| |
| |||||||
Netzwerk und Hardware: eset sysinspektor und gmer finden rootkits, diverse prozesseWindows 7 Hilfe zu Motherboards, CPUs, Lüfter, Raid-Controller, Digitalkameras, Treiber usw. Bitte alle relevanten Angaben zur Hardware machen. Welche Hardware habe ich? Themen zum Trojaner Entfernen oder Viren Beseitigung bitte in den Bereinigungsforen des Trojaner-Boards posten. |
01.03.2017, 05:44
| #1 |
 |  eset sysinspektor und gmer finden rootkits, diverse prozesse hallo, mein laptop wird von tag zu tag unbrauchbarer und ich weiß einfach nicht weiter. er ist ständig am überhitzen trotz externem lüfer und niedrigen grafikdetails, mein startmenü lässt sich nicht mehr öffnen und immer mehr programme funktionieren nicht mehr richtig. ich hab vor einiger zeit schon einmal ein thema erstellt, allerdings hat auch unter anleitung kein programm wirklich etwas gefunden. mein helfer meinte irgendwann es müsse wohl an der hardware liegen. da ich meinen pc aber gut kenne und einige der probleme wohl eher nicht hardware bedingt sind, bin ich immer noch davon überzeugt dass ich mir irgendetwas eingegfangen habe. der eset sysinspektor hat nun auch "endlich" etwas gefunden. neben 100ten registry eintägen und einigen prozessen die ich schon lange im verdacht habe, stuft er die explorer.exe als gefährlich ein. im anschluss hab ich einen rootkitscan mit GMER durchgeführt (hab mich an die anleitung gehalten) und auch der hat alarm geschlagen. wenn jemand zeit hat wäre es cool wenn er sich die logfiles mal anschaun könnte. beim sysinspektotor weiß ich allerdings nicht ob ihr die log für den privaten gebrauch, oder die zum versenden benötigt. die GMER log kann ich aber schon mal posten. gruß, dragonfly Code:
ATTFilter GMER 2.2.19882 - hxxp://www.gmer.net
Rootkit scan 2017-03-01 00:29:12
Windows 6.2.9200 x64
Running: 1onkxdyx.exe
---- Services - GMER 2.2 ----
Service system32\DRIVERS\eamonm.sys (*** hidden *** ) [DISABLED] eamonm <-- ROOTKIT !!!
Service system32\DRIVERS\edevmon.sys (*** hidden *** ) [DISABLED] edevmon <-- ROOTKIT !!!
Service system32\DRIVERS\ehdrv.sys (*** hidden *** ) [DISABLED] ehdrv <-- ROOTKIT !!!
Service system32\DRIVERS\epfwwfpr.sys (*** hidden *** ) [DISABLED] epfwwfpr <-- ROOTKIT !!!
---- Registry - GMER 2.2 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x82 0x22 0xCB 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xE2 0x24 0x0D 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x14 0x85 0xCD 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xDE 0x76 0x1B 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@de-DE 35
Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SDC45520_00_07DC_7F^A2145B18A703222465C83CE231C04DC1@Timestamp 0xD1 0x61 0xBD 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 756
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B3B3F2B0-F658-4E62-9374-7D528A9BEFDE}\Connection@Name isatap.home
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Users\DRAGON~1\AppData\Local\Temp\~nsuA.tmp\Au_.exe??\??\C:\Users\DRAGON~1\AppData\Local\Temp\~nsuA.tmp??\??\C:\Users\DRAGON~1\AppData\Local\Temp\INS_c9dea586.TMP??\??\C:\Users\DRAGON~1\AppData\Local\Temp\INS_f0614208.TMP??\??\C:\Users\DRAGON~1\AppData\Local\Temp\INS_cc6eb89f.TMP??\??\C:\Users\DRAGON~1\AppData\Local\Temp\NvidiaLogging??\??\C:\Users\Dragonfly\AppData\Local\Temp\1541172\svchost.exe??\??\C:\Program Files\AVAST Software\Avast\setup\settings-8f0.ori??\??\C:\Program Files\AVAST Software\Avast\setup??\??\C:\Program Files\AVAST Software\Avast\337548cc-f784-49e8-a0a1-14cb42bf5755.cab??\??\C:\Program Files\AVAST Software\Avast\337548cc-f784-49e8-a0a1-14cb42bf5755??\??\C:\Program Files\AVAST Software\Avast\337548cc-f784-49e8-a0a1-14cb42bf5755\backup.exe??\??\C:\Program Files\AVAST Software\Avast\337548cc-f784-49e8-a0a1-14cb42bf5755\upgrade.exe??\??\C:\Program Files (x86)\Google\Chrome??\??\C:\Users\DRAGON~1\AppData\Local\Temp\epf2605.tmp??\??\C:\Users\DRAGON~1\AppData\Local\Temp\eam27FB.tmp??\??
