Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Firefox/NoScript meldet Clickjacking-Attacke/Versuch einer UI-Umadressierung auf Lego.de

Firefox/NoScript meldet Clickjacking-Attacke/Versuch einer UI-Umadressierung auf Lego.de


Plagegeister aller Art und deren Bekämpfung: Firefox/NoScript meldet Clickjacking-Attacke/Versuch einer UI-Umadressierung auf Lego.de

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.09.2013, 20:57   #1
Rentner2037
 
Firefox/NoScript meldet Clickjacking-Attacke/Versuch einer UI-Umadressierung auf Lego.de - Standard

Firefox/NoScript meldet Clickjacking-Attacke/Versuch einer UI-Umadressierung auf Lego.de


Hallo,

ich habe vor 3 Tagen von NoScript eine Warnung über einen potentiellen Clickjacking-Angriff bekommen bzw. Versuch einer UI-Umadressierung.
Dies tritt bisher nur auf der Lego.de Seite auf, immer wenn man auf das blaue LEGO ID klickt und anschliessend auf Benutzername.

In Windows war ein mir unbekanntens Programm installiert das ich deinstalliert habe:
WebConnect3.0

Unter dem NoScript Button bemerkte ich das Edgecastcdn.net auf jeder Webseite erschien.
In Firefox fand ich ein Addon das ich ebenfalls deinstallierte "Web1.0", oder "Webconnect1.0", bin mir in diesem Punkt nicht mehr sicher.
Danach war Edgecastcdn.net verschwunden.

Mein Windows 7 64bit System sichere ich mit Avast Free, Spybot SD
Als Browser Firefox mit Noscript, Ghostery, Adblock Plus

Nach Recherchern hier im Forum habe ich mir Spywareblaster und Malwarebytes installiert.

Malewarebytes hat folgendes gefunden:
PUP.Optional.SweetIM
PUP.Optional.InstallCore.A
PUP.Optional.BrowserFox.A

Firefox und die Addons habe ich komplett deinstalliert und wieder installiert, da ich dachte ich hätte bei NoScript etwas verändert und die Einstellungen von NoScript wären schuld.
Hat aber nichts gebracht.

Kompletter Durchlauf von Avast hat auch nichts ergeben.

Andere Probleme habe ich bisher nicht festgestellt, System arbeitet normal.
Auf die Legoseite komme ich über den Umweg "Shop" noch rein, aber nicht über die Hauptseite.

Logdateien mit FRST64 wollte ich erstellen, bekomme aber das erste Logfile nicht mehr, da ich es im Downloadordner gespeichert hatte und auch von da startete, dummerweise habe ich dann mein System nochmals bereinigt

Meine Persönliche Vermutung ist:
NoScript reagiert etwas empfindlich was Lego.de angeht,
sicher bin ich mir natürlich nicht und erwäge eine Neuinstallation.
Trotzdem bin ich ein neugieriger Mensch und wüsste schon gern, was bei mir schief gelaufen ist.
Dies ist bisher meine erste Meldung seit ca. 8 Jahren und ich dachte bisher mein Surfverhalten + benutze Software hält mich von Schaden fern... aber jeden triffts wohl mal

Freue mich auf Eure Hilfe
LG, Rentner2037

Defogger Log
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:36 on 04/09/2013 (Username)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-09-2013
Ran by Username (administrator) on UsernaNFUTURE on 04-09-2013 22:36:48
Running from C:\Users\Username\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Windows\SysWOW64\ASGT.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(Ghisler Software GmbH) C:\Program Files (x86)\totalcmd\TOTALCMD64.EXE
(Farbar) C:\Users\Username\Desktop\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12489360 2012-05-18] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [] -  [x]
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
MountPoints2: {a1d57a61-05d4-11e2-805b-806e6f6e6963} - "E:\Diablo III Setup.exe"
MountPoints2: {a1d57a62-05d4-11e2-805b-806e6f6e6963} - F:\autorun.exe
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\q1gk82ao.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Username\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: firefox - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\q1gk82ao.default\Extensions\firefox@ghostery.com.xpi
FF Extension: No Name - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\q1gk82ao.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\q1gk82ao.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\128.xpi

