| |
| |||||||
Log-Analyse und Auswertung: delta-search Startseite in Google Chrome und FirefoxWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.02.2013, 17:01
| #1 |
| |  delta-search Startseite in Google Chrome und Firefox delta-search Startseite in Google Chrome und Firefox Liebe Admins/Helfer, folgendes Problem stellt sich seit heute auf meinem Rechner dar: - Standardstartseite änderte sich in hxxp://www.delta-search.com/?babsrc=NT_lcl statt normale google-Suche - Genutzter Browser = Google Chrome, auch installiert Firefox, da gleiches Problem - Virenschutzprogramm von avast - System ist auf aktuellem Stand (Windows Updates regelmäßig gemacht), Windows Vista home Ich habe alle Anleitungen hier im Forum befolgt um die Log-Files hier zu posten. Ich hoffe, dass ich nichts vergessen habe, fals doch einfach bescheid sagen. ich möchte einfach, dass diese Suche/Trojaner oder was auch immer das ist wieder weg ist. Vielen Danke für die Hilfe. Grüße, satyja ich kann die logfiles leider nicht posten, da es zu viele zeichen sind. deswegen habe ich sie als anhang gepspeichert. und ich kann auch kein anhang hochladen, wenn ich die büroklammer oder unten "anhänge verwalten" anklicke passiert nichts. kann mir da vielleicht auch jemand kurz helfen? |
|
26.02.2013, 17:09
| #2 | |
| /// TB-Ausbilder   | delta-search Startseite in Google Chrome und Firefox Hallo satyja,
__________________Zitat:
Wenn es zu viele Zeichen sind, wenn du alles zusammen einfügst, dann poste die Logfiles einzeln eins nach dem anderen.
__________________ |
|
26.02.2013, 17:30
| #3 |
| | delta-search Startseite in Google Chrome und Firefox extras.txt
__________________Code:
ATTFilter OTL Extras logfile created on: 26.02.2013 16:11:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,24% Memory free
6,19 Gb Paging File | 4,90 Gb Available in Paging File | 79,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 38,20 Gb Free Space | 32,81% Space Free | Partition Type: NTFS
Drive D: | 116,44 Gb Total Space | 111,63 Gb Free Space | 95,86% Space Free | Partition Type: NTFS
Drive E: | 106,67 Gb Total Space | 105,87 Gb Free Space | 99,25% Space Free | Partition Type: NTFS
Drive F: | 116,44 Gb Total Space | 9,79 Gb Free Space | 8,41% Space Free | Partition Type: NTFS
Computer Name: MANUEL-LAPTOP | User Name: Manuel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Telekom Fotoservice] -- "C:\Program Files\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C21DBD6-506E-4F01-A9A1-77C2843447CC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{17976763-5AF5-4FEF-A309-514F7E96C5E9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{203EB6C5-80A4-4C8F-B69C-B451B26C12B6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27AB6556-7A85-4EAC-8B83-CB82CD216EC8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3051B509-6D99-47C3-BBFF-BD1B777F9C92}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38790856-C8BC-407A-8593-EDD71B358E2A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3CEF403C-4FB0-4CF1-91D5-4176317563F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3D45D176-3A62-4F64-A763-97BA675FE072}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4582BC1A-02AE-4C6D-9724-03F5E585FA3E}" = rport=139 | protocol=6 | dir=out | app=system |
"{45955C74-84FE-4167-9D54-2B6B4A8B4A06}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F95271D-4A32-476F-BA68-D9E6804771F0}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |
"{6FC63C52-E705-4D9C-A4F7-EDFB9DF1A630}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6FEF3310-CBA7-4FA5-985F-079E765FFFDB}" = lport=445 | protocol=6 | dir=in | app=system |
"{8661EBCE-1714-41DA-8D6D-29646E68696F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8852FCB9-AC92-4B19-B12E-B435E1631697}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A722A271-AAA7-4F72-A398-A6A222431DDE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A89C7485-4A42-4617-9339-0D9FE482910C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B34B66F2-5D61-4C03-86FC-347F16038C08}" = lport=137 | protocol=17 | dir=in | app=system |
"{B3C097D9-0AF2-407B-9C12-C2A27A77D9CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C3DC67CC-268A-4D18-B6B0-C473860036D8}" = lport=139 | protocol=6 | dir=in | app=system |
"{CCFD60B3-D5B5-4E63-97C7-2EC43E959005}" = rport=445 | protocol=6 | dir=out | app=system |
"{D0F141EC-24A7-496D-A073-1FC2693C1A04}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DD84F9A7-CA02-4312-A4F6-FAC91FA8350C}" = rport=138 | protocol=17 | dir=out | app=system |
"{E16AE9EC-CCE0-477F-AC14-04354D08C838}" = rport=137 | protocol=17 | dir=out | app=system |
"{E54028D3-3867-4B89-A1D1-CFFBFD5B3A5F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EC625383-6B4B-4B39-8D35-E310ABA7E12E}" = lport=138 | protocol=17 | dir=in | app=system |
"{EDF5C0D9-95E8-4E7D-9098-BB21549BD8FD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF9076BF-EDFC-4E81-A071-190CCF4F1832}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C4D7A4-5107-4366-B4FB-FF66DE75F3FA}" = protocol=6 | dir=in | app=f:\steam\steam.exe |
"{02D8B5FF-984A-4A8A-82A2-18B3B6C40096}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{03372A4F-EF72-4BB5-8B97-9A2C564E2EFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{05F2C19C-2256-4CD4-8A88-1F69C204F557}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{15D5B8C0-E649-4EAC-BA36-CB2553CFD85D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{15E04C45-BBF2-4266-93F8-A7E4B06407AC}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dead island\deadislandgame.exe |
"{1C01FC4B-301A-43B9-910D-8FF90C9929B4}" = protocol=17 | dir=in | app=f:\steam\steam.exe |
"{247ACBF8-DDC8-423F-849F-F25AD8806853}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{2778955E-A23D-46A7-BF10-F0D4141A1F53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{33CAA69A-5C61-4326-BE13-914ED990B3F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{356BF191-EC1C-4056-BB5C-A57898B5BC92}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{37257DDC-C8C4-47D4-821B-6F30806C80F7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3BF796CC-09DC-4B9E-8B39-DD28C6DBCF8B}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{42AB8996-2958-4CB8-AA21-3601F92E0D92}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{448F4FC6-C22F-47B2-B15B-6A6066541C38}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4992EF20-21D1-43F2-A6B6-A09054515B8D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4F05AD47-ACBF-4147-B3CF-6BBFE631CC4A}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{5E7A2068-C917-4E13-A357-292152F68E4D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{69D4873D-F6F9-44B7-9A72-A4A4F0235102}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{69F7B94F-B9BC-4155-B1E6-3E92471B5C82}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7682C2D4-4C3F-4E1A-89CC-FD1A323645F5}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{8793089E-A62A-4325-BF2A-DEC09ADEE8CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8B0F8ED2-6FA1-451B-A011-2B54186F5DB9}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dawn of war 2\dow2.exe |
"{8F136654-A9AE-438C-9212-7D8720AC1C8A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{911E4352-13CA-46A6-BEA0-DCEA6ACFAA31}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9532F221-0275-454B-ABFE-5B3C23C6665B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{972CD117-530B-427D-A760-D777FE7BC516}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9F09C4F4-D709-4429-98FF-9AC7EE375BE7}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\7zs711a.tmp\symnrt.exe |
"{BADF242B-ACCC-4A88-8EEB-D40A2EFCD558}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D41DF57B-EEA9-462F-89AC-095D6BD3A898}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{DA40FB8D-9293-4762-802A-451B7E4DC5C0}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dawn of war 2\dow2.exe |
"{ECC508DA-14B6-430B-ABDC-26A9DFCC0000}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{F1E4B696-10CA-44E8-9EBA-CF4961420D98}" = protocol=6 | dir=out | app=system |
"{F4DD6C2E-48FF-4D23-806B-6EF84715A1C6}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\7zs711a.tmp\symnrt.exe |
"{F71A5CF0-56C6-46B9-81F3-155BCF5D1C01}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dead island\deadislandgame.exe |
"{FA2217CE-A98A-4DA4-86C7-A5EFF229CE3F}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{FA562ED1-B1B1-44FB-B9E5-5AD26B61B88B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FA8BB103-62B9-45BD-954F-D707FCC14AAF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{10DF9D7B-779C-4BCC-93A9-F86520A7D7E0}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{206C475D-BF8D-4CC5-894F-DBA1BB019786}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{61E3D6B4-48F0-4698-91FD-5125C0B72A00}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{89F2D2F1-0DBC-46D9-A0B0-9091A9132A5C}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{9B22019E-F584-4033-9251-35B11F11B648}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{A4A57456-00CC-4156-9DAD-A6D9DCF2CE27}F:\games\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=f:\games\anno 1404\tools\anno4web.exe |