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 1340060
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -2079710322
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 35
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 498045587
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 2501
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 2063
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID d17850df-3387-499c-806e-28b2a92
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\WdiContextLog@FileCounter 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh\Parameters@Reboot 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\48d2244c6a15
Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{9c629fb9-4ccc-42ff-af76-3ecdec00b121}@LastProbeTime 1488309518
Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm
Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@Start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@ImagePath system32\DRIVERS\eamonm.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@DisplayName eamonm
Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@Description Eset file on-access scanner
Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@SupportedFeatures 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm@DeleteFlag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm\Instances
Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm\Instances@DefaultInstance AmonMinifilter Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm\Instances\AmonMinifilter Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm\Instances\AmonMinifilter Instance@Altitude 328700
Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm\Instances\AmonMinifilter Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\eamonm
Reg HKLM\SYSTEM\CurrentControlSet\Services\edevmon
Reg HKLM\SYSTEM\CurrentControlSet\Services\edevmon@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\edevmon@Start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\edevmon@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\edevmon@Tag 13
Reg HKLM\SYSTEM\CurrentControlSet\Services\edevmon@ImagePath system32\DRIVERS\edevmon.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\edevmon@DisplayName edevmon
Reg HKLM\SYSTEM\CurrentControlSet\Services\edevmon@Group PNP Filter
Reg HKLM\SYSTEM\CurrentControlSet\Services\edevmon@Description Eset device blocker
Reg HKLM\SYSTEM\CurrentControlSet\Services\edevmon@DeleteFlag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\edevmon\Instances
Reg HKLM\SYSTEM\CurrentControlSet\Services\edevmon\Instances@DefaultInstance DevmonMinifilter Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\edevmon\Instances\DevmonMinifilter Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\edevmon\Instances\DevmonMinifilter Instance@Altitude 400800
Reg HKLM\SYSTEM\CurrentControlSet\Services\edevmon\Instances\DevmonMinifilter Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\edevmon
Reg HKLM\SYSTEM\CurrentControlSet\Services\ehdrv
Reg HKLM\SYSTEM\CurrentControlSet\Services\ehdrv@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ehdrv@Start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\ehdrv@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ehdrv@Tag 20
Reg HKLM\SYSTEM\CurrentControlSet\Services\ehdrv@ImagePath \SystemRoot\system32\DRIVERS\ehdrv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\ehdrv@DisplayName ehdrv
Reg HKLM\SYSTEM\CurrentControlSet\Services\ehdrv@Group Base
Reg HKLM\SYSTEM\CurrentControlSet\Services\ehdrv@Description Eset Helper driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\ehdrv@DeleteFlag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ehdrv
Reg HKLM\SYSTEM\CurrentControlSet\Services\epfwwfpr