==================== Services (Whitelisted) =================

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-04 22:33 - 2013-09-04 22:33 - 01950668 _____ (Farbar) C:\Users\Username\Desktop\FRST64(1).exe
2013-09-04 18:41 - 2013-09-04 20:49 - 00001133 _____ C:\Windows\setupact.log
2013-09-04 18:41 - 2013-09-04 18:41 - 00000000 _____ C:\Windows\setuperr.log
2013-09-04 00:39 - 2013-09-04 00:39 - 00001164 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-04 00:39 - 2013-09-04 00:39 - 00000000 ____D C:\Users\Username\AppData\Roaming\Mozilla
2013-09-04 00:38 - 2013-09-04 00:39 - 22240760 _____ (Mozilla) C:\Users\Username\Downloads\Firefox_Setup_23.0.1.exe
2013-09-02 21:31 - 2013-09-02 21:31 - 00000000 ____D C:\FRST
2013-09-02 21:29 - 2013-09-02 21:29 - 00000000 _____ C:\Users\Username\defogger_reenable
2013-09-02 21:28 - 2013-09-02 21:28 - 00050477 _____ C:\Users\Username\Desktop\Defogger.exe
2013-09-02 00:50 - 2013-09-04 01:19 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-09-02 00:50 - 2013-09-02 00:50 - 04095448 _____ (BrightFort LLC                                              ) C:\Users\Username\Downloads\spywareblastersetup50.exe
2013-09-02 00:50 - 2013-09-02 00:50 - 00001102 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-09-02 00:50 - 2013-09-02 00:50 - 00000000 ____D C:\ProgramData\Licenses
2013-09-02 00:50 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2013-09-02 00:44 - 2013-09-02 00:44 - 00000000 ____D C:\Users\Username\AppData\Roaming\Malwarebytes
2013-09-02 00:43 - 2013-09-02 00:43 - 00001138 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-02 00:43 - 2013-09-02 00:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 00:43 - 2013-09-02 00:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-02 00:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-02 00:42 - 2013-09-02 00:42 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Username\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-01 18:05 - 2013-09-01 18:05 - 00002167 _____ C:\Users\Public\Desktop\Angry Birds Star Wars.lnk
2013-08-29 19:25 - 2013-08-20 15:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-08-29 19:25 - 2013-08-20 15:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-08-24 17:51 - 2013-08-24 17:51 - 00002058 _____ C:\Users\Username\Desktop\JDownloader.lnk
2013-08-23 23:31 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-23 23:31 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-23 23:31 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-23 23:31 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-23 23:31 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-23 23:31 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-23 23:31 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-23 23:31 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-23 23:31 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-23 23:31 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-23 23:31 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-23 23:31 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-23 23:31 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-23 23:31 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-23 23:31 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-23 23:31 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-23 23:31 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-23 23:31 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-23 23:31 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-23 23:31 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-23 23:31 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-23 23:31 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-23 23:17 - 2013-08-23 23:17 - 00000000 ____D C:\NvidiaLogging
2013-08-23 23:16 - 2013-08-20 15:32 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-08-23 23:15 - 2013-08-23 23:15 - 00000000 ____D C:\Users\Userna~1\AppData\Local\NVIDIA
2013-08-23 23:11 - 2013-08-23 23:11 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-08-23 23:08 - 2013-08-24 15:54 - 01590370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-23 23:07 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-08-23 23:07 - 2013-06-21 14:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 02597856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00925648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00432928 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00372000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00266448 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00218592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00214448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-08-23 23:07 - 2013-06-21 14:06 - 00181488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-08-23 23:07 - 2013-02-25 07:27 - 00194848 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-08-23 23:07 - 2013-02-25 07:27 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-08-23 21:23 - 2013-09-03 22:58 - 00000000 ____D C:\Users\Username\AppData\Roaming\vlc
2013-08-23 21:02 - 2013-08-23 21:02 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-23 20:28 - 2013-08-23 20:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-23 18:59 - 2013-09-04 00:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-23 18:16 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-23 18:16 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-23 18:16 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-23 18:16 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-23 18:16 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-23 18:16 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-23 18:16 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-23 18:16 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-23 18:16 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-23 18:16 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-23 18:16 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-23 18:16 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-23 18:16 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-23 18:16 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-23 18:16 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-23 18:16 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-04 22:33 - 2013-09-04 22:33 - 01950668 _____ (Farbar) C:\Users\Username\Desktop\FRST64(1).exe
2013-09-04 20:56 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-04 20:56 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-04 20:55 - 2011-04-12 09:43 - 00696848 _____ C:\Windows\system32\perfh007.dat
2013-09-04 20:55 - 2011-04-12 09:43 - 00148144 _____ C:\Windows\system32\perfc007.dat
2013-09-04 20:55 - 2009-07-14 07:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-04 20:49 - 2013-09-04 18:41 - 00001133 _____ C:\Windows\setupact.log
2013-09-04 20:49 - 2012-09-24 01:09 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-04 20:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-04 18:45 - 2013-07-20 14:41 - 01709181 _____ C:\Windows\WindowsUpdate.log
2013-09-04 18:41 - 2013-09-04 18:41 - 00000000 _____ C:\Windows\setuperr.log
2013-09-04 18:41 - 2012-09-24 00:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-04 01:19 - 2013-09-02 00:50 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-09-04 00:39 - 2013-09-04 00:39 - 00001164 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-04 00:39 - 2013-09-04 00:39 - 00000000 ____D C:\Users\Username\AppData\Roaming\Mozilla
2013-09-04 00:39 - 2013-09-04 00:38 - 22240760 _____ (Mozilla) C:\Users\Username\Downloads\Firefox_Setup_23.0.1.exe
2013-09-04 00:39 - 2013-08-23 18:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-03 22:58 - 2013-08-23 21:23 - 00000000 ____D C:\Users\Username\AppData\Roaming\vlc
2013-09-02 21:31 - 2013-09-02 21:31 - 00000000 ____D C:\FRST
2013-09-02 21:29 - 2013-09-02 21:29 - 00000000 _____ C:\Users\Username\defogger_reenable
2013-09-02 21:29 - 2012-09-24 00:38 - 00000000 ____D C:\Users\Username
2013-09-02 21:28 - 2013-09-02 21:28 - 00050477 _____ C:\Users\Username\Desktop\Defogger.exe
2013-09-02 00:50 - 2013-09-02 00:50 - 04095448 _____ (BrightFort LLC                                              ) C:\Users\Username\Downloads\spywareblastersetup50.exe
2013-09-02 00:50 - 2013-09-02 00:50 - 00001102 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-09-02 00:50 - 2013-09-02 00:50 - 00000000 ____D C:\ProgramData\Licenses
2013-09-02 00:44 - 2013-09-02 00:44 - 00000000 ____D C:\Users\Username\AppData\Roaming\Malwarebytes
2013-09-02 00:43 - 2013-09-02 00:43 - 00001138 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-02 00:43 - 2013-09-02 00:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 00:43 - 2013-09-02 00:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-02 00:42 - 2013-09-02 00:42 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Username\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-01 21:07 - 2012-10-09 00:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-01 20:31 - 2012-09-24 00:45 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-01 18:05 - 2013-09-01 18:05 - 00002167 _____ C:\Users\Public\Desktop\Angry Birds Star Wars.lnk
2013-09-01 18:05 - 2013-07-19 16:56 - 00000000 ____D C:\Users\Username\AppData\Roaming\Rovio Entertainment Ltd
2013-08-31 20:38 - 2012-11-13 20:40 - 00451249 ____R C:\Windows\system32\Drivers\etc\hosts.20130901.backup
2013-08-29 19:26 - 2012-09-24 01:09 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-24 19:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-24 17:57 - 2012-09-27 19:22 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-24 17:51 - 2013-08-24 17:51 - 00002058 _____ C:\Users\Username\Desktop\JDownloader.lnk
2013-08-24 17:40 - 2012-09-24 21:45 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-24 17:40 - 2012-09-24 21:45 - 00000000 ____D C:\Program Files\CCleaner
2013-08-24 17:40 - 2012-09-24 01:32 - 00000000 ____D C:\Windows\Panther
2013-08-24 15:54 - 2013-08-23 23:08 - 01590370 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-24 15:38 - 2012-12-07 20:18 - 00000022 _____ C:\Windows\GPU-Z.INI
2013-08-23 23:29 - 2013-07-22 21:56 - 00000000 ____D C:\Windows\system32\MRT
2013-08-23 23:29 - 2012-10-31 20:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-23 23:26 - 2012-09-24 19:42 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-23 23:17 - 2013-08-23 23:17 - 00000000 ____D C:\NvidiaLogging
2013-08-23 23:17 - 2012-09-24 01:08 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-23 23:15 - 2013-08-23 23:15 - 00000000 ____D C:\Users\Userna~1\AppData\Local\NVIDIA
2013-08-23 23:15 - 2012-09-24 01:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-08-23 23:11 - 2013-08-23 23:11 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-08-23 22:39 - 2012-11-13 20:40 - 00451249 ____R C:\Windows\system32\Drivers\etc\hosts.20130831-203828.backup
2013-08-23 21:02 - 2013-08-23 21:02 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-23 20:56 - 2012-10-16 17:51 - 00000000 ____D C:\Users\Username\AppData\Roaming\foobar2000
2013-08-23 20:42 - 2012-09-24 00:45 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-08-23 20:29 - 2013-08-23 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-20 15:33 - 2013-08-29 19:25 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-08-20 15:32 - 2013-08-29 19:25 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-08-20 15:32 - 2013-08-23 23:16 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

