost.exe.
    Plagegeister aller Art und deren Bekämpfung - 17.07.2009 (19)
  17. c:windows\system32\svchost.exe oO
    Log-Analyse und Auswertung - 14.03.2009 (1)

Zum Thema Avast blockiert Datei (windows\system32\svchost.exe) - Hallo zusammen, ich habe heute für meine Mama im Internet nach diversen kleinen Spielen wie z.B. peggle, jewels quest usw. gesucht, weil sie gerne ein paar Spiele auf ihrem (nicht - Avast blockiert Datei (windows\system32\svchost.exe)...
Archiv
Du betrachtest: Avast blockiert Datei (windows\system32\svchost.exe) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.