"TCP Query User{B42AB1C0-1A95-499F-9672-17DC34C1ADFE}F:\games\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=f:\games\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{E0C5F227-A027-48D0-9E85-6F2064ED90B5}F:\games\dow - dark crusade\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=f:\games\dow - dark crusade\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{E8A4E36A-FE66-4D8D-957F-47A9199E12CC}F:\steam\steamapps\common\dawn of war ii - retribution\dow2.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"UDP Query User{2574BF1F-4C36-4A51-8D31-4E50EB2D9842}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{4ADA6AAE-DBA1-4406-8A43-739D3C917FCB}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{69E2EEC0-8F17-41B0-B716-963C5BCA8058}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{A51EC99B-2D0E-45E3-B1F9-54EFC25A0452}F:\games\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=f:\games\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{A9051C37-D449-4163-A81F-8D27A17364DA}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{A91CF893-A3C7-4EAE-8C77-D74D1505B526}F:\games\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=f:\games\anno 1404\tools\anno4web.exe |
"UDP Query User{B1426534-1040-4F63-8028-4A4F966D8C1E}F:\games\dow - dark crusade\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=f:\games\dow - dark crusade\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{CE321316-803B-4CC6-8921-5BB9EEDBBABD}F:\steam\steamapps\common\dawn of war ii - retribution\dow2.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"UDP Query User{DD6C6268-D92A-4FEE-8525-AFEB4949D453}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{82A1F830-2B75-4B7E-8DA3-F020216C9F18}" = Brother HL-2030
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}" = Belkin N300 Micro USB Wireless Adapter
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCA963D4-6AA2-11E2-80AA-984BE15F174E}" = Evernote v. 4.6.2
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"5513-1208-7298-9440" = JDownloader 0.9
"8461-7759-5462-8226" = Vuze
"addlyrics@addlyrics.net" = AddLyrics
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Dr. Hardware 2012_is1" = Dr. Hardware 2012 12.0d
"FontExpert 2011" = FontExpert 2011 Font Manager
"Foxit Reader_is1" = Foxit Reader
"GIMP-2_is1" = GIMP 2.8.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 12.00.1467" = Opera 12.00
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II - Chaos Rising™
"Steam App 22380" = Fallout: New Vegas
"Steam App 91310" = Dead Island
"Telekom Fotoservice" = Telekom Fotoservice
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 2.0.4
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.01.2013 03:44:54 | Computer Name = ***-Laptop | Source = MsiInstaller | ID = 11311
Description =
Error - 10.01.2013 03:44:55 | Computer Name = ***-Laptop | Source = MsiInstaller | ID = 1024
Description =
Error - 10.01.2013 03:45:07 | Computer Name = ***-Laptop | Source = MsiInstaller | ID = 11311
Description =
Error - 10.01.2013 03:45:07 | Computer Name = ***-Laptop | Source = MsiInstaller | ID = 1024
Description =
Error - 10.01.2013 03:45:18 | Computer Name = ***-Laptop | Source = MsiInstaller | ID = 11311
Description =
Error - 10.01.2013 03:45:18 | Computer Name = ***-Laptop | Source = MsiInstaller | ID = 1024
Description =
Error - 10.01.2013 03:45:29 | Computer Name = ***-Laptop | Source = MsiInstaller | ID = 11311
Description =
Error - 10.01.2013 03:45:30 | Computer Name = ***-Laptop | Source = MsiInstaller | ID = 1024
Description =
Error - 10.01.2013 03:45:41 | Computer Name = ***-Laptop | Source = MsiInstaller | ID = 11311
Description =
Error - 10.01.2013 03:45:41 | Computer Name = ***-Laptop | Source = MsiInstaller | ID = 1024
Description =
[ System Events ]
Error - 14.04.2012 12:20:08 | Computer Name = ***-Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 14.04.2012 12:20:08 | Computer Name = ***-Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 14.04.2012 12:20:08 | Computer Name = ***-Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 14.04.2012 12:20:08 | Computer Name = ***-Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 14.04.2012 12:20:08 | Computer Name = ***-Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 14.04.2012 12:20:08 | Computer Name = ***-Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 14.04.2012 12:20:08 | Computer Name = ***-Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 14.04.2012 12:20:08 | Computer Name = ***-Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 14.04.2012 12:20:08 | Computer Name = ***-Laptop | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 15.04.2012 04:11:56 | Computer Name = ***-Laptop | Source = HTTP | ID = 15016
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 26.02.2013 16:11:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,24% Memory free 6,19 Gb Paging File | 4,90 Gb Available in Paging File | 79,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,44 Gb Total Space | 38,20 Gb Free Space | 32,81% Space Free | Partition Type: NTFS Drive D: | 116,44 Gb Total Space | 111,63 Gb Free Space | 95,86% Space Free | Partition Type: NTFS Drive E: | 106,67 Gb Total Space | 105,87 Gb Free Space | 99,25% Space Free | Partition Type: NTFS Drive F: | 116,44 Gb Total Space | 9,79 Gb Free Space | 8,41% Space Free | Partition Type: NTFS Computer Name: MANUEL-LAPTOP | User Name: Manuel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.26 15:51:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Downloads\OTL.exe PRC - [2013.02.26 15:51:06 | 000,050,477 | ---- | M] () -- C:\Users\Manuel\Downloads\Defogger.exe PRC - [2013.02.21 10:30:09 | 002,561,488 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2013.01.29 22:32:58 | 001,078,624 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.08.29 23:06:16 | 000,223,800 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe PRC - [2008.08.18 19:27:32 | 000,117,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe PRC - [2008.08.18 18:56:22 | 000,098,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe PRC - [2008.08.14 05:00:16 | 000,158,264 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe PRC - [2008.08.14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008.08.14 04:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2008.08.14 00:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2008.08.12 09:21:12 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.07.30 01:34:34 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.07.15 19:29:00 | 007,651,328 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2008.01.21 03:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.07.06 00:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe ========== Modules (No Company Name) ========== MOD - [2013.02.26 15:51:06 | 000,050,477 | ---- | M] () -- C:\Users\Manuel\Downloads\Defogger.exe MOD - [2013.02.21 10:30:09 | 002,561,488 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013.02.21 10:28:52 | 002,231,248 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2012.09.08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll MOD - [2012.09.08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll MOD - [2008.07.30 01:27:20 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll MOD - [2007.11.12 23:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll ========== Services (SafeList) ========== SRV - [2013.02.21 10:30:09 | 002,561,488 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013.02.15 09:47:20 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.09 12:08:50 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.10.04 19:43:58 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2008.08.14 04:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.09.08 15:40:24 | 000,363,112 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2011.06.01 03:17:37 | 000,693,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8192cu.sys -- (RTL8192cu) DRV - [2008.09.19 13:21:00 | 007,404,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.09.05 21:20:20 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.08.28 16:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.06.24 23:55:12 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.06.09 09:45:08 | 001,748,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2008.06.03 07:41:52 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008.01.21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007.07.30 19:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 18:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2005.12.01 09:49:22 | 000,023,600 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\drhard.sys -- (drhard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=c2de62c100000000000000215d36c63e IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=c2de62c100000000000000215d36c63e IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=c2de62c100000000000000215d36c63e IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=c2de62c100000000000000215d36c63e" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Manuel\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Manuel\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.19 21:37:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.09 12:08:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.09 12:08:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\addlyrics@addlyrics.net: C:\Program Files\AddLyrics\FF\ [2013.02.26 15:32:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.02.26 15:33:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.09 12:08:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.09 12:08:36 | 000,000,000 | ---D | M] [2012.04.12 19:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Extensions [2013.02.26 15:33:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Firefox\Profiles\eo2ebg79.default\extensions [2013.02.26 15:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Firefox\Profiles\eo2ebg79.default\extensions\ffxtlbr@babylon.com [2013.02.26 15:33:13 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Manuel\AppData\Roaming\mozilla\Firefox\Profiles\eo2ebg79.default\extensions\ffxtlbr@delta.com [2013.02.25 22:45:51 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\firefox\profiles\eo2ebg79.default\extensions\firebug@software.joehewitt.com.xpi [2013.02.26 15:33:14 | 000,001,294 | ---- | M] () -- C:\Users\Manuel\AppData\Roaming\mozilla\firefox\profiles\eo2ebg79.default\searchplugins\delta.xml [2013.02.09 12:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013.02.09 12:08:51 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.26 15:32:51 | 000,006,484 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.09.13 21:23:29 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Manuel\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Manuel\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Manuel\AppData\Local\Google\Chrome\Application\25.0.1364.