Files to move or delete:
====================
C:\Users\Userna~1\AppData\Local\Temp\NOSEventMessages.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-23 19:58

==================== End Of Log ============================
--- --- ---

--- --- ---
Geändert von Rentner2037 (04.09.2013 um 21:45 Uhr)

Alt 05.09.2013, 18:55   #2
Rentner2037
 
Firefox/NoScript meldet Clickjacking-Attacke/Versuch einer UI-Umadressierung auf Lego.de - Standard

Firefox/NoScript meldet Clickjacking-Attacke/Versuch einer UI-Umadressierung auf Lego.de


Gmer.txt

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-04 22:53:12
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 OCZ-VERT rev.1.5_ 119,24GB
Running: cm4khe5u.exe; Driver: C:\Users\USERNA~1\AppData\Local\Temp\pxdcypow.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\Windows\System32\win32k.sys!EngSetLastError + 140                                                                                        fffff960000d4a48 8 bytes [24, CD, B0, 03, 80, F8, FF, ...]
.text  C:\Windows\System32\win32k.sys!EngSetLastError + 616                                                                                        fffff960000d4c24 8 bytes [04, BA, B0, 03, 80, F8, FF, ...]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                             fffff96000103e00 7 bytes [00, A3, F3, FF, 01, AF, F0]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                         fffff96000103e08 3 bytes [C0, 06, 02]
.text  ...                                                                                                                                         * 106
.text  C:\Windows\System32\win32k.sys!EngGetProcessHandle + 424                                                                                    fffff960001c2a98 6 bytes {JMP QWORD [RIP+0x65fde]}

