Win7 Mozilla öffnet Fenster mit "http://static.icmapp.com/blank.html# ..." hallo zusammen,
seit ein paar tagen öffnet mozilla (version 25.0.1) beim surfen oder beim anklicken von diversen inhalt ein neues fenster mit folgender adresse:
hxxp://static.icmapp.com/blank.html#{%22ad_type%22%3A%22window%22%2C%22percent%22%3A100%2C%22size%22%3A[{%22percent%22%3A40%2C%22width%22%3A800%2C%22height%22%3A440}%2C{%22percent%22%3A60%2C%22width%22%3A1200%2C%22height%22%3A900}]%2C%22ad_width%22%3A1200%2C%22ad_height%22%3A900%2C%22url%22%3A%22http%3A%2F%2Ffilepony.de%2Fdownload-defogger%2F%22}
ich habe bereits die drei logs von defooger, frst und gmer erstellt. avast virensoftware hat keine bedrohungen gefunden.
hier die ergebnisse:
defooger: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:52 on 14/12/2013 (claver)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- frst: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by claver (administrator) on CLAVERPC on 14-12-2013 11:55:45
Running from C:\Users\claver\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) D:\F12012\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [966072 2012-10-11] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [580096 2012-10-09] (Samsung Electronics)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843208 2012-11-12] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843208 2012-11-12] (Samsung)
HKCU\...\Run: [Steam] - D:\F12012\Steam.exe [1823656 2013-12-11] (Valve Corporation)
MountPoints2: {2067662d-58df-11e1-b0cb-806e6f6e6963} - H:\SETUP.EXE
MountPoints2: {2067662e-58df-11e1-b0cb-806e6f6e6963} - I:\MLLaunch.exe
MountPoints2: {c9d85ae9-8fb7-11e1-8c96-001a4d583df4} - J:\LaunchU3.exe -a
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [309688 2012-10-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-08] (AVAST Software)
Startup: C:\Users\claver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
URLSearchHook: HKLM-x32 - Ashampoo DE Toolbar - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
URLSearchHook: HKCU - Ashampoo DE Toolbar - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
BHO: Plus-HD-1.6 - {11111111-1111-1111-1111-110311201102} - C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll (Plus HD)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Ashampoo DE Toolbar - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: buenosearch Helper Object - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files (x86)\buenosearch\buenosearch\1.8.21.22\bh\buenosearch.dll (BuenoSearch)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Ashampoo DE Toolbar - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\claver\AppData\Roaming\Mozilla\Firefox\Profiles\vdxh057x.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-1.6 - C:\Users\claver\AppData\Roaming\Mozilla\Firefox\Profiles\vdxh057x.default\Extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com
FF Extension: Adblock Plus - C:\Users\claver\AppData\Roaming\Mozilla\Firefox\Profiles\vdxh057x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\claver\AppData\Roaming\Mozilla\Firefox\Profiles\vdxh057x.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-08] (AVAST Software)
S3 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe [884608 2012-05-14] ()
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-12-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-12-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-12-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-12-08] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-12-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-08] ()
S3 FanatecWheelFilterUsb; C:\Windows\System32\DRIVERS\FWFilterUsb.sys [61008 2011-10-05] (Windows (R) Codename Longhorn DDK provider)
R3 HabuFltr; C:\Windows\System32\drivers\habu.sys [13696 2006-10-26] (Razer (Asia-Pacific) Pte Ltd)
R2 LiveTunerPM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys [12824 2011-03-08] ()
U3 DfSdkS;
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U3 ufloqpob; \??\C:\Users\claver\AppData\Local\Temp\ufloqpob.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-14 11:55 - 2013-12-14 11:55 - 00015663 _____ C:\Users\claver\Desktop\FRST.txt
2013-12-14 11:52 - 2013-12-14 11:52 - 00050477 _____ C:\Users\claver\Desktop\Defogger.exe
2013-12-14 11:52 - 2013-12-14 11:52 - 00000474 _____ C:\Users\claver\Desktop\defogger_disable.log
2013-12-14 11:52 - 2013-12-14 11:52 - 00000000 _____ C:\Users\claver\defogger_reenable
2013-12-14 11:40 - 2013-12-14 11:40 - 00000000 ____D C:\FRST
2013-12-14 11:38 - 2013-12-14 11:38 - 01927462 _____ (Farbar) C:\Users\claver\Desktop\FRST64.exe
2013-12-14 11:38 - 2013-12-14 11:38 - 00377856 _____ C:\Users\claver\Desktop\gmer_2.1.19163.exe
2013-12-08 11:43 - 2013-12-08 11:43 - 00000000 ____D C:\Users\claver\AppData\Roaming\AVAST Software
2013-11-30 11:37 - 2013-11-30 11:37 - 00000793 _____ C:\Users\claver\Desktop\_hochzeit - Verknüpfung.lnk
2013-11-18 20:36 - 2013-11-18 20:36 - 00000000 ____D C:\Users\claver\eTeks
2013-11-18 20:26 - 2013-11-18 20:26 - 00001129 _____ C:\Users\claver\Desktop\Sweet Home 3D.lnk
2013-11-18 20:26 - 2013-11-18 20:26 - 00000000 ____D C:\Users\claver\AppData\Roaming\NVIDIA