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\Manuel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\ CHR - Extension: Bejeweled = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\ CHR - Extension: Angry Birds = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: WOT = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.9_0\ CHR - Extension: YouTube = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Verr\u00FCckte Achterbahn = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafhgomkapdagnpmmgilphbolnejepoc\1.3_0\ CHR - Extension: Delta Toolbar = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_1\ CHR - Extension: Mahjongg Fortuna Basic = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffecdmjmnfbfolpfibhipmegfeicild\1.0.0.1_0\ CHR - Extension: Myibidder Auction Bid Sniper for eBay = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp\1.3.5_0\ CHR - Extension: Mahjong T\u00E4glich = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gglcbpjnmkbgimmaooidnnlienhmldon\2.0.0_0\ CHR - Extension: AdBlock = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ CHR - Extension: Cut the Rope = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\15_0\ CHR - Extension: \u00DCberflutung! = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0\ CHR - Extension: Ultimate Flash Sonic = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgmfbijldhdncjcipeocgkgbjhaecfp\1.0_0\ CHR - Extension: UNO 3 3D = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnljegjnioppmpieleiegimongopeanj\1.0.0_0\ CHR - Extension: Isoball 3 = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.3.0_0\ CHR - Extension: UNO = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbiemmdkjgbhibeilbdggffchhhjnnn\1_0\ CHR - Extension: Plants vs. Zombies = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jafcgfmicblebkjglnnjmhelbfpgimbb\1.0.4_0\ CHR - Extension: Bubble Island = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgmamcledfbjjcekmpppenaomjihgea\1_0\ CHR - Extension: AddLyrics = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdlfddggdloaadnphbhejknhaggjaeld\1.109_0\ CHR - Extension: 3D Bubble Shooter = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeihlikeemimokhjlnhchbpajpegodm\2.1.0_0\ CHR - Extension: Delicious Bookmarks = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnapbapmncaacbfijemonkinanfaebhm\2.0_0\ CHR - Extension: Poppit = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ CHR - Extension: Plants vs Zombies = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ CHR - Extension: Jungle Shooter = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndopneeileblgbhecimdjpojkkgohkpf\2.0.0_0\ CHR - Extension: Mahjong Solitaire = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc\1.0.0.2_0\ CHR - Extension: Gem Invasion = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndmjlhmogchhmpbdehpnjanijdalhnh\3.0_0\ CHR - Extension: Doodle Jump = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nojaabckpfdijgbnlhdlhjheiappijbp\2.3.1_0\ CHR - Extension: Picky Wallpapers = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj\1.0.0_0\ CHR - Extension: OokiCookie = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjmnhgnkikbajikhhbplekfmljhdhjm\4_0\ CHR - Extension: Evernote Web Clipper = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.9_0\ CHR - Extension: Google Mail = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.06.23 17:47:24 | 000,001,632 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 209.34.83.73:443 O1 - Hosts: 127.0.0.1 209.34.83.73:43 O1 - Hosts: 127.0.0.1 209.34.83.73 O1 - Hosts: 127.0.0.1 209.34.83.67:443 O1 - Hosts: 127.0.0.1 209.34.83.67:43 O1 - Hosts: 127.0.0.1 209.34.83.67 O1 - Hosts: 127.0.0.1 ood.opsource.net O1 - Hosts: 7 more lines... O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [FontExpertType1Loader] C:\Program Files\FontExpert\Type1Loader.exe (Proxima Software) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - Startup: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O8 - Extra context menu item: Zu Evernote 4 hinzufügen - C:\Program Files\Evernote\Evernote\IE8Clipper\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\IE8Clipper\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\IE8Clipper\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\IE8Clipper\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\IE8Clipper\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{911B1EFB-28BF-4101-9789-878A898C5B3E}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D202C38C-DAFF-4490-B8AC-DA48DC115F9D}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Manuel\Desktop\Wallpaper_Februar_1920x12001.jpg O24 - Desktop BackupWallPaper: C:\Users\Manuel\Desktop\Wallpaper_Februar_1920x12001.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{bffd276b-5007-11e2-9e7c-0023548ff643}\Shell - "" = AutoRun O33 - MountPoints2\{bffd276b-5007-11e2-9e7c-0023548ff643}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.26 15:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2013.02.26 15:33:53 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013.02.26 15:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.02.26 15:33:24 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\BabSolution [2013.02.26 15:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013.02.26 15:33:08 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\Delta [2013.02.26 15:32:28 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\Babylon [2013.02.26 15:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.02.26 15:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\AddLyrics [2013.02.14 12:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.02.13 14:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer [2013.02.13 14:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software [2013.02.11 11:22:07 | 000,000,000 | ---D | C] -- C:\Users\Manuel\Desktop\Legenden des Landes [2013.02.11 10:56:23 | 000,000,000 | ---D | C] -- C:\Users\Manuel\restore [2013.02.11 09:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp [2013.02.11 09:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\hps [2013.02.11 09:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telekom Fotoservice [2013.02.11 09:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\Deutsche Telekom [2013.02.09 12:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.06 15:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay [2013.02.06 15:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay [2013.02.06 15:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\eBay [2013.02.02 22:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote ========== Files - Modified Within 30 Days ========== [2013.02.26 16:16:00 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2230915039-272957395-2264101202-500UA.job [2013.02.26 16:11:02 | 000,000,000 | ---- | M] () -- C:\Users\Manuel\defogger_reenable [2013.02.26 16:09:09 | 000,127,790 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.02.26 16:08:20 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AddLyrics update.job [2013.02.26 16:08:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.26 16:08:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.26 16:08:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.26 16:08:04 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys [2013.02.26 16:05:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.02.26 15:31:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.26 15:28:08 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2230915039-272957395-2264101202-1000UA.job [2013.02.26 15:28:02 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2230915039-272957395-2264101202-1000Core.job [2013.02.26 11:15:59 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2230915039-272957395-2264101202-500Core.job [2013.02.25 22:37:28 | 000,127,790 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.02.25 19:40:00 | 385,154,436 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.24 12:51:10 | 000,012,800 | ---- | M] () -- C:\Users\Manuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.24 12:11:08 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.24 12:11:08 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.24 12:11:08 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.24 12:11:08 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.23 00:36:29 | 000,074,634 | ---- | M] () -- C:\Users\Manuel\Desktop\Letzten_Sommer_DVD-TRILOGY_from_Nem3siS.torrent [2013.02.22 00:20:40 | 000,002,502 | ---- | M] () -- C:\Users\Manuel\Documents\oger_turnier_13_02_23.oc [2013.02.19 20:46:49 | 000,595,283 | ---- | M] () -- C:\Users\Manuel\Desktop\Shirt.psd [2013.02.19 20:45:39 | 000,126,649 | ---- | M] () -- C:\Users\Manuel\Desktop\Shirt-neu.jpg [2013.02.19 20:41:28 | 000,228,943 | ---- | M] () -- C:\Users\Manuel\Desktop\skull-drinking-wide-wallpaper.jpg [2013.02.19 20:41:25 | 000,047,800 | ---- | M] () -- C:\Users\Manuel\Desktop\Shirt.JPG [2013.02.14 12:17:11 | 000,001,640 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk [2013.02.14 12:14:23 | 000,000,000 | ---- | M] () -- C:\END [2013.02.13 09:20:09 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2013.02.13 09:20:09 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2030.DAT [2013.01.31 11:03:59 | 000,732,645 | ---- | M] () -- C:\Users\Manuel\Desktop\Wallpaper_Februar_1920x12001.jpg ========== Files Created - No Company Name ========== [2013.02.26 16:11:02 | 000,000,000 | ---- | C] () -- C:\Users\Manuel\defogger_reenable [2013.02.26 15:39:52 | 000,001,793 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2013.02.26 15:39:52 | 000,001,737 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2013.02.26 15:39:52 | 000,001,716 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2013.02.26 15:32:23 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AddLyrics update.job [2013.02.23 00:36:29 | 000,074,634 | ---- | C] () -- C:\Users\Manuel\Desktop\Letzten_Sommer_DVD-TRILOGY_from_Nem3siS.torrent [2013.02.21 23:16:14 | 000,002,502 | ---- | C] () -- C:\Users\Manuel\Documents\oger_turnier_13_02_23.oc [2013.02.19 20:45:37 | 000,126,649 | ---- | C] () -- C:\Users\Manuel\Desktop\Shirt-neu.jpg [2013.02.19 20:45:15 | 000,595,283 | ---- | C] () -- C:\Users\Manuel\Desktop\Shirt.psd [2013.02.19 20:41:26 | 000,228,943 | ---- | C] () -- C:\Users\Manuel\Desktop\skull-drinking-wide-wallpaper.jpg [2013.02.19 20:41:21 | 000,047,800 | ---- | C] () -- C:\Users\Manuel\Desktop\Shirt.JPG [2013.02.14 12:17:11 | 000,001,640 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk [2013.02.14 12:14:23 | 000,000,000 | ---- | C] () -- C:\END [2013.01.31 11:03:51 | 000,732,645 | ---- | C] () -- C:\Users\Manuel\Desktop\Wallpaper_Februar_1920x12001.jpg [2013.01.10 10:46:54 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT [2013.01.10 10:45:46 | 000,008,975 | ---- | C] () -- C:\Windows\HL-2030.INI [2013.01.10 10:45:46 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini [2012.10.15 21:29:19 | 000,005,380 | ---- | C] () -- C:\Users\Manuel\.heldEinstellungen4_1.xml [2012.10.15 21:29:18 | 000,000,277 | ---- | C] () -- C:\Users\Manuel\.dsa4.properties [2012.06.23 18:09:12 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2012.06.16 17:48:32 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.06.16 17:48:14 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2012.06.16 17:48:14 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini [2012.06.16 17:48:14 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2012.06.16 17:31:26 | 000,220,070 | ---- | C] () -- C:\Windows\hpoins40.dat [2012.06.12 08:02:18 | 000,000,680 | ---- | C] () -- C:\Users\Manuel\AppData\Local\d3d9caps.dat [2012.04.14 10:06:56 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.04.14 10:06:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.04.14 09:45:00 | 000,012,800 | ---- | C] () -- C:\Users\Manuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.01 04:07:24 | 000,127,790 | ---- | C] () -- C:\ProgramData\nvModes.001 [2012.04.01 04:07:20 | 000,127,790 | ---- | C] () -- C:\ProgramData\nvModes.dat [2012.03.31 19:24:05 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.03.30 07:02:39 | 001,748,352 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2012.03.30 07:02:39 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2012.03.30 07:01:56 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [2012.03.30 06:13:48 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.26 15:53:56 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Azureus [2013.02.26 15:33:27 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\BabSolution [2013.02.26 15:32:28 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Babylon [2012.05.21 10:28:28 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.02.26 15:33:08 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Delta [2012.06.02 16:35:26 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Foxit Software [2012.04.14 18:04:14 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\My Battle for Middle-earth(tm) II Files [2012.05.13 21:51:30 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Notepad++ [2013.01.07 14:56:33 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Obsidium [2012.04.14 17:49:49 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Opera [2012.05.21 11:08:10 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\PDAppFlex [2012.06.18 21:45:48 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\pdfforge [2013.01.07 14:56:34 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Proxima Software [2012.05.21 11:10:06 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.04.14 18:04:59 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Ubisoft [2012.05.26 15:00:29 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Vast Studios ========== Purity Check ========== < End of report > |
|
26.02.2013, 17:31
| #4 |
| | delta-search Startseite in Google Chrome und Firefox Gmer.log Code:
ATTFilter GMER 2.1.19081 - hxxp://www.gmer.net
Rootkit scan 2013-02-26 16:32:09
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925032 rev.0303 232,89GB
Running: gmer_2.1.19081.exe; Driver: C:\Users\***\AppData\Local\Temp\axliakoc.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x908AB4BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9446FC22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x908ABED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x908B6FA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x908B6FF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x908B7176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x908B6F16]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x9446FFA6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x908B6F5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x908AC11C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x908B7130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x908AC93E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x908AB508]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9446FCEA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x9446E3EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x908AB556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x908B0534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x908AD3A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x908B6FD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x908B7016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x908B719A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x908B6F3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x908B70BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x908B6F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x908B7154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9446FE4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x908AD272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x908ACDD4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x908AB5A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x908AB5F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x908AC7BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x908AB1FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x908AB3AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x908AB350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x908ACAF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x908ACC54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x908AB41A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x9446FEFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x908AC636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x9446E41C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x908AB640]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x9446FD96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x908AC2F4]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x94488E56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetTimerEx + 340 82D01964 4 Bytes [BA, B4, 8A, 90]
.text ntkrnlpa.exe!KeSetTimerEx + 364 82D01988 4 Bytes [22, FC, 46, 94] {AND BH, AH; INC ESI; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeSetTimerEx + 3C4 82D019E8 4 Bytes [D6, BE, 8A, 90]
.text ntkrnlpa.exe!KeSetTimerEx + 404 82D01A28 8 Bytes [A8, 6F, 8B, 90, F4, 6F, 8B, ...] {TEST AL, 0x6f; MOV EDX, [EAX-0x6f74900c]}