Reg HKLM\SYSTEM\CurrentControlSet\Services\epfwwfpr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\epfwwfpr@Start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\epfwwfpr@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\epfwwfpr@Tag 9
Reg HKLM\SYSTEM\CurrentControlSet\Services\epfwwfpr@ImagePath \SystemRoot\system32\DRIVERS\epfwwfpr.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\epfwwfpr@DisplayName epfwwfpr
Reg HKLM\SYSTEM\CurrentControlSet\Services\epfwwfpr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\Services\epfwwfpr@DependOnService Tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\Services\epfwwfpr@Description EPFW Filter Driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\epfwwfpr@DeleteFlag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\epfwwfpr
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{B3B3F2B0-F658-4E62-9374-7D528A9BEFDE}@DefunctTimestamp 0x20 0x05 0xB6 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?Di?, ?Feb ?28 ?17, 07:20:28???????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 9304
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 1978
Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 34
Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 149
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9d7e27a9-5756-47e5-95d0-70cb4968354e}@LeaseObtainedTime 1488322372
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9d7e27a9-5756-47e5-95d0-70cb4968354e}@T1 1488324022
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9d7e27a9-5756-47e5-95d0-70cb4968354e}@T2 1488325372
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9d7e27a9-5756-47e5-95d0-70cb4968354e}@LeaseTerminatesTime 1488325972
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9d7e27a9-5756-47e5-95d0-70cb4968354e}@Dhcpv6InformationObtainedTime 1488305917
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x94 0x0A 0x02 0x67 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x94 0x72 0xC6 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x94 0xA2 0x3D 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0
Reg HKLM\SYSTEM\Maps@LastMapUpdateCheck 0x52 0xA4 0xE0 0x35 ...
Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1
Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting@LastRateLimitedDumpGenerationTime 0x7B 0xAC 0x90 0x39 ...
Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_1onkxdyx.exe_338a7d8b6f255e6a69648b03af9e2462b2f4ee_f6e57321_09317293
---- EOF - GMER 2.2 ----
Code:
ATTFilter GMER 2.2.19882 - hxxp://www.gmer.net
Rootkit scan 2017-03-01 04:49:19
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000LM rev.2AR2 931,51GB
Running: 1onkxdyx.exe; Driver: C:\Users\DRAGON~1\AppData\Local\Temp\uxlyquog.sys
---- User code sections - GMER 2.2 ----
? C:\WINDOWS\system32\apphelp.dll [196] entry point in ".rdata" section 0000000070940380
? C:\WINDOWS\system32\apphelp.dll [2332] entry point in ".rdata" section 0000000070940380
---- Kernel IAT/EAT - GMER 2.2 ----
IAT C:\WINDOWS\System32\drivers\CLASSPNP.SYS[ntoskrnl.exe!IofCallDriver] [fffff8007106db3c] \SystemRoot\system32\drivers\aswSP.sys [unknown section]
---- Threads - GMER 2.2 ----
Thread C:\WINDOWS\system32\csrss.exe [644:696] fffff96188b84030
Thread C:\WINDOWS\explorer.exe [3796:3952] 00007ffee8610880
Thread C:\WINDOWS\explorer.exe [3796:4052] 00007ffee7667fe0
Thread C:\WINDOWS\explorer.exe [3796:3104] 0000000055807ff0
Thread C:\WINDOWS\explorer.exe [3796:3156] 00007ffee7961c40
Thread C:\WINDOWS\explorer.exe [3796:3780] 00007ffeefc330f0
Thread C:\WINDOWS\explorer.exe [3796:4964] 00007ffeda16ed40
Thread C:\WINDOWS\explorer.exe [3796:2176] 00007ffeda17f970
---- Services - GMER 2.2 ----
Service system32\drivers\aswbidsdrivera.sys (*** hidden *** ) [SYSTEM] aswbidsdriver <-- ROOTKIT !!!
Service system32\drivers\aswbidsha.sys (*** hidden *** ) [BOOT] aswbidsh <-- ROOTKIT !!!
Service system32\drivers\aswbloga.sys (*** hidden *** ) [BOOT] aswblog <-- ROOTKIT !!!