---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\wininit.exe[548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                  000000007781eecd 1 byte [62]
.text  C:\Windows\system32\services.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007781eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[756] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                  000000007781eecd 1 byte [62]
.text  C:\Windows\system32\winlogon.exe[824] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007781eecd 1 byte [62]
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                   000000007781eecd 1 byte [62]
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112              00000000757aa30a 1 byte [62]
.text  C:\Windows\system32\svchost.exe[960] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                  000000007781eecd 1 byte [62]
.text  C:\Windows\System32\svchost.exe[264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                  000000007781eecd 1 byte [62]
.text  C:\Windows\System32\svchost.exe[476] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                  000000007781eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[512] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                  000000007781eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                  000000007781eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007781eecd 1 byte [62]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                        000000007781eecd 1 byte [62]
.text  C:\Windows\system32\nvvsvc.exe[1380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                  000000007781eecd 1 byte [62]
.text  C:\Windows\System32\spoolsv.exe[1660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007781eecd 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007781eecd 1 byte [62]
.text  C:\Windows\SysWOW64\ASGT.exe[1760] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                    00000000757aa30a 1 byte [62]
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                 000000007781eecd 1 byte [62]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2008] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112        00000000757aa30a 1 byte [62]
.text  C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007781eecd 1 byte [62]
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1328] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112          00000000757aa30a 1 byte [62]
.text  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1804] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                   00000000757aa30a 1 byte [62]
.text  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1804] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                 0000000075571465 2 bytes [57, 75]
.text  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[1804] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                00000000755714bb 2 bytes [57, 75]
.text  ...                                                                                                                                         * 2
.text  C:\Windows\system32\taskhost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                           0000000077903ae0 5 bytes JMP 00000001001b075c
.text  C:\Windows\system32\taskhost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                             0000000077907a90 5 bytes JMP 00000001001b03a4
.text  C:\Windows\system32\taskhost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                0000000077931490 5 bytes JMP 00000001001b0b14
.text  C:\Windows\system32\taskhost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                    00000000779314f0 5 bytes JMP 00000001001b0ecc
.text  C:\Windows\system32\taskhost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     00000000779315d0 5 bytes JMP 00000001001b163c
.text  C:\Windows\system32\taskhost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                 0000000077931810 5 bytes JMP 00000001001b1284
.text  C:\Windows\system32\taskhost.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     0000000077932840 5 bytes JMP 00000001001b19f4
.text  C:\Windows\system32\taskhost.exe[2740] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                000000007781eecd 1 byte [62]
.text  C:\Windows\system32\taskhost.exe[2740] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                             000007feff896e00 5 bytes JMP 000007ff7f8b1dac
.text  C:\Windows\system32\taskhost.exe[2740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                 000007feff896f2c 5 bytes JMP 000007ff7f8b0ecc
.text  C:\Windows\system32\taskhost.exe[2740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                 000007feff897220 5 bytes JMP 000007ff7f8b1284
.text  C:\Windows\system32\taskhost.exe[2740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                000007feff89739c 5 bytes JMP 000007ff7f8b163c
.text  C:\Windows\system32\taskhost.exe[2740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                000007feff897538 5 bytes JMP 000007ff7f8b19f4
.text  C:\Windows\system32\taskhost.exe[2740] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                       000007feff8975e8 5 bytes JMP 000007ff7f8b03a4
.text  C:\Windows\system32\taskhost.exe[2740] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                       000007feff89790c 5 bytes JMP 000007ff7f8b075c
.text  C:\Windows\system32\taskhost.exe[2740] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                        000007feff897ab4 5 bytes JMP 000007ff7f8b0b14
.text  C:\Windows\system32\Dwm.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                0000000077903ae0 5 bytes JMP 000000010012075c
.text  C:\Windows\system32\Dwm.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                  0000000077907a90 5 bytes JMP 00000001001203a4
.text  C:\Windows\system32\Dwm.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                     0000000077931490 5 bytes JMP 0000000100120b14
.text  C:\Windows\system32\Dwm.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                         00000000779314f0 5 bytes JMP 0000000100120ecc
.text  C:\Windows\system32\Dwm.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                          00000000779315d0 5 bytes JMP 000000010012163c
.text  C:\Windows\system32\Dwm.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                      0000000077931810 5 bytes JMP 0000000100121284
.text  C:\Windows\system32\Dwm.exe[2868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                          0000000077932840 5 bytes JMP 00000001001219f4
.text  C:\Windows\system32\Dwm.exe[2868] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                  000007feff896e00 5 bytes JMP 000007ff7f8b1dac
.text  C:\Windows\system32\Dwm.exe[2868] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                      000007feff896f2c 5 bytes JMP 000007ff7f8b0ecc
.text  C:\Windows\system32\Dwm.exe[2868] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                      000007feff897220 5 bytes JMP 000007ff7f8b1284
.text  C:\Windows\system32\Dwm.exe[2868] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                     000007feff89739c 5 bytes JMP 000007ff7f8b163c
.text  C:\Windows\system32\Dwm.exe[2868] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                     000007feff897538 5 bytes JMP 000007ff7f8b19f4
.text  C:\Windows\system32\Dwm.exe[2868] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                            000007feff8975e8 5 bytes JMP 000007ff7f8b03a4
.text  C:\Windows\system32\Dwm.exe[2868] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                            000007feff89790c 5 bytes JMP 000007ff7f8b075c
.text  C:\Windows\system32\Dwm.exe[2868] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                             000007feff897ab4 5 bytes JMP 000007ff7f8b0b14
.text  C:\Windows\Explorer.EXE[3048] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                    0000000077903ae0 5 bytes JMP 000000010020075c
.text  C:\Windows\Explorer.EXE[3048] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                                      0000000077907a90 5 bytes JMP 00000001002003a4
.text  C:\Windows\Explorer.EXE[3048] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                         0000000077931490 5 bytes JMP 0000000100200b14
.text  C:\Windows\Explorer.EXE[3048] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                             00000000779314f0 5 bytes JMP 0000000100200ecc
.text  C:\Windows\Explorer.EXE[3048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              00000000779315d0 5 bytes JMP 000000010020163c
.text  C:\Windows\Explorer.EXE[3048] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                          0000000077931810 5 bytes JMP 0000000100201284
.text  C:\Windows\Explorer.EXE[3048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                              0000000077932840 5 bytes JMP 00000001002019f4
.text  C:\Windows\Explorer.EXE[3048] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                         000000007781eecd 1 byte [62]
.text  C:\Windows\Explorer.EXE[3048] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                      000007feff896e00 5 bytes JMP 000007ff7f8b1dac
.text  C:\Windows\Explorer.EXE[3048] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                          000007feff896f2c 5 bytes JMP 000007ff7f8b0ecc
.text  C:\Windows\Explorer.EXE[3048] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                          000007feff897220 5 bytes JMP 000007ff7f8b1284
.text  C:\Windows\Explorer.EXE[3048] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                         000007feff89739c 5 bytes JMP 000007ff7f8b163c
.text  C:\Windows\Explorer.EXE[3048] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                         000007feff897538 5 bytes JMP 000007ff7f8b19f4
.text  C:\Windows\Explorer.EXE[3048] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                                000007feff8975e8 5 bytes JMP 000007ff7f8b03a4
.text  C:\Windows\Explorer.EXE[3048] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                                000007feff89790c 5 bytes JMP 000007ff7f8b075c
.text  C:\Windows\Explorer.EXE[3048] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                                 000007feff897ab4 5 bytes JMP 000007ff7f8b0b14
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                            0000000077903ae0 5 bytes JMP 00000001002e075c
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                              0000000077907a90 5 bytes JMP 00000001002e03a4
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                 0000000077931490 5 bytes JMP 00000001002e0b14
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                     00000000779314f0 5 bytes JMP 00000001002e0ecc
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                      00000000779315d0 5 bytes JMP 00000001002e163c
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                  0000000077931810 5 bytes JMP 00000001002e1284
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                      0000000077932840 5 bytes JMP 00000001002e19f4
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3060] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                 000000007781eecd 1 byte [62]
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3060] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity              000007feff896e00 5 bytes JMP 000007ff7f8b1dac
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                  000007feff896f2c 5 bytes JMP 000007ff7f8b0ecc
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                  000007feff897220 5 bytes JMP 000007ff7f8b1284
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                 000007feff89739c 5 bytes JMP 000007ff7f8b163c
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                 000007feff897538 5 bytes JMP 000007ff7f8b19f4
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3060] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                        000007feff8975e8 5 bytes JMP 000007ff7f8b03a4
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3060] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                        000007feff89790c 5 bytes JMP 000007ff7f8b075c
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3060] C:\Windows\SYSTEM32\sechost.dll!DeleteService                         000007feff897ab4 5 bytes JMP 000007ff7f8b0b14
.text  C:\Windows\system32\conhost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                            0000000077903ae0 5 bytes JMP 000000010040075c
.text  C:\Windows\system32\conhost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                              0000000077907a90 5 bytes JMP 00000001004003a4
.text  C:\Windows\system32\conhost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                 0000000077931490 5 bytes JMP 0000000100400b14
.text  C:\Windows\system32\conhost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                     00000000779314f0 5 bytes JMP 0000000100400ecc
.text  C:\Windows\system32\conhost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      00000000779315d0 5 bytes JMP 000000010040163c
.text  C:\Windows\system32\conhost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                  0000000077931810 5 bytes JMP 0000000100401284
.text  C:\Windows\system32\conhost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      0000000077932840 5 bytes JMP 00000001004019f4
.text  C:\Windows\system32\conhost.exe[2560] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                 000000007781eecd 1 byte [62]
.text  C:\Windows\system32\conhost.exe[2560] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                              000007feff896e00 5 bytes JMP 000007ff7f8b1dac