.text ntkrnlpa.exe!KeSetTimerEx + 410 82D01A34 4 Bytes [76, 71, 8B, 90]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E28D5E 5 Bytes JMP 94485CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82E65666 4 Bytes CALL 908ADA8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82E74FC9 4 Bytes CALL 908ADAA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82E91872 5 Bytes JMP 94487810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EDD776 7 Bytes JMP 94488E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EE02340, 0x3E3757, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[320] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\Explorer.EXE[320] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\csrss.exe[688] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[696] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[696] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\wininit.exe[740] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\wininit.exe[740] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\csrss.exe[752] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[776] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\services.exe[784] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\services.exe[784] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\lsass.exe[800] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\lsm.exe[812] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\lsm.exe[812] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[996] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\nvvsvc.exe[1060] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[1060] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1084] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1176] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1176] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\System32\svchost.exe[1212] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1212] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\svchost.exe[1252] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1252] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\AUDIODG.EXE[1304] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\winlogon.exe[1456] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[1456] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\taskeng.exe[1504] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[1504] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\svchost.exe[1516] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1516] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1640] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 001601F8
.text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1640] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 001603FC
.text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1640] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1640] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00170804
.text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1640] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 001701F8
.text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1640] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 001703FC
.text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1640] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1640] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00170600
.text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1640] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00170A08
.text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1640] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 001803FC
.text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1640] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00180600
.text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1640] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00181014
.text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1640] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00180804
.text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1640] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00180A08
.text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1640] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1640] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1640] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 001801F8
.text C:\Windows\ehome\ehmsas.exe[1672] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 001501F8
.text C:\Windows\ehome\ehmsas.exe[1672] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 001503FC
.text C:\Windows\ehome\ehmsas.exe[1672] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[1672] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 001603FC
.text C:\Windows\ehome\ehmsas.exe[1672] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00160600
.text C:\Windows\ehome\ehmsas.exe[1672] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00161014
.text C:\Windows\ehome\ehmsas.exe[1672] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00160804
.text C:\Windows\ehome\ehmsas.exe[1672] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00160A08
.text C:\Windows\ehome\ehmsas.exe[1672] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00160C0C
.text C:\Windows\ehome\ehmsas.exe[1672] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00160E10
.text C:\Windows\ehome\ehmsas.exe[1672] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 001601F8
.text C:\Windows\ehome\ehmsas.exe[1672] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00170804
.text C:\Windows\ehome\ehmsas.exe[1672] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 001701F8
.text C:\Windows\ehome\ehmsas.exe[1672] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 001703FC
.text C:\Windows\ehome\ehmsas.exe[1672] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\ehome\ehmsas.exe[1672] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00170600
.text C:\Windows\ehome\ehmsas.exe[1672] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00170A08
.text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1692] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1692] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1724] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1724] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00190804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 001901F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 001903FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00190600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00190A08
.text C:\Windows\system32\rundll32.exe[1764] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\rundll32.exe[1764] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1884] kernel32.dll!SetUnhandledExceptionFilter 76C8700D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1884] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[1948] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 000801F8
.text C:\Windows\System32\rundll32.exe[1948] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 000803FC
.text C:\Windows\System32\rundll32.exe[1948] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[1948] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00090804
.text C:\Windows\System32\rundll32.exe[1948] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 000901F8
.text C:\Windows\System32\rundll32.exe[1948] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 000903FC
.text C:\Windows\System32\rundll32.exe[1948] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\System32\rundll32.exe[1948] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00090600
.text C:\Windows\System32\rundll32.exe[1948] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00090A08
.text C:\Windows\System32\rundll32.exe[1948] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 000A03FC
.text C:\Windows\System32\rundll32.exe[1948] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 000A0600
.text C:\Windows\System32\rundll32.exe[1948] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 000A1014
.text C:\Windows\System32\rundll32.exe[1948] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 000A0804
.text C:\Windows\System32\rundll32.exe[1948] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 000A0A08
.text C:\Windows\System32\rundll32.exe[1948] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 000A0C0C
.text C:\Windows\System32\rundll32.exe[1948] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 000A0E10
.text C:\Windows\System32\rundll32.exe[1948] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 000A01F8
.text C:\Windows\system32\wbem\unsecapp.exe[1960] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 000601F8
.text C:\Windows\system32\wbem\unsecapp.exe[1960] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 000603FC
.text C:\Windows\system32\wbem\unsecapp.exe[1960] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[1960] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\unsecapp.exe[1960] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\unsecapp.exe[1960] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\unsecapp.exe[1960] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\unsecapp.exe[1960] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\unsecapp.exe[1960] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\unsecapp.exe[1960] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\unsecapp.exe[1960] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\unsecapp.exe[1960] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\unsecapp.exe[1960] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\unsecapp.exe[1960] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\unsecapp.exe[1960] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\wbem\unsecapp.exe[1960] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\unsecapp.exe[1960] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[2032] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2032] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\wuauclt.exe[2132] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 000701F8
.text C:\Windows\system32\wuauclt.exe[2132] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 000703FC
.text C:\Windows\system32\wuauclt.exe[2132] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[2132] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00080804