Service system32\drivers\aswbuniva.sys (*** hidden *** ) [BOOT] aswbuniv <-- ROOTKIT !!!
Service system32\drivers\aswHwid.sys (*** hidden *** ) [MANUAL] aswHwid <-- ROOTKIT !!!
Service system32\drivers\aswKbd.sys (*** hidden *** ) [SYSTEM] aswKbd <-- ROOTKIT !!!
Service system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!!
Service system32\drivers\aswRdr2.sys (*** hidden *** ) [SYSTEM] aswRdr <-- ROOTKIT !!!
Service system32\drivers\aswRvrt.sys (*** hidden *** ) [BOOT] aswRvrt <-- ROOTKIT !!!
Service system32\drivers\aswSnx.sys (*** hidden *** ) [SYSTEM] aswSnx <-- ROOTKIT !!!
Service system32\drivers\aswSP.sys (*** hidden *** ) [SYSTEM] aswSP <-- ROOTKIT !!!
Service system32\drivers\aswStm.sys (*** hidden *** ) [AUTO] aswStm <-- ROOTKIT !!!
Service system32\drivers\aswVmm.sys (*** hidden *** ) [BOOT] aswVmm <-- ROOTKIT !!!
Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!!
---- Registry - GMER 2.2 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Program Files\AVAST Software\Avast\setup\Sfx\Instup.dll??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\instup.exe??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\New_110208f0\aswOfferTool.exe??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\New_110208f0\avBugReport.exe??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\New_110208f0\AvDump32.exe??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\New_110208f0\AvDump64.exe??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\New_110208f0\HTMLayout.dll??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\New_110208f0\Instup.dll??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\New_110208f0\instup.exe??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\New_110208f0\??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\Instup.dll??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\instup.exe??\??\C:\Program Files\AVAST Software\Avast\setup\Sfx\New_110208f0\aswOfferTool.exe??\??\C:
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager@BackupCount 1
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 680140415
Reg HKLM\SYSTEM\CurrentControlSet\Control\usb\ceip@UsbCeipTaskLastRunTimestamp 0xF3 0xF8 0x73 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent@Type 16
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent@ImagePath "C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent@DisplayName aswbIDSAgent
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent@Description Provides Identity Protection Against Cyber Crime.
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbIDSAgent
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver@ImagePath \SystemRoot\system32\drivers\aswbidsdrivera.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver@DisplayName aswbidsdriver
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsdriver
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh@ImagePath \SystemRoot\system32\drivers\aswbidsha.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh@DisplayName aswbidsh
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh\Parameters@Reboot 5
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbidsh
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog@ImagePath \SystemRoot\system32\drivers\aswbloga.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog@DisplayName aswblog
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog\Parameters@LogDir \??\C:\ProgramData\AVAST Software\Avast\log
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog\Parameters@ConfigDir \??\C:\ProgramData\AVAST Software\Avast\cfg
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog\Parameters@NotifyDrivers \Device\AvaswIDSErHr?\Device\aswIDS_Ioc2?\Device\AvaswUniv?