.text  C:\Windows\system32\conhost.exe[2560] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                  000007feff896f2c 5 bytes JMP 000007ff7f8b0ecc
.text  C:\Windows\system32\conhost.exe[2560] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                  000007feff897220 5 bytes JMP 000007ff7f8b1284
.text  C:\Windows\system32\conhost.exe[2560] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                 000007feff89739c 5 bytes JMP 000007ff7f8b163c
.text  C:\Windows\system32\conhost.exe[2560] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                 000007feff897538 5 bytes JMP 000007ff7f8b19f4
.text  C:\Windows\system32\conhost.exe[2560] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                        000007feff8975e8 5 bytes JMP 000007ff7f8b03a4
.text  C:\Windows\system32\conhost.exe[2560] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                        000007feff89790c 5 bytes JMP 000007ff7f8b075c
.text  C:\Windows\system32\conhost.exe[2560] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                         000007feff897ab4 5 bytes JMP 000007ff7f8b0b14
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                            0000000077903ae0 5 bytes JMP 000000010040075c
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                              0000000077907a90 5 bytes JMP 00000001004003a4
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                 0000000077931490 5 bytes JMP 0000000100400b14
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                     00000000779314f0 5 bytes JMP 0000000100400ecc
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                      00000000779315d0 5 bytes JMP 000000010040163c
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                  0000000077931810 5 bytes JMP 0000000100401284
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3312] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                      0000000077932840 5 bytes JMP 00000001004019f4
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3312] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                 000000007781eecd 1 byte [62]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3312] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                              000007feff896e00 5 bytes JMP 000007ff7f8b1dac
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3312] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                  000007feff896f2c 5 bytes JMP 000007ff7f8b0ecc
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3312] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                  000007feff897220 5 bytes JMP 000007ff7f8b1284
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3312] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                 000007feff89739c 5 bytes JMP 000007ff7f8b163c
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3312] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                 000007feff897538 5 bytes JMP 000007ff7f8b19f4
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3312] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                        000007feff8975e8 5 bytes JMP 000007ff7f8b03a4
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3312] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                        000007feff89790c 5 bytes JMP 000007ff7f8b075c
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3312] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                         000007feff897ab4 5 bytes JMP 000007ff7f8b0b14
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory          0000000077adfaa0 5 bytes JMP 0000000100030600
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory              0000000077adfb38 5 bytes JMP 0000000100030804
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess               0000000077adfc90 5 bytes JMP 0000000100030c0c
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory           0000000077ae0018 5 bytes JMP 0000000100030a08
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread               0000000077ae1900 5 bytes JMP 0000000100030e10
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                       0000000077afc45a 5 bytes JMP 00000001000301f8
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                     0000000077b01217 5 bytes JMP 00000001000303fc
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112          00000000757aa30a 1 byte [62]
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\syswow64\USER32.dll!SetWinEventHook                 0000000075c2ee09 5 bytes JMP 00000001002401f8
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                  0000000075c33982 5 bytes JMP 00000001002403fc
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW               0000000075c37603 5 bytes JMP 0000000100240804
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA               0000000075c3835c 5 bytes JMP 0000000100240600
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx             0000000075c4f52b 5 bytes JMP 0000000100240a08
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity       0000000077145181 5 bytes JMP 0000000100251014
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA           0000000077145254 5 bytes JMP 0000000100250804
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW           00000000771453d5 3 bytes JMP 0000000100250a08
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW + 4       00000000771453d9 1 byte [89]
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A          00000000771454c2 5 bytes JMP 0000000100250c0c
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W          00000000771455e2 5 bytes JMP 0000000100250e10
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                 000000007714567c 5 bytes JMP 00000001002501f8
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                 000000007714589f 5 bytes JMP 00000001002503fc
.text  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3320] C:\Windows\SysWOW64\sechost.dll!DeleteService                  0000000077145a22 5 bytes JMP 0000000100250600
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory         0000000077adfaa0 5 bytes JMP 0000000100030600
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory             0000000077adfb38 5 bytes JMP 0000000100030804
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess              0000000077adfc90 5 bytes JMP 0000000100030c0c
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory          0000000077ae0018 5 bytes JMP 0000000100030a08
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread              0000000077ae1900 5 bytes JMP 0000000100030e10
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                      0000000077afc45a 5 bytes JMP 00000001000301f8
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                    0000000077b01217 5 bytes JMP 00000001000303fc
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112         00000000757aa30a 1 byte [62]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\syswow64\USER32.dll!SetWinEventHook                0000000075c2ee09 5 bytes JMP 00000001000901f8
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                 0000000075c33982 5 bytes JMP 00000001000903fc
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW              0000000075c37603 5 bytes JMP 0000000100090804
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA              0000000075c3835c 5 bytes JMP 0000000100090600
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx            0000000075c4f52b 5 bytes JMP 0000000100090a08
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity      0000000077145181 5 bytes JMP 00000001000a1014
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA          0000000077145254 5 bytes JMP 00000001000a0804
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW          00000000771453d5 5 bytes JMP 00000001000a0a08
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A         00000000771454c2 5 bytes JMP 00000001000a0c0c
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W         00000000771455e2 5 bytes JMP 00000001000a0e10
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                000000007714567c 5 bytes JMP 00000001000a01f8
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                000000007714589f 5 bytes JMP 00000001000a03fc
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3344] C:\Windows\SysWOW64\sechost.dll!DeleteService                 0000000077145a22 5 bytes JMP 00000001000a0600
.text  C:\Program Files\AVAST Software\Avast\AvastUI.exe[3572] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                               00000000757aa30a 1 byte [62]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                0000000077adfaa0 5 bytes JMP 0000000100030600
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                    0000000077adfb38 5 bytes JMP 0000000100030804
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                     0000000077adfc90 5 bytes JMP 0000000100030c0c
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                 0000000077ae0018 5 bytes JMP 0000000100030a08
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                     0000000077ae1900 5 bytes JMP 0000000100030e10
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                             0000000077afc45a 5 bytes JMP 00000001000301f8
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                           0000000077b01217 5 bytes JMP 00000001000303fc
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                00000000757aa30a 1 byte [62]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity             0000000077145181 5 bytes JMP 00000001001e1014
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                 0000000077145254 5 bytes JMP 00000001001e0804
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                 00000000771453d5 5 bytes JMP 00000001001e0a08
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                00000000771454c2 5 bytes JMP 00000001001e0c0c
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                00000000771455e2 5 bytes JMP 00000001001e0e10
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                       000000007714567c 5 bytes JMP 00000001001e01f8
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                       000000007714589f 5 bytes JMP 00000001001e03fc
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\SysWOW64\sechost.dll!DeleteService                        0000000077145a22 5 bytes JMP 00000001001e0600
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\USER32.dll!SetWinEventHook                       0000000075c2ee09 5 bytes JMP 00000001002701f8
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                        0000000075c33982 5 bytes JMP 00000001002703fc
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                     0000000075c37603 5 bytes JMP 0000000100270804
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                     0000000075c3835c 5 bytes JMP 0000000100270600
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3712] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                   0000000075c4f52b 5 bytes JMP 0000000100270a08
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                0000000077adfaa0 5 bytes JMP 0000000100030600
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                    0000000077adfb38 5 bytes JMP 0000000100030804
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                     0000000077adfc90 5 bytes JMP 0000000100030c0c
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                 0000000077ae0018 5 bytes JMP 0000000100030a08
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                     0000000077ae1900 5 bytes JMP 0000000100030e10
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                             0000000077afc45a 5 bytes JMP 00000001000301f8
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                           0000000077b01217 5 bytes JMP 00000001000303fc
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                00000000757aa30a 1 byte [62]
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity             0000000077145181 5 bytes JMP 0000000100101014
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                 0000000077145254 5 bytes JMP 0000000100100804
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                 00000000771453d5 5 bytes JMP 0000000100100a08
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                00000000771454c2 5 bytes JMP 0000000100100c0c
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                00000000771455e2 5 bytes JMP 0000000100100e10
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                       000000007714567c 5 bytes JMP 00000001001001f8
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                       000000007714589f 5 bytes JMP 00000001001003fc
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\SysWOW64\sechost.dll!DeleteService                        0000000077145a22 5 bytes JMP 0000000100100600
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\syswow64\USER32.dll!SetWinEventHook                       0000000075c2ee09 5 bytes JMP 00000001001101f8
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                        0000000075c33982 5 bytes JMP 00000001001103fc
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                     0000000075c37603 5 bytes JMP 0000000100110804
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                     0000000075c3835c 5 bytes JMP 0000000100110600
.text  C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe[3804] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                   0000000075c4f52b 5 bytes JMP 0000000100110a08
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe[3888] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity   000007feff896e00 5 bytes JMP 000007ff7f8b1dac