.text C:\Windows\system32\wuauclt.exe[2132] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\wuauclt.exe[2132] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\wuauclt.exe[2132] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\wuauclt.exe[2132] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\wuauclt.exe[2132] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\wuauclt.exe[2132] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 000903FC
.text C:\Windows\system32\wuauclt.exe[2132] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00090600
.text C:\Windows\system32\wuauclt.exe[2132] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00091014
.text C:\Windows\system32\wuauclt.exe[2132] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00090804
.text C:\Windows\system32\wuauclt.exe[2132] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00090A08
.text C:\Windows\system32\wuauclt.exe[2132] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00090C0C
.text C:\Windows\system32\wuauclt.exe[2132] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00090E10
.text C:\Windows\system32\wuauclt.exe[2132] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 000901F8
.text C:\Windows\ehome\ehtray.exe[2312] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 000A01F8
.text C:\Windows\ehome\ehtray.exe[2312] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 000A03FC
.text C:\Windows\ehome\ehtray.exe[2312] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\ehome\ehtray.exe[2312] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 000B03FC
.text C:\Windows\ehome\ehtray.exe[2312] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 000B0600
.text C:\Windows\ehome\ehtray.exe[2312] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 000B1014
.text C:\Windows\ehome\ehtray.exe[2312] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 000B0804
.text C:\Windows\ehome\ehtray.exe[2312] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 000B0A08
.text C:\Windows\ehome\ehtray.exe[2312] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 000B0C0C
.text C:\Windows\ehome\ehtray.exe[2312] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 000B0E10
.text C:\Windows\ehome\ehtray.exe[2312] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 000B01F8
.text C:\Windows\ehome\ehtray.exe[2312] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 000C0804
.text C:\Windows\ehome\ehtray.exe[2312] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 000C01F8
.text C:\Windows\ehome\ehtray.exe[2312] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 000C03FC
.text C:\Windows\ehome\ehtray.exe[2312] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\ehome\ehtray.exe[2312] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 000C0600
.text C:\Windows\ehome\ehtray.exe[2312] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 000C0A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2316] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 001701F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2316] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 001703FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2316] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2316] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 001903FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2316] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00190600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2316] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00191014
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2316] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00190804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2316] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00190A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2316] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00190C0C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2316] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00190E10
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2316] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 001901F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2316] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 001A0804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2316] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 001A01F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2316] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 001A03FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2316] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2316] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 001A0600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2316] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 001A0A08
.text C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2440] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2440] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\taskeng.exe[2448] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2448] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\svchost.exe[2496] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2496] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2508] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2508] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe[2524] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe[2524] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[2532] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[2532] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2552] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2552] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[2576] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 001601F8
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[2576] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 001603FC
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[2576] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[2576] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00180804
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[2576] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 001801F8
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[2576] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 001803FC
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[2576] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[2576] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00180600
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[2576] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00180A08
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[2576] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 001903FC
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[2576] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00190600
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[2576] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00191014
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[2576] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00190804
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[2576] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00190A08
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[2576] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00190C0C
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[2576] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00190E10
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[2576] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 001901F8
.text C:\Windows\system32\svchost.exe[2596] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2596] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\System32\svchost.exe[2616] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2616] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2648] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 001501F8
.text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2648] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 001503FC
.text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2648] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2648] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00160804
.text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2648] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 001601F8
.text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2648] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 001603FC
.text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2648] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2648] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00160600
.text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2648] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00160A08
.text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2648] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 001703FC
.text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2648] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00170600
.text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2648] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00171014
.text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2648] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00170804
.text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2648] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00170A08
.text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2648] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00170C0C
.text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2648] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00170E10