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswblog
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv@ImagePath \SystemRoot\system32\drivers\aswbuniva.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv@DisplayName aswbuniv
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswbuniv
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswHwid
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswHwid@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswHwid@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswHwid@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswHwid@ImagePath \SystemRoot\system32\drivers\aswHwid.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswHwid@DisplayName aswHwid
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswHwid
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@Tag 5
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@ImagePath \SystemRoot\system32\drivers\aswKbd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@DisplayName aswKbd
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd@Group Keyboard Port
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswKbd
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ImagePath \SystemRoot\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ImagePath \SystemRoot\system32\drivers\aswRdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@ImagePath \SystemRoot\system32\drivers\aswRvrt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Group Extended Base
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@SystemRoot \Device\HarddiskVolume2\WINDOWS
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@TickCounter 2369
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883231355312288
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883231355312288@ Commited
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883231355312288@BootTimeout 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883231355312288@TickTimeout 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883231355312288@CreationTime 0xC6 0x82 0x76 0x2B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883231355312288@StartBootCounter 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883231355312288@StartTickCounter 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883238441252288
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883238441252288@ Commited
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883238441252288@BootTimeout 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883238441252288@TickTimeout 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883238441252288@CreationTime 0x8D 0x0A 0x53 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883238441252288@SetupOperations MoveFile("\??\C:\Program Files\AVAST Software\Avast\afwDC75.tmp","\??\C:\Program Files\AVAST Software\Avast\afwServ.exe",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\afwDC85.tmp","\??\C:\Program Files\AVAST Software\Avast\afwCore.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\afwDC86.tmp","\??\C:\Program Files\AVAST Software\Avast\afwCoreClient.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\afwDC97.tmp","\??\C:\Program Files\AVAST Software\Avast\afwCoreServ.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\afwDC98.tmp","\??\C:\Program Files\AVAST Software\Avast\afwGeoIP.dll",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\afwDCA8.tmp","\??\C:\Program Files\AVAST Software\Avast\afwRpc.dll",TRUE)?MoveFile("\??\C:\ProgramData\AVAST Software\Avast\fw\macDCAB.tmp","\??\C:\ProgramData\AVAST Software\Avast\fw\macaddr.db",TRUE)?MoveFile("\??\C:\Program Files\AVAST Software\Avast\ahRF6A4.tmp","\??\C:\Program Files\AVAST Software\Avast\ahResSecDns.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883238441252288@StartBootCounter 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883238441252288@StartTickCounter 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883262370462288
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883262370462288@ Package
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883262370462288@BootTimeout 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883262370462288@TickTimeout 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883262370462288@CreationTime 0xDE 0x43 0x65 0x64 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883262370462288@SetupOperations MoveFile("\??\C:\Program Files\AVAST Software\Avast\AavE430.tmp","\??\C:\Program Files\AVAST Software\Avast\Aavm4h.dll",TRUE)?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\settings-8f0.ori")?RemoveDir("\??\C:\Program Files\AVAST Software\Avast\setup",FALSE,FALSE)?
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883262370462288@StartBootCounter 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883262370462288@StartTickCounter 2369
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883262613432288
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883262613432288@ Package
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883262613432288@BootTimeout 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883262613432288@TickTimeout 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883262613432288@CreationTime 0x5B 0x6B 0x99 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883262613432288@SetupOperations MoveFile("\??\C:\Program Files\AVAST Software\Avast\AavE430.tmp","\??\C:\Program Files\AVAST Software\Avast\Aavm4h.dll",TRUE)?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\setup\settings-8f0.ori")?RemoveDir("\??\C:\Program Files\AVAST Software\Avast\setup",FALSE,FALSE)?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\afwServ.exe")?RemoveDir("\??\C:\Program Files\AVAST Software\Avast",FALSE,FALSE)?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\afwCore.dll")?RemoveDir("\??\C:\Program Files\AVAST Software\Avast",FALSE,FALSE)?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\afwCoreClient.dll")?RemoveDir("\??\C:\Program Files\AVAST Software\Avast",FALSE,FALSE)?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\afwCoreServ.dll")?RemoveDir("\??\C:\Program Files\AVAST Software\Avast",FALSE,FALSE)?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\afwGeoIP.dll")?RemoveDir("\??\C:\Program Files\AVAST Software\Avast",FALSE,FALSE)?DeleteFile("\??\C:\Program Files\AVAST Software\Avast\afwRp
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883262613432288@FailedOperations C0000034 MoveFile("\??\C:\Program Files\AVAST Software\Avast\AavE430.tmp","\??\C:\Program Files\AVAST Software\Avast\Aavm4h.dll",TRUE)?