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe[3888] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA       000007feff896f2c 5 bytes JMP 000007ff7f8b0ecc
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe[3888] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW       000007feff897220 5 bytes JMP 000007ff7f8b1284
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe[3888] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A      000007feff89739c 5 bytes JMP 000007ff7f8b163c
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe[3888] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W      000007feff897538 5 bytes JMP 000007ff7f8b19f4
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe[3888] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA             000007feff8975e8 5 bytes JMP 000007ff7f8b03a4
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe[3888] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW             000007feff89790c 5 bytes JMP 000007ff7f8b075c
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe[3888] C:\Windows\SYSTEM32\sechost.dll!DeleteService              000007feff897ab4 5 bytes JMP 000007ff7f8b0b14
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory     0000000077adfaa0 5 bytes JMP 0000000100030600
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory         0000000077adfb38 5 bytes JMP 0000000100030804
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess          0000000077adfc90 5 bytes JMP 0000000100030c0c
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory      0000000077ae0018 5 bytes JMP 0000000100030a08
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread          0000000077ae1900 5 bytes JMP 0000000100030e10
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                  0000000077afc45a 5 bytes JMP 00000001000301f8
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                0000000077b01217 5 bytes JMP 00000001000303fc
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112     00000000757aa30a 1 byte [62]
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity  0000000077145181 5 bytes JMP 0000000100141014
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA      0000000077145254 5 bytes JMP 0000000100140804
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW      00000000771453d5 5 bytes JMP 0000000100140a08
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A     00000000771454c2 5 bytes JMP 0000000100140c0c
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W     00000000771455e2 5 bytes JMP 0000000100140e10
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\SysWOW64\sechost.dll!CreateServiceA            000000007714567c 5 bytes JMP 00000001001401f8
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\SysWOW64\sechost.dll!CreateServiceW            000000007714589f 5 bytes JMP 00000001001403fc
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\SysWOW64\sechost.dll!DeleteService             0000000077145a22 5 bytes JMP 0000000100140600
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\syswow64\USER32.dll!SetWinEventHook            0000000075c2ee09 5 bytes JMP 00000001001501f8
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\syswow64\USER32.dll!UnhookWinEvent             0000000075c33982 5 bytes JMP 00000001001503fc
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW          0000000075c37603 5 bytes JMP 0000000100150804
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA          0000000075c3835c 5 bytes JMP 0000000100150600
.text  C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[2872] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx        0000000075c4f52b 5 bytes JMP 0000000100150a08
.text  C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                            0000000077903ae0 5 bytes JMP 00000001002a075c
.text  C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                              0000000077907a90 5 bytes JMP 00000001002a03a4
.text  C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                 0000000077931490 5 bytes JMP 00000001002a0b14
.text  C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                     00000000779314f0 5 bytes JMP 00000001002a0ecc
.text  C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      00000000779315d0 5 bytes JMP 00000001002a163c
.text  C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                  0000000077931810 5 bytes JMP 00000001002a1284
.text  C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      0000000077932840 5 bytes JMP 00000001002a19f4
.text  C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                              000007feff896e00 5 bytes JMP 000007ff7f8b1dac
.text  C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                  000007feff896f2c 5 bytes JMP 000007ff7f8b0ecc
.text  C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                  000007feff897220 5 bytes JMP 000007ff7f8b1284
.text  C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                 000007feff89739c 5 bytes JMP 000007ff7f8b163c
.text  C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                 000007feff897538 5 bytes JMP 000007ff7f8b19f4
.text  C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                        000007feff8975e8 5 bytes JMP 000007ff7f8b03a4
.text  C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                        000007feff89790c 5 bytes JMP 000007ff7f8b075c
.text  C:\Windows\System32\svchost.exe[2672] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                         000007feff897ab4 5 bytes JMP 000007ff7f8b0b14
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory     0000000077adfaa0 5 bytes JMP 0000000100030600
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory         0000000077adfb38 5 bytes JMP 0000000100030804
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess          0000000077adfc90 5 bytes JMP 0000000100030c0c
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory      0000000077ae0018 5 bytes JMP 0000000100030a08
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread          0000000077ae1900 5 bytes JMP 0000000100030e10
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                  0000000077afc45a 5 bytes JMP 00000001000301f8
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                0000000077b01217 5 bytes JMP 00000001000303fc
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112     00000000757aa30a 1 byte [62]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity  0000000077145181 5 bytes JMP 0000000100191014
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA      0000000077145254 5 bytes JMP 0000000100190804
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW      00000000771453d5 5 bytes JMP 0000000100190a08
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A     00000000771454c2 5 bytes JMP 0000000100190c0c
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W     00000000771455e2 5 bytes JMP 0000000100190e10
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\SysWOW64\sechost.dll!CreateServiceA            000000007714567c 5 bytes JMP 00000001001901f8
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\SysWOW64\sechost.dll!CreateServiceW            000000007714589f 5 bytes JMP 00000001001903fc
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\SysWOW64\sechost.dll!DeleteService             0000000077145a22 5 bytes JMP 0000000100190600
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\syswow64\USER32.dll!SetWinEventHook            0000000075c2ee09 5 bytes JMP 00000001001a01f8
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\syswow64\USER32.dll!UnhookWinEvent             0000000075c33982 5 bytes JMP 00000001001a03fc
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW          0000000075c37603 5 bytes JMP 00000001001a0804
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA          0000000075c3835c 5 bytes JMP 00000001001a0600
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3500] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx        0000000075c4f52b 5 bytes JMP 00000001001a0a08
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory                                                  0000000077adfaa0 5 bytes JMP 0000000100030600
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory                                                      0000000077adfb38 5 bytes JMP 0000000100030804
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                       0000000077adfc90 5 bytes JMP 0000000100030c0c
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                   0000000077ae0018 5 bytes JMP 0000000100030a08
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                       0000000077ae1900 5 bytes JMP 0000000100030e10
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                               0000000077afc45a 5 bytes JMP 00000001000301f8
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                             0000000077b01217 5 bytes JMP 00000001000303fc
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                  00000000757aa30a 1 byte [62]
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                         0000000075c2ee09 5 bytes JMP 00000001001401f8
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\syswow64\USER32.dll!UnhookWinEvent                                                          0000000075c33982 5 bytes JMP 00000001001403fc
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                       0000000075c37603 5 bytes JMP 0000000100140804
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                       0000000075c3835c 5 bytes JMP 0000000100140600
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                     0000000075c4f52b 5 bytes JMP 0000000100140a08
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity                                               0000000077145181 5 bytes JMP 0000000100151014
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA                                                   0000000077145254 5 bytes JMP 0000000100150804
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW                                                   00000000771453d5 5 bytes JMP 0000000100150a08
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A                                                  00000000771454c2 5 bytes JMP 0000000100150c0c
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W                                                  00000000771455e2 5 bytes JMP 0000000100150e10
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\SysWOW64\sechost.dll!CreateServiceA                                                         000000007714567c 5 bytes JMP 00000001001501f8
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\SysWOW64\sechost.dll!CreateServiceW                                                         000000007714589f 5 bytes JMP 00000001001503fc
.text  C:\Windows\SysWOW64\ctfmon.exe[4740] C:\Windows\SysWOW64\sechost.dll!DeleteService                                                          0000000077145a22 5 bytes JMP 0000000100150600
.text  C:\Windows\system32\wbem\wmiprvse.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                      0000000077903ae0 5 bytes JMP 000000010046075c
.text  C:\Windows\system32\wbem\wmiprvse.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll                                                        0000000077907a90 5 bytes JMP 00000001004603a4
.text  C:\Windows\system32\wbem\wmiprvse.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                           0000000077931490 5 bytes JMP 0000000100460b14
.text  C:\Windows\system32\wbem\wmiprvse.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                               00000000779314f0 5 bytes JMP 0000000100460ecc
.text  C:\Windows\system32\wbem\wmiprvse.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                00000000779315d0 5 bytes JMP 000000010046163c
.text  C:\Windows\system32\wbem\wmiprvse.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                            0000000077931810 5 bytes JMP 0000000100461284
.text  C:\Windows\system32\wbem\wmiprvse.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                0000000077932840 5 bytes JMP 00000001004619f4
.text  C:\Windows\system32\wbem\wmiprvse.exe[4464] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                        000007feff896e00 5 bytes JMP 000007ff7f8b1dac
.text  C:\Windows\system32\wbem\wmiprvse.exe[4464] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA                                            000007feff896f2c 5 bytes JMP 000007ff7f8b0ecc
.text  C:\Windows\system32\wbem\wmiprvse.exe[4464] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW                                            000007feff897220 5 bytes JMP 000007ff7f8b1284
.text  C:\Windows\system32\wbem\wmiprvse.exe[4464] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                           000007feff89739c 5 bytes JMP 000007ff7f8b163c
.text  C:\Windows\system32\wbem\wmiprvse.exe[4464] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                           000007feff897538 5 bytes JMP 000007ff7f8b19f4
.text  C:\Windows\system32\wbem\wmiprvse.exe[4464] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA                                                  000007feff8975e8 5 bytes JMP 000007ff7f8b03a4
.text  C:\Windows\system32\wbem\wmiprvse.exe[4464] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW                                                  000007feff89790c 5 bytes JMP 000007ff7f8b075c
.text  C:\Windows\system32\wbem\wmiprvse.exe[4464] C:\Windows\SYSTEM32\sechost.dll!DeleteService                                                   000007feff897ab4 5 bytes JMP 000007ff7f8b0b14
.text  C:\Windows\system32\AUDIODG.EXE[4380] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007781eecd 1 byte [62]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                          000000007781eecd 1 byte [62]
.text  C:\Users\Username\Desktop\cm4khe5u.exe[4876] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                    00000000757aa30a 1 byte [62]