2013-11-18 20:26 - 2013-11-18 20:26 - 00000000 ____D C:\Program Files (x86)\Sweet Home 3D
2013-11-18 20:23 - 2013-11-18 20:23 - 00401752 _____ (Softonic ) C:\Users\claver\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe
2013-11-17 10:59 - 2013-11-17 10:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 09:33 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 09:33 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 09:33 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 09:33 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 09:33 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 09:33 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 09:33 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 09:33 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 09:33 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 09:33 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 09:33 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 09:33 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 09:33 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 09:33 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 09:33 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-15 09:33 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-15 09:33 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-15 09:33 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-15 09:33 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-15 09:33 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-15 09:33 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-15 09:33 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-15 09:33 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-15 09:33 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-15 09:33 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-15 09:33 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-15 09:33 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-15 09:33 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 09:33 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-15 09:33 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-15 09:33 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-15 09:31 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-15 09:31 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-15 09:31 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-15 09:31 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-15 09:31 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-15 09:31 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-15 09:31 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-15 09:31 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-15 09:31 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-15 09:31 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-15 09:31 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-15 09:31 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-15 09:31 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-15 09:31 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-15 09:31 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-15 09:31 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-15 09:31 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-15 09:31 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-15 09:31 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-15 09:31 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-15 09:31 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-15 09:31 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-15 09:31 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-15 09:31 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-15 09:31 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-15 09:31 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-15 09:31 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-15 09:31 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-15 09:31 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-15 09:31 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
==================== One Month Modified Files and Folders =======
2013-12-14 11:55 - 2013-12-14 11:55 - 00015663 _____ C:\Users\claver\Desktop\FRST.txt
2013-12-14 11:55 - 2012-02-16 20:58 - 01433610 _____ C:\Windows\WindowsUpdate.log
2013-12-14 11:52 - 2013-12-14 11:52 - 00050477 _____ C:\Users\claver\Desktop\Defogger.exe
2013-12-14 11:52 - 2013-12-14 11:52 - 00000474 _____ C:\Users\claver\Desktop\defogger_disable.log
2013-12-14 11:52 - 2013-12-14 11:52 - 00000000 _____ C:\Users\claver\defogger_reenable
2013-12-14 11:52 - 2012-02-16 20:57 - 00000000 ____D C:\Users\claver
2013-12-14 11:46 - 2012-12-13 18:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-14 11:40 - 2013-12-14 11:40 - 00000000 ____D C:\FRST
2013-12-14 11:38 - 2013-12-14 11:38 - 01927462 _____ (Farbar) C:\Users\claver\Desktop\FRST64.exe
2013-12-14 11:38 - 2013-12-14 11:38 - 00377856 _____ C:\Users\claver\Desktop\gmer_2.1.19163.exe