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883262613432288@StartBootCounter 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters\Instup_14883262613432288@StartTickCounter 2369
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@ImagePath \SystemRoot\system32\drivers\aswSnx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@ImagePath \SystemRoot\system32\drivers\aswSP.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Group FSFilter Security Enhancer
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Instances
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Instances@DefaultInstance aswSP Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Instances\aswSP Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Instances\aswSP Instance@Altitude 388401
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Instances\aswSP Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@UsersFolder \??\C:\Users
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@PassiveMode 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@SZBProgramFolder \??\C:\Program Files\AVAST Software\SZBrowser
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@SZBDataFolder \??\C:\ProgramData\AVAST Software\SZBrowser
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm@ImagePath \SystemRoot\system32\drivers\aswStm.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm@DisplayName aswStm
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm@Group NDIS
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm\Parameters\Wdf
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm\Parameters\Wdf@WdfMajorVersion 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm\Parameters\Wdf@WdfMinorVersion 9
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswStm
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@ImagePath \SystemRoot\system32\drivers\aswVmm.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Group Extended Base
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DisplayName Avast Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@FailureActions 0x80 0x51 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Description Verwaltet und implementiert die Avast Antivirus Dienste auf diesem Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus Container sowie die Zeitplan.
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\48d2244c6a15
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 9524
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{8CFB637A-09AB-4EE3-B0B1-378BBABB1488} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561_0\SZBrowser.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser|
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{D65A6FE7-0353-457B-A4AF-AE92C0557562} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561_1\SZBrowser.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser|
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x62 0x41 0x18 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x62 0xA9 0xDC 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x62 0xD9 0x53 0xD8 ...
---- EOF - GMER 2.2 ----
Code:
ATTFilter GMER 2.2.19882 - hxxp://www.gmer.net
Autostart scan 2017-03-01 04:59:46
Windows 6.2.9200
gupdate@ = "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
NVDisplay.ContainerLocalSystem@ = "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
Spooler@ = %SystemRoot%\System32\spoolsv.exe /*file not found*/
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe@DisableExceptionChainValidation = 3 /*file not found*/
HKLM\Software\Classes\.hta@ = C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/(null) =
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/%ProgramFiles%\Synaptics\SynTP\SynTPCpl.dll /*file not found*/ = %ProgramFiles%\Synaptics\SynTP\SynTPCpl.dll /*file not found*/
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\Program Files\NVIDIA Corporation\Display\nvui.dll = C:\Program Files\NVIDIA Corporation\Display\nvui.dll
@{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} /*NVIDIA Play On My TV Context Menu Extension*/%SystemRoot%\system32\nvshext.dll = %SystemRoot%\system32\nvshext.dll
@{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} /*NvAppShExt extension*/C:\WINDOWS\system32\nv3dappshext.dll = C:\WINDOWS\system32\nv3dappshext.dll
@{E97DEC16-A50D-49bb-AE24-CF682282E08D} /*OpenGLShExt extension*/C:\WINDOWS\system32\nv3dappshext.dll = C:\WINDOWS\system32\nv3dappshext.dll
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ >>>
igfxcui@{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =
NvCplDesktopContext@{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = %SystemRoot%\system32\nvshext.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhxxp://go.microsoft.com/fwlink/p/?LinkId=255141 = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
@Start Pagehxxp://go.microsoft.com/fwlink/p/?LinkId=255141 = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
@Local PageC:\Windows\System32\blank.htm = C:\Windows\System32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehxxp://go.microsoft.com/fwlink/p/?LinkId=255141 = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
@Local Page%11%\blank.htm = %11%\blank.htm
---- EOF - GMER 2.2 ----
|
| Themen zu eset sysinspektor und gmer finden rootkits, diverse prozesse |
| anschluss, au_.exe, avast, diverse, down, eset sysinspektor, explorer.exe, gmerrootkitscan, google, helper, laptop, logfiles, microsoft, programme, prozess, prozesse, registry, rootkit, scan, secure, server, shutdown, software, svchost.exe, system, system32, temp, wmi |
Baum-Darstellung