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                                                                        2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                                                                       2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                                                                1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                                                                 aswFsBlk
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                                                                       FSFilter Activity Monitor
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                                                             FltMgr?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                                                                 avast! mini-filter driver (aswFsBlk)
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                                                         2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                                                                   aswFsBlk Instance
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                                                                 
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                        388400
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                           0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                                                             
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                                                                       2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                                                                      2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                                                               1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                                                                  \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                                                                aswMonFlt
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                                                                      FSFilter Anti-Virus
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                                                            FltMgr?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                                                                avast! mini-filter driver (aswMonFlt)
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                                                                  
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                                                                  aswMonFlt Instance
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                      320700
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                         0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                                                            
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                                                                     \SystemRoot\System32\Drivers\aswrdr2.sys
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                                                          1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                                                         1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                                                                  1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                                                                   aswRdr
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                                                         PNP_TDI
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                                                               tcpip?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                                                                   avast! WFP Redirect driver
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                                                                    
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                 
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                 nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                                                         1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                                                                        0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                                                                 1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                                                                  aswRvrt
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                                                                  avast! Revert
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                                                                       146
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                                                                       1579439
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                                                                        \Device\Harddisk0\Partition2\Windows
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                                                                  1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                                                              
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                                                          2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                                                         1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                                                                  1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                                                                   aswSnx
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                                                         FSFilter Virtualization
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                                                               FltMgr?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                                                                   avast! virtualization driver (aswSnx)
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                                                           2
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                                                                     aswSnx Instance
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                                                            137600
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                                                               0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                                                                    
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                                                                      \DosDevices\C:\Program Files\AVAST Software\Avast
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                                                         \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                                                           1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                                                          1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                                                                   1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                                                                    aswSP
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                                                                    avast! Self Protection
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                                                         1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                                                                       \DosDevices\C:\Program Files\AVAST Software\Avast
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                                                          \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                                                                  \DosDevices\C:\Program Files
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen                                                                     1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                                                                
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                                                          1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                                                         1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                                                                  1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                                                                   avast! Network Shield Support
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                                                         PNP_TDI
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                                                               tcpip?
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                                                                   avast! Network Shield TDI driver
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                                                           9
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                                                          1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                                                         0
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                                                                  1
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                                                                   aswVmm
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                                                                   avast! VM Monitor
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                                                                    
Reg    HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                                                                32
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                                                               2
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                                                                        1
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                                                           "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                                                         avast! Antivirus
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                                                               ShellSvcGroup
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                                                                     aswMonFlt?RpcSS?
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                                                               1
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                                                          LocalSystem
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                                                                      1
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                                                         Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg    HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                                                                     
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                                                            2
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                                                           2
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                                                                    1
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                                                                     aswFsBlk
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                                                           FSFilter Activity Monitor
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                                                                 FltMgr?
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                                                                     avast! mini-filter driver (aswFsBlk)
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                                                             2
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                                                               
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                                                                       aswFsBlk Instance
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)                                             
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                            388400
Reg    HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                               0
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                                                           2
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                                                          2
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                                                                   1
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                                                                      \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                                                                    aswMonFlt
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                                                          FSFilter Anti-Virus
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                                                                FltMgr?
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                                                                    avast! mini-filter driver (aswMonFlt)
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                                                              
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                                                                      aswMonFlt Instance
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)                                           
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                          320700
Reg    HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                             0
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                                                         \SystemRoot\System32\Drivers\aswrdr2.sys
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                                                              1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                                                             1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                                                                      1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                                                                       aswRdr
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                                                             PNP_TDI
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                                                                   tcpip?
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                                                                       avast! WFP Redirect driver
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                                                                
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                     
Reg    HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                     nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                                                             1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                                                            0
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                                                                     1
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                                                                      aswRvrt
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                                                                      avast! Revert
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                                                               
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                                                           146
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                                                           1579439
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                                                            \Device\Harddisk0\Partition2\Windows
Reg    HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                                                                      1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                                                              2
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                                                             1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                                                                      1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                                                                       aswSnx
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                                                             FSFilter Virtualization
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                                                                   FltMgr?
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                                                                       avast! virtualization driver (aswSnx)
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                                                               2
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                                                                 
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                                                         aswSnx Instance
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)                                                 
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                137600
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                                                                   0
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                                                                
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                                                          \DosDevices\C:\Program Files\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                                                             \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                                                               1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                                                              1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                                                                       1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                                                                        aswSP
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                                                                        avast! Self Protection
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                                                                 
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                                                             1
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                                                           \DosDevices\C:\Program Files\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                                                              \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                                                                      \DosDevices\C:\Program Files
Reg    HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen                                                                         1
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                                                              1
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                                                             1
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                                                                      1
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                                                                       avast! Network Shield Support
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                                                             PNP_TDI
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                                                                   tcpip?
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                                                                       avast! Network Shield TDI driver
Reg    HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                                                               9
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                                                              1
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                                                             0
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                                                                      1
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                                                                       aswVmm
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                                                                       avast! VM Monitor
Reg    HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                                                                
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                                                                    32
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                                                                   2
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                                                            1
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                                                               "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                                                             avast! Antivirus
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                                                                   ShellSvcGroup
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                                                         aswMonFlt?RpcSS?
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                                                                   1
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                                                              LocalSystem
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                                                          1
Reg    HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                                                             Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.