2013-12-14 11:21 - 2012-02-25 16:24 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-14 11:20 - 2012-02-25 16:24 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-14 11:16 - 2012-02-25 16:24 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-14 11:16 - 2012-02-25 16:24 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-14 11:01 - 2009-07-14 05:45 - 00025648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-14 11:01 - 2009-07-14 05:45 - 00025648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-14 10:59 - 2012-02-17 05:48 - 00699416 _____ C:\Windows\system32\perfh007.dat
2013-12-14 10:59 - 2012-02-17 05:48 - 00149556 _____ C:\Windows\system32\perfc007.dat
2013-12-14 10:59 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-14 10:54 - 2013-10-19 12:32 - 00001832 _____ C:\Windows\Tasks\Plus-HD-1.6-firefoxinstaller.job
2013-12-14 10:54 - 2013-10-19 12:32 - 00001298 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2013-12-14 10:54 - 2013-10-19 12:32 - 00001200 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2013-12-14 10:54 - 2013-10-19 12:32 - 00001100 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2013-12-14 10:53 - 2013-05-30 09:15 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-14 10:53 - 2013-05-28 17:21 - 00010545 _____ C:\Windows\setupact.log
2013-12-14 10:53 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-08 15:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-08 11:43 - 2013-12-08 11:43 - 00000000 ____D C:\Users\claver\AppData\Roaming\AVAST Software
2013-12-08 11:43 - 2013-05-28 17:21 - 00230774 _____ C:\Windows\PFRO.log
2013-12-08 11:42 - 2013-03-26 15:41 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-08 11:42 - 2013-03-26 15:41 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-08 11:42 - 2012-08-06 17:10 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-08 11:42 - 2012-02-26 15:21 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-08 11:42 - 2012-02-16 22:12 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-08 11:42 - 2012-02-16 22:12 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-08 11:42 - 2012-02-16 22:12 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-08 11:42 - 2012-02-16 22:12 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-08 11:42 - 2012-02-16 22:12 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-08 11:42 - 2012-02-16 22:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-08 11:42 - 2012-02-16 22:12 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-08 11:42 - 2012-02-16 22:12 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-08 11:41 - 2012-02-16 22:12 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-08 11:41 - 2012-02-16 22:12 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-11-30 11:37 - 2013-11-30 11:37 - 00000793 _____ C:\Users\claver\Desktop\_hochzeit - Verknüpfung.lnk
2013-11-20 18:32 - 2013-07-01 08:55 - 00048354 _____ C:\Users\claver\.TransferManager.db
2013-11-19 03:33 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-18 20:36 - 2013-11-18 20:36 - 00000000 ____D C:\Users\claver\eTeks
2013-11-18 20:26 - 2013-11-18 20:26 - 00001129 _____ C:\Users\claver\Desktop\Sweet Home 3D.lnk
2013-11-18 20:26 - 2013-11-18 20:26 - 00000000 ____D C:\Users\claver\AppData\Roaming\NVIDIA
2013-11-18 20:26 - 2013-11-18 20:26 - 00000000 ____D C:\Program Files (x86)\Sweet Home 3D
2013-11-18 20:23 - 2013-11-18 20:23 - 00401752 _____ (Softonic ) C:\Users\claver\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe
2013-11-18 20:17 - 2012-04-28 12:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 10:59 - 2013-11-17 10:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 09:33 - 2013-08-13 17:39 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 09:32 - 2012-02-18 11:04 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-15 09:30 - 2012-12-13 18:49 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-15 09:30 - 2012-03-30 16:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-15 09:30 - 2012-02-16 21:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-15 09:29 - 2012-03-20 18:39 - 00000000 ____D C:\Users\claver\AppData\Local\Adobe
Some content of TEMP:
====================
C:\Users\claver\AppData\Local\Temp\bitool.dll
C:\Users\claver\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\claver\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\claver\AppData\Local\Temp\nvStInst.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-09 19:13
==================== End Of Log ============================ addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2013 01
Ran by claver at 2013-12-14 11:56:09
Running from C:\Users\claver\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Ashampoo DE Toolbar (x32 Version: 6.8.9.0)
Ashampoo WinOptimizer 9 v.9.04.31 (x32 Version: 9.04.31)
avast! Free Antivirus (x32 Version: 9.0.2008)
BMW M3 Challenge (x32 Version: BMW M3 Challenge v1.0.0.0)
Bueno Chrome Toolbar (x32)
buenosearch toolbar (x32 Version: 1.8.21.22)
CDBurnerXP (x32 Version: 4.5.0.3661)
CDex - Open Source Digital Audio CD Extractor (x32 Version: 1.70.4.2009)
Citrix Online Plug-in - Web (x32 Version: 12.3.0.8)
Citrix Online Plug-in (DV) (x32 Version: 12.3.0.8)
Citrix Online Plug-in (HDX) (x32 Version: 12.3.0.8)
Citrix Online Plug-in (USB) (x32 Version: 12.3.0.8)
Citrix Online Plug-in (Web) (x32 Version: 12.3.0.8)
F1 2011 (x32 Version: 1.0.0000.129)
F1 2011 (x32 Version: 1.0.0002.129)
F1 2012 (x32)