.text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2648] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 001701F8
.text C:\Windows\System32\svchost.exe[2668] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2668] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\svchost.exe[2680] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2680] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\svchost.exe[2708] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2708] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\System32\svchost.exe[2736] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[2764] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 001601F8
.text C:\Windows\RtHDVCpl.exe[2764] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 001603FC
.text C:\Windows\RtHDVCpl.exe[2764] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[2764] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 001703FC
.text C:\Windows\RtHDVCpl.exe[2764] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00170600
.text C:\Windows\RtHDVCpl.exe[2764] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00171014
.text C:\Windows\RtHDVCpl.exe[2764] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00170804
.text C:\Windows\RtHDVCpl.exe[2764] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00170A08
.text C:\Windows\RtHDVCpl.exe[2764] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00170C0C
.text C:\Windows\RtHDVCpl.exe[2764] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00170E10
.text C:\Windows\RtHDVCpl.exe[2764] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 001701F8
.text C:\Windows\RtHDVCpl.exe[2764] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00180804
.text C:\Windows\RtHDVCpl.exe[2764] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 001801F8
.text C:\Windows\RtHDVCpl.exe[2764] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 001803FC
.text C:\Windows\RtHDVCpl.exe[2764] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\RtHDVCpl.exe[2764] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00180600
.text C:\Windows\RtHDVCpl.exe[2764] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2776] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\SearchIndexer.exe[2924] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2924] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[3080] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 000601F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3080] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 000603FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3080] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3080] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3080] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[3080] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[3080] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[3080] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3080] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[3080] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[3080] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3080] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\wmiprvse.exe[3080] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3080] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3080] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[3080] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[3080] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00080A08
.text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[3200] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 001601F8
.text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[3200] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 001603FC
.text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[3200] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[3200] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00170804
.text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[3200] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 001701F8
.text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[3200] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 001703FC
.text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[3200] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[3200] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00170600
.text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[3200] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00170A08
.text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[3200] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 001803FC
.text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[3200] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00180600
.text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[3200] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00181014
.text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[3200] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00180804
.text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[3200] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00180A08
.text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[3200] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[3200] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[3200] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 001801F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3244] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[3244] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe[3260] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe[3260] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\Wireless Console 2\wcourier.exe[3324] kernel32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\Wireless Console 2\wcourier.exe[3324] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3588] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3588] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00090804
.text C:\Windows\system32\svchost.exe[3588] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[3588] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[3588] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\svchost.exe[3588] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00090600
.text C:\Windows\system32\svchost.exe[3588] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00090A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3708] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3708] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3708] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3708] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3708] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00060600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3708] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00061014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3708] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00060804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3708] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00060A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3708] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00060C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3708] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00060E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3708] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3708] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3708] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3708] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3708] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3708] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3708] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3788] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00080A08
.text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3984] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 001601F8
.text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3984] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 001603FC
.text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3984] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3984] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00170804
.text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3984] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 001701F8
.text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3984] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 001703FC
.text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3984] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3984] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00170600
.text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3984] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00170A08
.text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3984] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 001803FC
.text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3984] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00180600
.text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3984] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00181014
.text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3984] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00180804
.text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3984] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00180A08
.text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3984] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3984] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3984] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 001801F8