---- EOF - GMER 2.1 ----
--- --- ---


Habe das Log von Malwarebytes vergessen, tschuldigung.

Das erste Logfile von FRST habe ich auf der ssd nicht mehr wiederherstellen können, gibt es die Möglichkeit FRST dazu zu bringen dieses wieder zu generieren ?

Ergänzend:
Wichtig wäre für mich, ob etwas auf meinem System ist das Passwörter abgreifen könnte, falls man das überhaupt sagen kann. Habe mich seitdem nirgends mehr eingeloggt, bis auf diese Seite natürlich

LG,
Rentner2037

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Username :: Username [Administrator]

02.09.2013 00:45:51
mbam-log-2013-09-02 (00-45-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 240342
Laufzeit: 1 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0S1S1T0E1J1L1H1R -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Installer\25d9b7.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
__________________
Alt 09.09.2013, 01:10   #3
Rentner2037
 
Firefox/NoScript meldet Clickjacking-Attacke/Versuch einer UI-Umadressierung auf Lego.de - Standard

Firefox/NoScript meldet Clickjacking-Attacke/Versuch einer UI-Umadressierung auf Lego.de


Der Beitrag hat sich erledigt, da ich eine Neuinstallation gemacht habe.

Hier gehts weiter:

http://www.trojaner-board.de/141215-...ml#post1150785
.
__________________
Antwort

Themen zu Firefox/NoScript meldet Clickjacking-Attacke/Versuch einer UI-Umadressierung auf Lego.de
adblock, arbeitet, browser, button, einstellungen, farbar, farbar recovery scan tool, festgestellt, firefox, free, logfile, malwarebytes, meldung, nicht mehr, plug-in, probleme, programm, pup.optional.browsefox.a, pup.optional.installcore.a, pup.optional.sweetim, safer networking, seite, software, spybot, system, warnung, windows, windows 7


« Bundespolizei-Trojaner, Werbung und Abstürze - was kann ich tun?? | %programfiles%\savebyclick\sprotector.dll - Wie kann ich das entfernen? »


Ähnliche Themen: Firefox/NoScript meldet Clickjacking-Attacke/Versuch einer UI-Umadressierung auf Lego.de


  1. NoScript in Firefox meldet clickjacking Angriff auf Offizieller Blizzard Seite FRST wird als Virus erkannt von Avira
    Plagegeister aller Art und deren Bekämpfung - 08.08.2015 (3)
  2. NoScript meldet im Firefox möglichen XXS-Versuch auf eBay
    Plagegeister aller Art und deren Bekämpfung - 11.04.2015 (11)
  3. Lufthansa-Kunden Opfer einer Cyber-Attacke
    Nachrichten - 10.04.2015 (0)
  4. Nach Neuinstallation: Bei Firefox start öffnen sich immer WOT und Noscript automatisch
    Antiviren-, Firewall- und andere Schutzprogramme - 20.02.2015 (18)
  5. NOSCRIPT bei Firefox immer noch zu empfehlen? oder nicht nötig!
    Alles rund um Windows - 19.10.2014 (1)
  6. Herzliches Dank an den schrauber für den beispiellosen Einsatz bei der Bereinigung einer Phishing attacke
    Lob, Kritik und Wünsche - 02.06.2014 (0)
  7. NoScript: Potentieller Clickjacking-Angriff!
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (5)
  8. NoScript meldet "potentiellen Clickjacking-Angriff/Versuch einer UI-Umadressierung"
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (7)
  9. Kaspersky meldet sich bei Verwendung von Firefox mit einer Warnung: Trojan.JS.Redirector.xa.
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (25)
  10. Wie soll ich nach einer Trojaner"attacke" (und möglicher Bekämpfung?) vorgehen?
    Plagegeister aller Art und deren Bekämpfung - 13.01.2012 (1)
  11. Wie aus einer Pumpen-Wartung eine Hacker-Attacke wurde
    Nachrichten - 01.12.2011 (0)
  12. Firefox und NoScript; kann keine Seiten mehr erlauben
    Alles rund um Windows - 09.07.2011 (1)
  13. SpyEye auf dem Rechner - Ist der Versuch einer Bereinigung sinnhaft
    Diskussionsforum - 10.04.2011 (11)
  14. Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten
    Plagegeister aller Art und deren Bekämpfung - 04.01.2011 (49)
  15. Firefox mit Anti-Clickjacking-Unterstützung
    Nachrichten - 08.09.2010 (0)
  16. Someboys Versuch einer schnellen Antwort zu provozieren
    Alles rund um Windows - 22.01.2003 (18)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Firefox/NoScript meldet Clickjacking-Attacke/Versuch einer UI-Umadressierung auf Lego.de - Hallo, ich habe vor 3 Tagen von NoScript eine Warnung über einen potentiellen Clickjacking-Angriff bekommen bzw. Versuch einer UI-Umadressierung. Dies tritt bisher nur auf der Lego.de Seite auf, immer wenn - Firefox/NoScript meldet Clickjacking-Attacke/Versuch einer UI-Umadressierung auf Lego.de...
Archiv
Du betrachtest: Firefox/NoScript meldet Clickjacking-Attacke/Versuch einer UI-Umadressierung auf Lego.de auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55