Fanatec Wheel (Version: 8.11.5)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.22.3)
GTR 2 1.0.0.0 (x32 Version: v1.0.0.0)
Intel® Matrix Storage Manager
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938)
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
Mozilla Thunderbird 24.0 (x86 de) (x32 Version: 24.0)
NVIDIA 3D Vision Treiber 314.22 (Version: 314.22)
NVIDIA Grafiktreiber 314.22 (Version: 314.22)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422)
NVIDIA Systemsteuerung 314.22 (Version: 314.22)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
OpenAL (x32)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
PhotoScape (x32)
Picasa 3 (x32 Version: 3.9)
Plus-HD-1.6 (x32 Version: 1.29.153.0) <==== ATTENTION
Rapture3D 2.4.9 Game (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6449)
Samsung Kies (x32 Version: 2.3.2.12064_9)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.15.0)
Steam (x32 Version: 1.0.0.0)
Sweet Home 3D version 4.2 (x32)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WISAG Customized Endpoint Analysis Client (x32 Version: 1.0.0.0)
==================== Restore Points =========================
08-12-2013 10:41:53 avast! antivirus system restore point
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {01B401ED-7165-4611-AD80-4A99960DA7E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-25] (Google Inc.)
Task: {31309C4F-A8C5-40A8-9B94-A9E94503F0AF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-08] (AVAST Software)
Task: {6EFD0990-241B-4A19-B788-9D2A57E5C0DD} - System32\Tasks\EPUpdater => C:\Users\claver\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-10-08] () <==== ATTENTION
Task: {873526BA-1BFD-42E5-823F-435F775B6971} - System32\Tasks\Plus-HD-1.6-firefoxinstaller => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-firefoxinstaller.exe [2013-10-19] (Plus HD) <==== ATTENTION
Task: {979B730B-9CF4-4FEA-848D-68F6859354CF} - System32\Tasks\Plus-HD-1.6-codedownloader => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe [2013-10-19] (Plus HD) <==== ATTENTION
Task: {B6049FF9-EE81-4D0D-A6C0-1D483B99B051} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-15] (Adobe Systems Incorporated)
Task: {B958F1C3-B026-4B97-8F80-BC5B3746A14A} - System32\Tasks\Plus-HD-1.6-updater => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe [2013-10-19] (Plus HD) <==== ATTENTION
Task: {DEA9B675-B188-4AE3-B227-7AD1DDD0725E} - System32\Tasks\Plus-HD-1.6-enabler => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe [2013-10-19] (Plus HD) <==== ATTENTION
Task: {E8794B51-F7BC-4E4F-A199-D836467315E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.6-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-12-14 10:53 - 2013-12-13 09:58 - 02152448 _____ () C:\Program Files\AVAST Software\Avast\defs\13121300\algo.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-12-08 11:42 - 2013-12-08 11:42 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-03-25 13:23 - 2013-11-06 22:48 - 00691200 _____ () D:\F12012\SDL2.dll
2013-03-29 10:53 - 2013-12-11 20:40 - 01135016 _____ () D:\F12012\bin\chromehtml.DLL
2013-03-26 15:16 - 2013-11-06 22:48 - 20625832 _____ () D:\F12012\bin\libcef.dll
2012-12-11 08:51 - 2013-06-15 00:49 - 01100800 _____ () D:\F12012\bin\avcodec-53.dll
2012-12-11 08:51 - 2013-06-15 00:49 - 00124416 _____ () D:\F12012\bin\avutil-51.dll
2012-12-11 08:51 - 2013-06-15 00:49 - 00192000 _____ () D:\F12012\bin\avformat-53.dll
2013-11-17 10:59 - 2013-11-17 10:59 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/14/2013 10:55:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/08/2013 02:56:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/08/2013 11:45:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/08/2013 11:42:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2013 04:23:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2013 10:43:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2013 05:48:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2013 06:20:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/01/2013 10:19:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/30/2013 10:58:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (12/14/2013 10:55:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (12/14/2013 10:55:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (12/14/2013 10:54:29 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/14/2013 10:54:29 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (12/08/2013 02:56:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (12/08/2013 02:56:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (12/08/2013 11:45:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (12/08/2013 11:45:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (12/08/2013 11:42:37 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! Antivirus" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (12/08/2013 11:42:35 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Microsoft Office Sessions:
=========================