.text C:\Users\***\Downloads\gmer_2.1.19081.exe[4104] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 001601F8
.text C:\Users\***\Downloads\gmer_2.1.19081.exe[4104] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 001603FC
.text C:\Users\***\Downloads\gmer_2.1.19081.exe[4104] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Users\***\Downloads\gmer_2.1.19081.exe[4104] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 001703FC
.text C:\Users\***\Downloads\gmer_2.1.19081.exe[4104] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00170600
.text C:\Users\***\Downloads\gmer_2.1.19081.exe[4104] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00171014
.text C:\Users\***\Downloads\gmer_2.1.19081.exe[4104] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00170804
.text C:\Users\***\Downloads\gmer_2.1.19081.exe[4104] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00170A08
.text C:\Users\***\Downloads\gmer_2.1.19081.exe[4104] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00170C0C
.text C:\Users\***\Downloads\gmer_2.1.19081.exe[4104] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00170E10
.text C:\Users\***\Downloads\gmer_2.1.19081.exe[4104] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 001701F8
.text C:\Users\***\Downloads\gmer_2.1.19081.exe[4104] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00180804
.text C:\Users\***\Downloads\gmer_2.1.19081.exe[4104] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 001801F8
.text C:\Users\***\Downloads\gmer_2.1.19081.exe[4104] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 001803FC
.text C:\Users\***\Downloads\gmer_2.1.19081.exe[4104] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Users\***\Downloads\gmer_2.1.19081.exe[4104] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00180600
.text C:\Users\***\Downloads\gmer_2.1.19081.exe[4104] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00180A08
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4736] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 001601F8
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4736] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 001603FC
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4736] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4736] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 001803FC
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4736] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00180600
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4736] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00181014
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4736] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00180804
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4736] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00180A08
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4736] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4736] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4736] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 001801F8
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4736] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00190804
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4736] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 001901F8
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4736] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 001903FC
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4736] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4736] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00190600
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[4736] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00190A08
.text C:\Windows\system32\conime.exe[5744] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 000501F8
.text C:\Windows\system32\conime.exe[5744] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 000503FC
.text C:\Windows\system32\conime.exe[5744] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\conime.exe[5744] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 000603FC
.text C:\Windows\system32\conime.exe[5744] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00060600
.text C:\Windows\system32\conime.exe[5744] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00061014
.text C:\Windows\system32\conime.exe[5744] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00060804
.text C:\Windows\system32\conime.exe[5744] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00060A08
.text C:\Windows\system32\conime.exe[5744] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00060C0C
.text C:\Windows\system32\conime.exe[5744] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00060E10
.text C:\Windows\system32\conime.exe[5744] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 000601F8
.text C:\Windows\system32\conime.exe[5744] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00070804
.text C:\Windows\system32\conime.exe[5744] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 000701F8
.text C:\Windows\system32\conime.exe[5744] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 000703FC
.text C:\Windows\system32\conime.exe[5744] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\conime.exe[5744] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00070600
.text C:\Windows\system32\conime.exe[5744] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[5768] ntdll.dll!LdrLoadDll 76FD79B3 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[5768] ntdll.dll!LdrUnloadDll 76FEE5AC 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[5768] KERNEL32.dll!GetBinaryTypeW + 70 76CB1CE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[5768] ADVAPI32.dll!CreateServiceW 766738FF 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[5768] ADVAPI32.dll!DeleteService 76673BEE 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[5768] ADVAPI32.dll!SetServiceObjectSecurity 766B66A9 5 Bytes JMP 00081014
.text C:\Windows\system32\taskeng.exe[5768] ADVAPI32.dll!ChangeServiceConfigA 766B67A9 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[5768] ADVAPI32.dll!ChangeServiceConfigW 766B6951 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[5768] ADVAPI32.dll!ChangeServiceConfig2A 766B6A69 5 Bytes JMP 00080C0C
.text C:\Windows\system32\taskeng.exe[5768] ADVAPI32.dll!ChangeServiceConfig2W 766B6BB1 5 Bytes JMP 00080E10
.text C:\Windows\system32\taskeng.exe[5768] ADVAPI32.dll!CreateServiceA 766B6C71 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[5768] USER32.dll!SetWindowsHookExW 76597B69 5 Bytes JMP 00090804
.text C:\Windows\system32\taskeng.exe[5768] USER32.dll!SetWinEventHook 7659915C 5 Bytes JMP 000901F8
.text C:\Windows\system32\taskeng.exe[5768] USER32.dll!UnhookWinEvent 7659B702 5 Bytes JMP 000903FC
.text C:\Windows\system32\taskeng.exe[5768] USER32.dll!DialogBoxParamW 765B1FD5 5 Bytes JMP 752344C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text C:\Windows\system32\taskeng.exe[5768] USER32.dll!SetWindowsHookExA 765BBB0E 5 Bytes JMP 00090600
.text C:\Windows\system32\taskeng.exe[5768] USER32.dll!UnhookWindowsHookEx 765C08BE 5 Bytes JMP 00090A08
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Processes - GMER 2.1 ----
Process (*** hidden *** ) [4] 85369910
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243c4cf00
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002243c4cf00 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243c4cf00 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002243c4cf00 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\002243c4cf00 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002243c4cf00 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\002243c4cf00 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\002243c4cf00 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\002243c4cf00 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\002243c4cf00 (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
26.02.2013, 17:51
| #5 | |
| /// TB-Ausbilder | delta-search Startseite in Google Chrome und Firefox Hi, Zitat:
Wir suchen nicht gezielt nach solchen Hinweisen, aber wenn wir sie sehen, dann können wir nicht mehr beide Augen zudrücken. Deshalb:  Cracks und KeygensDie Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Nebst ihrer Illegalität sind Cracks und Patches aus dubioser Quelle auch sehr oft mit Schädlingen versehen, womit man sich also fast schon vorsätzlich infiziert. Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Wir haben dich in unserer Anleitung unter Punkt 8 der Foren-Regeln auch unmissverständlich darauf hingewiesen, wie wir damit umgehen werden. Gute Software hat ihren Preis und die Softwarefirmen leben von diesen Einnahmen. Als Alternative gibt es überall jede Menge sehr gute Freeware oder abgespeckte, günstig zu erwerbende Versionen. Unsere Empfehlung hier lautet, einen sauberen Neuanfang zu vollziehen, und unsere Hilfe beschränkt sich daher auf das Neuaufsetzen und Absichern deines Systems. Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Unterforum Alles rund um Windows. Gegen unerwünschte Startseiten und Toolbars hilft meist auch der AdwCleaner.
__________________ cheers, Leo |
|
| Themen zu delta-search Startseite in Google Chrome und Firefox |
| anhang, anhänge, browser, einfach, firefox, forum, google, heute, hoffe, installiert, klicke, logfiles, nichts, problem, rechner, seite, startseite, system, updates, virenschutzprogramm, vista, windows, windows updates, windows vista, zeichen |
Linear-Darstellung