Error: (12/14/2013 10:55:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/08/2013 02:56:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/08/2013 11:45:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/08/2013 11:42:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2013 04:23:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2013 10:43:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2013 05:48:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2013 06:20:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/01/2013 10:19:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/30/2013 10:58:04 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 6142.49 MB
Available physical RAM: 4155.41 MB
Total Pagefile: 12283.16 MB
Available Pagefile: 10277.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:48.73 GB) (Free:10.51 GB) NTFS
Drive d: (Games) (Fixed) (Total:62.96 GB) (Free:41.74 GB) NTFS
Drive e: (Sicherung_2) (Fixed) (Total:136.73 GB) (Free:19.74 GB) NTFS
Drive f: (Sicherung) (Fixed) (Total:161.36 GB) (Free:93.8 GB) NTFS
Drive h: (F1 2012) (CDROM) (Total:7.87 GB) (Free:0 GB) UDF
Drive i: (Final Sub BB Add) (CDROM) (Total:1.48 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 00480047)
Partition 1: (Not Active) - (Size=298 GB) - (Type=42)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 3CAF795D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=63 GB) - (Type=07 NTFS)
==================== End Of Log ============================ gmer: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-14 12:09:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3 Corsair_ rev.1.3. 111,79GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\claver\AppData\Local\Temp\ufloqpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003402000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000340202f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[568] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Windows\system32\services.exe[624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[892] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689a2ba 1 byte [62]
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[368] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[444] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[644] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1324] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1332] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1524] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1716] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689a2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1852] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1980] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689a2ba 1 byte [62]
.text C:\Windows\system32\taskhost.exe[3032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Windows\Explorer.EXE[2536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2876] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689a2ba 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2672] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007689a2ba 1 byte [62]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f31465 2 bytes [F3, 74]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f314bb 2 bytes [F3, 74]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2840] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 00000000770b000c 1 byte [C3]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2840] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007713f8ea 5 bytes JMP 00000001770ed5c1
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2840] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689a2ba 1 byte [62]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2688] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689a2ba 1 byte [62]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f31465 2 bytes [F3, 74]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f314bb 2 bytes [F3, 74]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[1544] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689a2ba 1 byte [62]
.text C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[412] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2828] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689a2ba 1 byte [62]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[304] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689a2ba 1 byte [62]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f31465 2 bytes [F3, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f314bb 2 bytes [F3, 74]
.text ... * 2
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3076] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689a2ba 1 byte [62]
.text C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[3112] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689a2ba 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3280] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text D:\F12012\Steam.exe[2464] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689a2ba 1 byte [62]
.text D:\F12012\Steam.exe[2464] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000076ab549c 5 bytes JMP 00000001000f0800
.text D:\F12012\Steam.exe[2464] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074f31465 2 bytes [F3, 74]
.text D:\F12012\Steam.exe[2464] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074f314bb 2 bytes [F3, 74]
.text ... * 2
.text D:\F12012\Steam.exe[2464] D:\F12012\bin\avcodec-53.dll!av_packet_split_side_data + 972 0000000061ac2a9c 4 bytes [20, 8D, 22, 62]
.text D:\F12012\Steam.exe[2464] D:\F12012\bin\avcodec-53.dll!av_packet_split_side_data + 987 0000000061ac2aab 4 bytes [20, 8D, 22, 62]
.text D:\F12012\Steam.exe[2464] D:\F12012\bin\avcodec-53.dll!init_vlc_sparse + 289 0000000061ac3151 4 bytes [20, 8D, 22, 62]
.text D:\F12012\Steam.exe[2464] D:\F12012\bin\avcodec-53.dll!init_vlc_sparse + 299 0000000061ac315b 4 bytes [20, 8D, 22, 62]
.text ... * 7
.text D:\F12012\Steam.exe[2464] D:\F12012\bin\avcodec-53.dll!avcodec_get_chroma_sub_sample + 13 0000000061b0fced 4 bytes [40, 9D, 22, 62]
.text D:\F12012\Steam.exe[2464] D:\F12012\bin\avcodec-53.dll!ff_is_hwaccel_pix_fmt + 10 0000000061b0fd2a 4 bytes [47, 9D, 22, 62]
.text D:\F12012\Steam.exe[2464] D:\F12012\bin\avcodec-53.dll!avpicture_layout + 85 0000000061b0fef5 4 bytes [44, 9D, 22, 62]
.text D:\F12012\Steam.exe[2464] D:\F12012\bin\avcodec-53.dll!avpicture_layout + 115 0000000061b0ff13 4 bytes [48, 9D, 22, 62]
.text ... * 3
.text D:\F12012\Steam.exe[2464] D:\F12012\bin\avcodec-53.dll!avcodec_get_pix_fmt_loss + 108 0000000061b100ac 4 bytes [40, 9D, 22, 62]
.text D:\F12012\Steam.exe[2464] D:\F12012\bin\avcodec-53.dll!avcodec_get_pix_fmt_loss + 114 0000000061b100b2 4 bytes [40, 9D, 22, 62]
.text D:\F12012\Steam.exe[2464] D:\F12012\bin\avcodec-53.dll!avcodec_find_best_pix_fmt + 90 0000000061b1025a 4 bytes [44, 9D, 22, 62]
.text D:\F12012\Steam.exe[2464] D:\F12012\bin\avcodec-53.dll!avcodec_find_best_pix_fmt + 107 0000000061b1026b 4 bytes [46, 9D, 22, 62]
.text ... * 2
.text D:\F12012\Steam.exe[2464] D:\F12012\bin\avcodec-53.dll!av_picture_crop + 51 0000000061b10823 4 bytes [40, 9D, 22, 62]
.text D:\F12012\Steam.exe[2464] D:\F12012\bin\avcodec-53.dll!av_picture_pad + 750 0000000061b10bfe 4 bytes [40, 9D, 22, 62]
.text D:\F12012\Steam.exe[2464] D:\F12012\bin\avcodec-53.dll!avcodec_pix_fmt_to_codec_tag + 497 0000000061b17121 4 bytes [47, 9D, 22, 62]
.text D:\F12012\Steam.exe[2464] D:\F12012\bin\avcodec-53.dll!avcodec_align_dimensions + 30 0000000061b1aabe 4 bytes [45, 9D, 22, 62]
.text D:\F12012\Steam.exe[2464] D:\F12012\bin\avcodec-53.dll!avcodec_default_get_buffer + 796 0000000061b1ce5c 4 bytes [48, 9D, 22, 62]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3700] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3700] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000076ab549c 5 bytes JMP 0000000100100800
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3700] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074f31465 2 bytes [F3, 74]
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3700] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074f314bb 2 bytes [F3, 74]
.text ... * 2
.text C:\Windows\system32\AUDIODG.EXE[2712] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[4236] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Windows\system32\vssvc.exe[1828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076dfeecd 1 byte [62]
.text C:\Users\claver\Desktop\gmer_2.1.19163.exe[4060] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007689a2ba 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [3604:4188] 000007fef5a39688
---- Services - GMER 2.1 ----
Service C:\Windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswRdr2.sys (*** hidden *** ) [SYSTEM] aswRdr <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [BOOT] aswRvrt <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswSnx.sys (*** hidden *** ) [SYSTEM] aswSnx <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswSP.sys (*** hidden *** ) [SYSTEM] aswSP <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswTdi.sys (*** hidden *** ) [SYSTEM] aswTdi <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswVmm.sys (*** hidden *** ) [BOOT] aswVmm <-- ROOTKIT !!!
Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!!
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description Avast! Mini-filter Driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 3
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 9352
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk1\Partition2\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 288
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert die avast! Antivirus Dienste auf diesem Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus Container sowie die Zeitplan.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description Avast! Mini-filter Driver
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 3
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 9352
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk1\Partition2\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName aswTdi
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description aswTdi
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 288
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert die avast! Antivirus Dienste auf diesem Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus Container sowie die Zeitplan.
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus\Parameters (not active ControlSet)
---- EOF - GMER 2.1 ---- danke für eure hilfe.
mfg claver |